Latest 156-315 Real Exam Download 81-90

Ensurepass

QUESTION 81

You have an internal FTP server, and you allow uploading, but not downloading. Assume Network Address Translation (NAT) is set up correctly and you want to add an inbound rule with:

Source: Any Destination: FTP server Service: an FTP resource object.

How do you configure the FTP resource object and the action column in the rule to achieve this goal?

 

A. Disable “Get” and “Put” methods in the FTP Resource Properties and use them in the rule, with action accept.

B. Enable both “Put” and “Get” methods in the FTP Resource Properties and use them in the rule, with action drop.

C. Enable only the “Get” method in the FTP Resource Properties and use this method in the rule, with action accept.

D. Enable only the “Put” method in the FTP Resource Properties and use this method in the rule, with action drop.

E. Enable only “Put” method in the FTP Resource Properties and use this method in the rule, with action accept.

 

Answer: E

 

 

QUESTION 82

In a distributed VPN-1 Pro NGX environment, where is the Internal Certificate Authority (ICA) installed?

 

A. On the Security Gateway

B. Certificate Manager Server

C. On the Policy Server

D. On the Smart View Monitor

E. On the primarySmattCenter Server

 

Answer: E

 

 

QUESTION 83

VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?

 

A. H.323

B. SIP

C. MEGACO

D. SCCP

E. MGCP

 

Answer: C

 

 

QUESTION 84

Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?

 

A. Global Properties

B. QoS Class objects

C. Check Point gateway object properties

D. $CPDIR/conf/qos_props.pf

E. Advanced Action options in eachQoS rule

 

Answer: A

 

 

QUESTION 85

Cody is notified by blacklist.org that his site has been reported as a spam relay, due to his SMTP Server being unprotected. Cody decides to implement an SMTP Security Server, to prevent the server from being a spam relay. Which of the following is the most efficient configuration method?

 

A. Configure the SMTP Security Server to perform MX resolving.

B. Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.

C. Configure the SMTP Security Server to work with an OPSEC based product, for content checking.

D. Configure the SMTP Security Server to apply a generic “from” address to all outgoing mail.

E. Configure the SMTP Security Server to allow only mail to or from names, within Cody’s corporate domain.

 

Answer: E

 

 

QUESTION 86

You want to upgrade a SecurePlatform NG with Application Intelligence (Al) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?

 

A. SVN Foundation and VPN-1 Express/Pro

B. VPN-1 and Firewall-1

C. SecurePlatform NGX R60

D. SVN Foundation 3 E. VPN-1 Pro/Express NGXR60

 

Answer: C

 

 

QUESTION 87

You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional connections are allowed in the Action properties. If traffic passing through the QoS Module matches both rules, which of the following statements is true?

 

A. Neither rule will be allocated more than 10% of available bandwidth.

B. The H.323 rule will consume no more than 2048 Kbps of available bandwidth.

C. 50% of available bandwidth will be allocated to the H.323 rule.

D. 50% of available bandwidth will be allocated to the Default Rule.

E. Each H.323 connection will receive at least 512 Kbps of bandwidth.

 

Answer: B

 

 

QUESTION 88

Your current stanD. alone VPN-1 NG with Application Intelligence (Al) R55 installation is running on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the VPN-1 Pro Gateway. An additional machine will serve as the SmartCenter Server. The new machine runs on a Windows Server 2003. You need to upgrade the NG with Al R55 SmartCenter Server configuration to VPN-1 NGX. How do you upgrade to VPN-1 NGX?

 

A. Insert the NGX CD in the existingNGwithAI R55 SecurePlatform machine, and answer yes to backup the configuration. Copy the backup file to the Windows Server 2003. Continue the upgrade process. Reboot after upgrade is finished. After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the sysconfig process. Reboot again. Use the NGX CD to install the primary SmartCenter on the Windows Server 2003. Import the backup file.

B. Run the backup command in the existingSecurePlatform machine, to create a backup file. Copy the file to the Windows Server 2003. Uninstall all Check Point products on SecurePlatform by running rpm CPsuitE. R55 command. Reboot. Install new VPN-1 NGX on the existing SecurePlatform machine. Run sysconfig, select VPN-1 Pro Gateway, and reboot. Use VPN-1 NGX CD to install primary SmartCenter Server on the Windows Server 2003. Import the backup file.

C. Copy the $FWDIRconf and $FWDIRlib files from the existing SecurePlatform machine. Create a tar.gzfile, and copy it to the Windows Server 2003. Use VPN-1 NGX CD on the existing SecurePlatform machine to do a new installation. Reboot. Run sysconfig and select VPN-1 Pro Gateway. Reboot. Use the NGX CD to install the primary SmartCenter Server on the Windows Server 2003. On the Windows Server 2003, run upgradejmport command to import $FWDIRconf 40 and $FWDIRlib from the SecurePlatform machine.

D. Run backup command on the existing SecurePlatform machine to create a backup file. Copy the file to the Windows Server 2003. Uninstall the primary SmartCenter Server package from NG with Al R55 SecurePlatform using sysconfig. Reboot. Install the NGX primary SmartCenter Server and import the backup file. Open the NGX SmartUpdate, and select “upgrade all packages” on the NG with Al R55 Security Gateway.

 

Answer: A

 

 

QUESTION 89

If you check the box “Use Aggressive Mode”, in the IKE Properties dialog box:

 

A. The standardthreE. packet IKE Phase 1 exchange is replaced by a six-packet exchange.

B. The standard six-packet IKE Phase 2 exchange is replaced by athreE. packet exchange.

C. The standard threE. packet IKE Phase 2 exchange is replaced by a six-packet exchange.

D. The standard six-packet IKE Phase 1 exchange is replaced by a threE. packet exchange.

E. The standard six-packet IKE Phase 1 exchange is replaced by atwelvE. packet exchange.

 

Answer: D

 

 

QUESTION 90

DShield is a Check Point feature used to block which of the following threats?

 

A. Cross Site Scripting

B. SQL injection

C. DDOS

D. Buffer overflows

E. Trojan horses

 

Answer: C

 

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.