Latest Cisco 642-825 certifications -examsoon

Free 156-215.65 Demo Download

Examsoon offers free demo for CheckPoint 156-215.65 exam (Check Point Security Administration I NGX). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-215.65 PDF exam Trainning Materials

1. You are installing a SmartCenter server. Your security plan calls for three administrators for this particular server. How many can you create during installation?
A. As many as you want
B. Depends on the license installed on the SmartCenter Server
C. Only one with full access and one with read-only access
D. Only one
Answer: D

2. Of the three mechanisms Check Point uses for controlling traffic, which enables firewalls to incorporate layer 4 awareness in packet inspection?
A. Stateful Inspection
B. SmartDefense
C. Application Intelligence
D. Packet filtering
Answer: A

3. The customer has a small Check Point installation which includes one Linux Enterprise 3.0 server working as SmartConsole and a second server running Windows 2003 working as both SmartCenter server and the Security Gateway. This is an example of:
A. Hybrid Installation
B. Stand-Alone Installation
C. Distributed Installation
D. Unsupported configuration
Answer: D

4. When troubleshooting the behavior of Check Point Stateful Inspection, it is important to consider "inbound" vs "outbound" packet inspection from the point of view of the __________.
A. Logical Topology
B. Administrator
C. Security Gateway
D. Internet
Answer: C

5. MegaCorp’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. You must request a central license:
A. Using your SmartCenter Server’s IP address, attach the license to the remote Gateway via SmartUpdate.
B. Using the remote Gateway’s IP address, attach the license to the remote Gateway via SmartUpdate.
C. Using each of the Gateways’ IP addresses, apply the licenses on the SmartCenter Server with the cprlic put command.
D. Using the remote Gateway’s IP address, apply the license locally with the cplic put command.
Answer: A

6. Some control operations and user interactions are difficult or impossible to execute at the kernel level. The _________ component provides a mechanism for such operations.
A. encryption
B. daemon
C. management
D. security
Answer: B

7. Which SmartConsole component can Administrators use to track remote administrative activities?
A. The WebUI
B. SmartView Monitor
C. Eventia Reporter
D. SmartView Tracker
Answer: D

8. The customer has a small Check Point installation which includes one Window 2003 server working as SmartConsole and a second server running SPLAT working as both SmartCenter server and the Security Gateway. This is an example of:
A. Distributed Installation
B. Unsupported configuration
C. Stand-Alone Installation
D. Hybrid Installation
Answer: C

9. It is required to completely reboot the OS after which of the following changes are made on the Security Gateway?
i.e. cprestart command is not sufficient
1. Adding a hot-swappable NIC to the OS for the first time.
2. Uninstalling the VPN-1 Power/UTM package.
3. Installing the VPN-1 Power/UTM package.
4. Re-establishing SIC to the SmartCenter Server.
5. Doubling the maximum number of connections accepted by the Security Gateway
A. 1, 2, 3 only
B. 3 only
C. 3, 4, and 5 only
D. 1, 2, 3, 4, and 5
Answer: A

10. Which of the following statements about Bridge mode are TRUE?
A. Assuming a new installation, bridge mode requires changing the existing IP routing of the network.
B. All ClusterXL modes are supported.
C. When managing a Security Gateway in Bridge mode, it is possible to use a bridge interface for Network Address Translation.
D. A bridge must be configured with a pair of interfaces.
Answer: D

11. In a "Stand-Alone Installation" the functionality of the SmartCenter Server would be installed together with which other Check Point architecture component?
A. SecureClient
B. SmartConsole
C. Security Gateway
D. None, SmartCenter Server would be installed by itself
Answer: C

12. When launching SmartDashboard, what information is required to log into VPN-1 NGX R65?
A. User Name, SmartCenter Server IP, certificate fingerprint file
B. Password, SmartCenter Server IP
C. User Name, Password, SmartCenter Server IP
D. Password, SmartCenter Server IP, LDAP Server
Answer: C

13. Which statement below is TRUE about management plug-ins?
A. The plug-in is a package installed on the Security Gateway.
B. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
C. A management plug-in interacts with a SmartCenter Server to provide new features and support for new products.
D. Installing a management plug-in is just like an upgrade process. (It overwrites existing components.)
Answer: C

14. The customer has a small Check Point installation which includes one Window XP workstation working as SmartConsole , one Solaris server working as SmartCenter, and a third server running SecurePlatform working as Security Gateway. This is an example of:
A. Distributed Installation
B. Hybrid Installation
C. Unsupported configuration
D. Stand-Alone Installation
Answer: A

