Latest 156-315 Real Exam Download 71-80

Ensurepass

QUESTION 71

Which of the following commands shows full synchronization status?

 

A. cphaproB. i list

B. cphastop

C. fw ctl pstat

D. cphaproB. a if

E. fwhastat

 

Answer: A

 

 

QUESTION 72

In a distributed VPN-1 Pro NGX environment, where is the Internal Certificate Authority (ICA) installed?

 

A. On the Security Gateway

B. Certificate Manager Server

C. On the Policy Server

D. On the Smart View Monitor

E. On the primarySmattCenter Server

 

Answer: E

 

 

QUESTION 73

The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?

clip_image002

A. Internal Gateway VPN Domain = internal_net;

External VPN Domain = external net + external gateway object + internal_net.

B. Internal Gateway VPN Domain = internal_net.

External Gateway VPN Domain = external_net + internal gateway object

C. Internal Gateway VPN Domain = internal_net;

External Gateway VPN Domain = internal_net + external_net

D. Internal Gateway VPN Domain = internal_net.

External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

 

Answer: D

 

 

QUESTION 74

You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network. The Registrar and proxy are installed on host 172.16.100.100. To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet, you have defined the following objects:

Network object: SIP-net: 172.16.100.0/24 SIP-gateway: 172.16.100.100 VoIP Domain object: VolP_domain_A 1 .EnD. point domain: SIP-net 2.VoIP gateway installed at: SIP-gateway host object

How would you configure the rule?

 

A. SIP- G ateway/N et_B/s i p_a ny/a c c e pt

B. VolP_domain_A/Net_B/sip/accept

C. SIP-Gateway/Net_B/sip/accept

D. VolP_domain_A/Net_B/sip_any, and sip/accept

E. VolP_Gateway_MJet_B/sip_any/accept

 

Answer: B

 

 

QUESTION 75

What is the behavior of ClusterXL in a High Availability environment?

 

A. Both members respond to the virtual IP address, and both members pass traffic when using their physical addresses.

B. Both members respond to the virtual IP address, but only the active member is able to pass traffic.

C. The active member responds to the virtual IP address.nd both members pass traffic when using their physical addresses.

D. The active member responds to the virtual IP address.nd is the only member that passes traffic

E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses.

 

Answer: D

 

 

QUESTION 76

Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?

 

A. Guarantees

B. Low Latency Queuing

C. Differentiated Services

D. Weighted Fair Queuing

E. Limits

 

Answer: C

 

 

QUESTION 77

You plan to incorporate OPSEC servers, such as Websense and Trend Micro, to do content filtering. Which segment is the BEST location for these OPSEC servers, when you consider Security Server performance and data security?

 

A. On the Security Gateway

B. Internal network, where users are located

C. On the Internet

D. DMZ network, where application servers are located

E. Dedicated segment of the network

 

Answer: E

 

 

QUESTION 78

How can you completely tear down a specific VPN tunnel in an intranet IKE VPN deployment?

 

A. Run the commandvpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.

B. Run the commandvpn tu on the SmartCenter Server, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.

C. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for a given peer (GW)”.

D. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for a given user (Client)”.

E. Run the commandvpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for ALL peers and users”.

 

Answer: C

 

 

QUESTION 79

The following rule contains an FTP resource object in the Service field:

Source: local_net Destination: Any Service: FTP-resource object Action: Accept

How do you define the FTP Resource Properties > Match tab to prevent internal users from receiving corporate files from external FTP servers, while allowing users to send files?

 

A. Enable “Put” and “Get” methods.

B. Disable the “Put” method globally.

C. Enable the “Put” method only on the Match tab.

D. Enable the “Get” method on the Match tab.

E. Disable “Get” and “Put” methods on the Match tab.

 

Answer: C

 

 

QUESTION 80

The following rule contains an FTP resource object in the Service field:

Source: local_net Destination: Any Service: FTP-resource object Action: Accept

How do you define the FTP Resource Properties > Match tab to prevent internal users fromsending corporate files to external FTP servers, while allowing users to retrieve files?

 

A. Enable the “Get” method on the match tab

B. Disable “Get” and “Put” methods on the Match tab.

C. Enable the “Put” and “Get” methods.

D. Enable the “Put” method only on the match tab.

E. Disable the “Put” method globally.

 

Answer: A

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.