Latest 156-315 Real Exam Download 61-70

Ensurepass

QUESTION 61

You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40, and the Default Rule with a weight of 10. If the only traffic passing through your QoS Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?

 

A. 10%

B. 100%

C. 40%

D. 80%

E. 50%

 

Answer: B

 

 

QUESTION 62

Which of the following actions is most likely to improve the performance of Check Point QoS?

 

A. Turn “per rule guarantees” into “per connection guarantees”.

B. Install CheckpointQoS only on the external interfaces of the QoS Module.

C. Put the most frequently used rules at the bottom of the QoS Rule Base.

D. Turn “per rule limits” into “per connection limits”.

E. Define weights in the Default Rule in multiples of 10.

 

Answer: B

 

 

QUESTION 63

Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company’s file server, on \eriscogoldenapplefilespublic. Robert receives reports that users are unable to access the shared partition, unless they use the file server’s IP address. Which of the following is a possible cause?

 

A. Mapped shares do not allow administrative locks.

B. The CIFS resource is not configured to use Windows name resolution.

C. Access violations are not logged.

D. Remote registry access is blocked.

E. Null CIFS sessions are blocked.

 

Answer: B

 

 

QUESTION 64

What is the consequence of clearing the “Log VoIP Connection” box in Global Properties?

 

A. Dropped VoIP traffic is logged, but accepted VoIP traffic is not logged.

B. VoIP protocol-specific log fields are not included inSmartView Tracker entries.

C. The log field setting in rules for VoIP protocols are ignored.

D. IP addresses are used, instead of object names, in log entries that reference VoIP Domain objects.

E. The SmartCenter Server stops importing logs from VoIP servers.

 

Answer: B

 

 

QUESTION 65

Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX routE. based VPN feature, without stopping the VPN. What is the correct order of steps?

 

A. 1. Add a new interface on each Gateway.

2. Remove the newly added network from the current VPN Domain for each Gateway.

3. Create VTIs on each Gateway, to point to the other two peers

4. Enable advanced routing on all three Gateways.

B. 1. Add a hew interface on each Gateway.

2. Remove the newly added network from the current VPN Domain in each gateway object.

3. Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers.

4. Add static routes on three Gateways, to route the new network to each peer’s VTI interface.

C. 1. Add a new interface on each Gateway.

2. Add the newly added network into the existing VPN Domain for each Gateway.

3. Create VTIs on each gateway object, to point to the other two peers.

4. Enable advanced routing on all three Gateways.

D. 1. Add a new interface on each Gateway.

2. Add the newly added network into the existing VPN Domain for each gateway object.

3. Create VTIs on each gateway object, to point to the other two peers.

4. Add static routes on three Gateways, to route the new networks to each peer’s VTI interface.

 

Answer: B

 

 

QUESTION 66

VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. Which of the following services is provided by a CIFS resource?

 

A. Allow Unixfile sharing.

B. Allow MS print shares

C. Logging Mapped Shares

D. Access Violation logging.

 

Answer: C

 

 

QUESTION 67

Your company has two headquarters, one in London, one in New York. Each headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:

 

A. two star and one mesh Community; each star Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters

B. three mesh Communities: one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.

C. twomesh Communities, one for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York is the satellite.

D. twomesh Communities, one for each headquarters and their branch offices; and one star Community, where New York is the center of the Community and London is the satellite.

 

Answer: A

 

 

QUESTION 68

You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?

 

A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed

B. An object to represent the PSTN phone network, AND an object to represent the IP phone network

C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed

D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host

E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed

 

Answer: C

 

 

QUESTION 69

Yoav is a Security Administrator preparing to implement a VPN solution for his multi-site organization. To comply with industry regulations, Yoav’s VPN solution must meet the following requirements:

Portability: Standard Key management: Automatic, external PKI Session keys: Changed at configured times during a connection’s lifetime Key length: No less than 128-bit Data integrity: Secure against inversion and brutE. force attacks

What is the most appropriate setting Yoav should choose?

 

A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash

B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash

C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash

D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash

E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash

 

Answer: D

 

 

QUESTION 70

Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access, after the next Phase 2 exchange occurs?

 

A. Phase 3 KeyRevocation

B. Perfect Forward Secrecy

C. MD5 Hash Completion

D. SHA1 Hash Completion

E. DES Key Reset

 

Answer: B

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.