15. A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?
A. SmartDashboard
B. SmartView Monitor
C. SmartView Status
D. SmartView Tracker
Answer: A

Free 156-315.65 Demo Download

Examsoon offers free demo for CheckPoint 156-315.65 exam (Check Point Certified Expert NGX R65). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-315.65 PDF exam Trainning Materials

1. You want to upgrade an NG with Application Intelligence R55 Security Gateway running on SecurePlatform to VPN-1 NGX R65 via SmartUpdate. Which package(s) is(are) needed in the Repository prior to upgrade?
A. SecurePlatform NGX R65 package
B. VPN-1 Power/UTM NGX R65 package
C. SecurePlatform and VPN-1 Power/UTM NGX R65 packages
D. SVN Foundation and VPN-1 Power/UTM packages
Answer: A

2. Concerning these products: SecurePlatform, VPN-1 Pro Gateway, UserAuthority Server, Nokia OS, UTM-1, Eventia Reporter, and Performance Pack, which statement is TRUE?
A. All but the Nokia OS can be upgraded to VPN-1 NGX R65 with SmartUpdate.
B. All but Performance Pack can be upgraded to VPN-1 NGX R65 with SmartUpdate.
C. All can be upgraded to VPN-1 NGX R65 with SmartUpdate.
D. All but the UTM-1 can be upgraded to VPN-1 NGX R65 with SmartUpdate.
Answer: C

3. What action CANNOT be run from SmartUpdate NGX R65?
A. Get all Gateway Data
B. Reboot gateway
C. Preinstall verifier…
D. Fetch sync status
Answer: D

4. You plan to migrate an NG with Application Intelligence (AI) R55 SmartCenter Server on Windows to VPN-1 NGX R65. You also plan to upgrade four VPN-1 Pro Gateways at remote offices, and one local VPN-1 Pro Gateway at your company’s headquarters. The SmartCenter Server configuration must be migrated. What is the correct procedure to migrate the configuration?
A. 1. From the VPN-1 NGX R65 CD on the SmartCenter Server, select "Upgrade".
2. Reboot after installation and upgrade all licenses via SmartUpdate.
3. Reinstall all gateways using NGX R65 and install a policy.
B. 1. From the VPN-1 NGX R65 CD in the SmartCenter Server, select "Export".
2. Install VPN-1 NGX R65 on a new PC using the option "Installation using imported configuration"
3. Reboot after installation and upgrade all licenses via SmartUpdate.
4. Upgrade software on all five remote Gateways via SmartUpdate.
C. 1. Copy the $FWDIRconf directory from the SmartCenter Server.
2. Save directory contents to another file server.
3. Uninstall the SmartCenter Server, and install a new SmartCenter Server.
4. Move the saved directory contents to $FWDIRconf replacing the default installation files.
5. Reinstall all gateways using VPN-1 NGX R65 and install a Security Policy.
D. 1. Upgrade the five remote Gateways via SmartUpdate.
2. Upgrade the SmartCenter Server, using the NGX R65 CD.
Answer: B

5. If a SmartUpdate upgrade or distribution operation fails on SecurePlatfom, how is the system recovered?
A. SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade.
B. The Administrator must remove the rpm packages manually, and reattempt the upgrade.
C. The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot <object name> <filename>.
D. The Administrator must reinstall the last version via the command cprinstall revert <object name> <file name>.
Answer: A

6. You are using SmartUpdate to fetch data and perform a remote upgrade of an NGX Security Gateway. Which of the following statements is FALSE?
A. If SmartDashboard is open during package upload and upgrade, the upgrade will fail.
B. A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway
C. SmartUpdate can query the SmartCenter Server and VPN-1 Gateway for product information
D. SmartUpdate can query license information running locally on the VPN-1 Gateway
Answer: B

7. Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.
A. After selecting "Packages > Distribute…" and choosing the target gateway, the selected package is copied from the Package Repository on the SmartCenter to the Security Gateway but the installation IS NOT performed.
B. After selecting "Packages > Distribute…" and choosing the target gateway, the SmartUpdate wizard walks the Administrator through a Distributed Installation.
C. After selecting "Packages > Distribute…" and choosing the target gateway, the selected package is copied from the Package Repository on the SmartCenter to the Security Gateway and the installation IS performed.
D. After selecting "Packages > Distribute…" and choosing the target gateway, the selected package is copied from the CDROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
Answer: A

8. Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.
A. After selecting "Packages: Add… from CD", the entire contents of the CD are copied to the packages directory on the selected remote Security Gateway.
B. After selecting "Packages: Add… from CD", the entire contents of the CD are copied to the Package Repository on the SmartCenter Server.
C. After selecting "Packages: Add… from CD", the selected package is copied to the packages directory on the selected remote Security Gateway.
D. After selecting "Packages: Add… from CD", the selected package is copied to the Package Repository on the SmartCenter Server.
Answer: D

9. What port is used for communication to the UserCenter with SmartUpdate?
A. HTTP
B. HTTPS
C. TCP 8080
D. CPMI
Answer: B

10. Choose all correct statements. SmartUpdate, located on a VPN-1 NGX SmartCenter Server, allows you to:
(1) Remotely perform a first time installation of VPN-1 NGX on a new machine
(2) Determine OS patch levels on remote machines
(3) Update installed Check Point and any OPSEC certified software remotely
(4) Update installed Check Point software remotely
(5) Track installed versions of Check Point and OPSEC products
(6) Centrally manage licenses
A. 4, 5, & 6
B. 2, 4, 5, & 6
C. 1 & 4
D. 1, 3, 4, & 6
Answer: B

11. You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separated locations. What is the BEST method to implement this HFA?
A. Send a Certified Security Engineer to each site to perform the update
B. Use SmartUpdate to install the packages to each of the Security Gateways remotely
C. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
D. Send a CDROM with the HFA to each location and have local personnel install it
Answer: B

12. What action can be run from SmartUpdate NGX R65?
A. remote_uninstall_verifier
B. upgrade_export
C. mds_backup
D. cpinfo
Answer: D

13. What tools CANNOT be launched from SmartUpdate NGX R65?
A. cpinfo
B. SecurePlatform Web UI
C. Nokia Voyager
D. snapshot
Answer: D

14. Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?
A. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.
B. It will conflict with any future upgrades run from SmartUpdate.
C. SmartUpdate will start a new installation process if the machine is rebooted.
D. It contains your security configuration, which could be exploited.
Answer: D

15. What physical machine must have access to the UserCenter public IP when checking for new packages with SmartUpdate?
A. VPN-1 Security Gateway getting the new upgrade package
B. SmartUpdate installed SmartCenter Server PC
C. SmartUpdate Repository SQL database Server
D. SmartUpdate GUI PC
Answer: D

Free 156-915.1 Demo Download

Examsoon offers free demo for CheckPoint 156-915.1 exam (Accelerated CCSE 1.1 NGX). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-915.1 PDF exam Trainning Materials

1. What is the command to see the licenses of the Security Gateway FWDALLAS from your SmartCenter Server?
A. cprlic print FWDALLAS
B. fw licprint FWDALLAS
C. fw tab -t fwlic FWDALLAS
D. cplic print FWDALLAS
E. fw lic print FWDALLAS
Answer: A

2. Your NGX Enterprise SmartCenter Server is working normally. However, you must reinstall the SmartCenter Server, but keep the SmartCenter Server configuration (for example, all Security Policies, database, etc.) How would you reinstall the Server and keep its configuration?
A. 1.Run the latest upgrade_export utility to export the configuration
2.Keep the exported file in the same location.
3.Use SmartUpdate to reinstall the SmartCenter Server.
4.Run upgrade_import to import the configuration.
B. 1.Run the latest upgrade_export utility to export the configuration
2.Leave the exported. tgz file in $ FWDIR.
3.Install the primary SmartCenter Server on top of the configuration
4.Run upgrade_import to import the configuration.
C. 1. Insert the NGX CD-ROM, and select the option to export the configuration into a.tgz file
2. Transfer the .tgz fiel to another networked maching.
3. Uninstall all NGX packages, and reboot.
4. Use the NGX CD-ROM to select the upgrade_import option to import the configuration.
D. 1. Download the latest upgrade_export utility, and run it from $FWDIRbin to export the confirguration into a.tgz file.
2. Transfer the .tgz file to another network machine.
3. Uninstall all NGX packages and reboot.
4. Install a new primary SmartCenter Server.
5. Run upgrade_import to import the configuration
Answer: D

3. Your organization has many VPN-1 Edge gateways at various branch offices, to allow VPN-1 SecureClient users to access company resources. For security reasons, your organization’s Security Policy requires all Internet traffic initiated behind the VPN-1 Edge gateways first be inspected by your headquarters’ VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To the Internet and other targets only
B. To the center and other satellites, through the center
C. To the center only
D. To the center, or through the center to other satellites, then to the Internet and other VPN targets
Answer: D

4. Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, without stopping the VPN. What is the correct order of steps?
A. 1. Add a new interface on each Gateway.
2. Remove the newly added network from the current VPN Domain for each Gateway.
3. Create VTIs on each Gateway, to point to the other two peers
4. Enable advanced routing on all three Gateways.
B. 1. Add a new interface on each Gateway.
2. Remove the newly added network from the current VPN Domain in each gateway object.
3. Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers.
4. Add static routes on three Gateways, to route the new network to each peer"s VTI interface.
C. 1. Add a new interface on each Gateway.
2. Add the newly added network into the existing VPN Domain for each Gateway.
3. Create VTIs on each gateway object, to point to the other two peers.
4. Enable advanced routing on all three Gateways.
D. 1. Add a new interface on each Gateway.
2. Add the newly added network into the existing VPN Domain for each gateway object.
3. Create VTIs on each gateway object, to point to the other two peers.
4. Add static routes on three Gateways, to route the new networks to each peer’s VTI interface.
Answer: B

5. How can you unlock an administrator’s account, which was been locked due to SmartCenter Access settings in Global Properties?
A. Type fwm lock_admin -ua from the command line of the SmartCenter Server.
B. Clear the "locked" box of the user’s General Properties in SmartDashboard.
C. Type fwm unlock_admin -ua from the command line of the SmartCenter Server
D. Type fwm unlock_admin -ua from the command line of the Security Gateway.
E. Delete the file admin.lock in the $FWDIR/tmp/directory of the SmartCenter Server.
Answer: A

6. After importing the NGX schema into an LDAP server, what should you enable?
Schema checking
A. Encryption
B. UserAuthority
C. ConnectControl
D. Secure Internal Communications
Answer: A

7. Eric wants to see all URLs’ full destination paths in the SmartView Tracker logs, not just the fully qualified domain name of the Web servers. For example, the information filed of a log entry displays the URL http: //hp.msn.com/css/home/hpcl1012.css. How can Eric best customize SmartView Tracker to see the logs he wants? Configure the URI resource, and select:
A. "transparent" as the connection method
B. "tunneling" as the connection method
C. "optimize URL logging"; use the URI resource in the rule, with action "accept"
D. "Enforce URL capability"; use the URI resource in the rule, with action "accept"
Answer: C

8. In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 0
B. Cleanup Rule
C. Rule 1
D. Rule 999
E. Stealth Rule
Answer: A

9. When restoring NGX using the upgrade_import command, which of the following items are NOT restored?
A. Security Policies
B. Global properties
C. Licenses
D. User groups
E. Route tables
Answer: E

10. In a Management High Availablility (HA) configuration, you can configure synchronization to occur automatically, when:
1. The Security Policy is installed.
2. The Security Policy is saved.
3. The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active.
4. A scheduled event occurs.
5. The user database is installed.
Select the BEST response for the synchronization sequence. Choose one.
A. 1,2,3
B. 1,2,3,4
C. 1,3,4
D. 1,2,5
E. 1,2,4
Answer: E

11. Jeremy manages sites in Tokyo, Calcutta and Dallas, from his office in Chicago. He is trying to create a report for management, detailing the current software level of each Security Gateway. He also wants to create a proposal outline, listing the most cost-effective way to upgrade his Gateways. Which two SmartConsole applications should Jeremy use, to create his report and outline?
A. SmartLSM and SmartUpdate
B. SmartDashboard and SmartLSM
C. SmartDashboard and SmartView Tracker
D. SmartView Monitor and SmartUpdate
E. SmartView Tracker and SmartView Monitor
Answer: D

12. You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed.
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed.
D. An object to represent the Q.931 service origination host. AND an object to represent the H.245 termination host.
E. An object to represent the call manager. AND an object to represent the host on which the transmission router is installed.
Answer: C

13. Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen. What is the problem?
A. Steve must enable directional_match(true) in the objectes_5_0.C file on SmartCenter Server.
B. Steve must enable Advanced Routing on each Security Gateway.
C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Steve must enable a dynamic-routing protocol, such as OSPF, on the Gateways.
E. Steve must enable VPN Directional Match on the gateway object??s VPN tab.
Answer: C

14. Your organization’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How would you request and apply the license? Request a central license:
A. using the remote Gateway’s IP address. Apply the license locally with the cplic put command.
B. for the Gateways’ IP address. Apply the license on the SmartCenter Server with the cprlic put command.
C. using the remote Gateway’s IP address. Attach the license to the remote Gateway via SmartUpdate.
D. using your SmartCenter Server’s IP address. Attach the license to the remote Gateway via SmartUpdate.
E. using the SmartCenter Server’s IP address. Apply the license locally on the remote Gateway with the cplic put command.
Answer: D

15. You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connecion Rejection?
A. No QoS rule exists to match the rejected traffic.
B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections.
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.
E. The guarantee of one of the rule??s sub-rules exceeds the guarantee in the rule itself.
Answer: B

Free 156-315.1 Demo Download

Examsoon offers free demo for CheckPoint 156-315.1 exam (Check Point Certified Security Expert NGX). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-315.1 PDF exam Trainning Materials

1. You are preparing a lab for a ClusterXL environment, with the following topology:
Vip internal cluster IP = 172.16.10.1; Vip external cluster IP = 192.168.10.3
Cluster Member 1: four NICs, three enabled: qfe0: 192.168.10.1/24, qfe1: 10.10.10.1/24, qfe2: 172.16.10.1/24
Cluster Member 2: five NICs, three enabled; hme0: 192.168.10.2/24, eth1: 10.10.10.2/24, eth2: 172.16.10.2/24
Member Network tab on internal-cluster interface: is 10.10.10.0, 255.255.255.0
SmartCenter Pro Server: 172.16.10.3
External interfaces 192.168.10.1 and 192.168.10.2 connect to a Virtual Local Area Network (VLAN) switch. The upstream router connects to the same VLAN switch. Internal interfaces 10.10.10.1 and 10.10.10.2 connect to a hub. There is no other machine in the 10.10.10.0 network. 172.19.10.0 is the synchronization network. What is the problem with this configuration?
A. The SmartCenter Pro Server cannot be in the synchronization network.
B. There is no problem with this configuration. It is correct.
C. Members do not have the same number of NICs.
D. The internal network does not have a third cluster member.
E. Cluster members cannot use the VLAN switch. They must use hubs.
Answer: B

2. You set up a mesh VPN Community, so your internal networks can access your partner’s network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All other traffic among your internal and partner networks is sent in clear text. How do you configure the VPN Community?
A. Disable "accept all encrypted traffic", and put FTP and HTTP in the Excluded services in the Community object. Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field.
B. Disable "accept all encrypted traffic" in the Community, and add FTP and HTTP services to the Security Policy, with that Community object in the VPN field.
C. Enable "accept all encrypted traffic", but put FTP and HTTP in the Excluded services in the Community. Add a rule in the Security Policy, with services FTP and http, and the Community object in the VPN field.
D. Put FTP and HTTP in the Excluded services in the Community object. Then add a rule in the Security Policy to allow Any as the service, with the Community object in the VPN field.
Answer: B

3. Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee
Answer: A

4. Which of the following commands shows full synchronization status?
A. cphaprob -i list
B. cphastop
C. fw ctl pstat
D. cphaprob -a if
E. fw hastat
Answer: A

5. You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed
Answer: C

6. You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/FireWall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure?
1. Change the version, in the General Properties of the gateway-cluster object.
2. Upgrade the SmartCenter Server, and reboot after upgrade.
3. Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade.
4. Reinstall the Security Policy.
A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4
E. 1, 2, 3, 4
Answer: D

7. Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization’s three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
A. The related end-points domain specifies an address range.
B. VoIP Domain SIP objects cannot be placed in simple groups.
C. The installed VoIP gateways specify host objects.
D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
E. The VoIP Domain SIP object’s name contains restricted characters.
Answer: B

8. Which service type does NOT invoke a Security Server?
A. HTTP
B. FTP
C. Telnet
D. CIFS
E. SMTP
Answer: D

9. You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VPN-1 and FireWall-1
C. SecurePlatform NGX R60
D. SVN Foundation
E. VPN-1 Pro/Express NGX R60
Answer: C

10. Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company’s file server, on \eriscogoldenapplefilespublic. Robert receives reports that users are unable to access the shared partition, unless they use the file server’s IP address. Which of the following is a possible cause?
A. Mapped shares do not allow administrative locks.
B. The CIFS resource is not configured to use Windows name resolution.
C. Access violations are not logged.
D. Remote registry access is blocked.
E. Null CIFS sessions are blocked.
Answer: B

11. How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair Queuing
E. guaranteed per VoIP rule
Answer: A

12. To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
C. Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
D. Change the cluster mode to Unicast on the cluster-member object.
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address.
Answer: A

13. Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies.
How do you request a new license for this VPN-1 NGX upgrade?
A. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP address. Request a new local license for the NGX VPN-1 Pro Gateway.
B. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
D. Request a VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway, licensed for the existing SmartCenter Server IP address.
Answer: D

14. The following is cphaprob state command output from a ClusterXL New mode High Availability member:When member 192.168.1.2 fails over and restarts, which member will become active?
A. 192.168.1.2
B. 192.168.1.1
C. Both members’ state will be standby
D. Both members’ state will be active
Answer: B

15. The following rule contains an FTP resource object in the Service field:
Source: local_net
Destination: Any
Service: FTP-resource object
Action: Accept
How do you define the FTP Resource Properties > Match tab to prevent internal users from sending corporate files to external FTP servers, while allowing users to retrieve files?
A. Enable the "Get" method on the match tab.
B. Disable "Get" and "Put" methods on the Match tab.
C. Enable the "Put" and "Get" methods.
D. Enable the "Put" method only on the match tab.
E. Disable the "Put" method globally.
Answer: A

Free 156-215.1 Demo Download

Examsoon offers free demo for CheckPoint 156-215.1 exam (Check Point Certified Security Administrator NGX). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-215.1 PDF exam Trainning Materials

1. Which of the following commands is used to restore NGX configuration information?
A. cpconfig
B. cpinfo -i
C. restore
D. fwm dbimport
E. upgrade_import
Answer: E

2. Brianna has three servers located in a DMZ, using private IP addresses. She wants internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?
A. Configure automatic Static NAT rules for the DMZ servers.
B. Configure manual Static NAT rules to translate the DMZ servers, when connecting to the Internet.
C. Configure manual static NAT rules to translate the DMZ servers, when the source is the internal network 10.10.10.x.
D. Configure Hide NAT for the DMZ network behind the DMZ interface of the Security Gateway, when connecting to internal network 10.10.10.x.
E. Configure Hide NAT for 10.10.10.x behind DMZ’s interface, when trying to access DMZ servers.
Answer: C

3. Ellen is performing penetration tests against SmartDefense for her Web server farm. She needs to verify that the Web servers are secure against traffic hijacks. She has selected the "Products > Web Server" box on each of the node objects. What other settings would be appropriate? Ellen:
A. needs to configure TCP defenses such as "Small PMTU" size.
B. should enable all settings in Web Intelligence.
C. needs to create resource objects for the web farm servers and configure rules for the web farm.
D. must activate the Cross-Site Scripting property.
E. should also enable the Web intelligence > SQL injection setting.
Answer: D

4. Which NGX logs can you configure to send to DShield.org?
A. Account and alert logs
B. SNMP and account logs
C. Active and alert logs
D. Audit and alert logs
E. Alert and user-defined alert logs
Answer: E

5. Which of the following is the final step in an NGX backup?
A. Test restoration in a non-production environment, using the upgrade_import command.
B. Move the *.tgz file to another location.
C. Run the upgrade_export command.
D. Copy the conf directory to another location.
E. Run the cpstop command.
Answer: A

6. You are setting up a Virtual Private Network, and must select an encryption scheme. Network performance is a critical issue – even more so than the security of the packet. Which encryption scheme would you select?
A. In-place encryption
B. Tunneling mode encryption
C. Either one will work without compromising performance
Answer: A

7. Your users are defined in a Windows 2000 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in NGX?
A. All Users
B. A group with generic* user
C. External-user group
D. LDAP account-unit group
E. LDAP group
Answer: E

8. How do you block some seldom-used FTP commands, such as CWD, and FIND from passing through the Gateway?
A. Use FTP Security Server settings in SmartDefense.
B. Use an FTP resource object.
C. Configure the restricted FTP commands in the Security Servers screen of the Global properties.
D. Enable FTP Bounce checking in SmartDefense.
E. Add the restricted commands to the aftpd.conf file in the SmartCenter Server.
Answer: A

9. In NGX, what happens if a Distinguished Name (DN) is NOT found in LDAP?
A. NGX takes the common-name value from the Certificate subject, and searches the LDAP account unit for a matching user id.
B. NGX searches the internal database for the username.
C. The Security Gateway uses the subject of the Certificate as the DN for the initial lookup.
D. If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute.
E. When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the external LDAP user database.
Answer: B

10. In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
A. Define a secondary SmartCenter Server as a log server, to transfer the old logs.
B. Configure a script to archive old logs to another directory, before old log files are deleted.
C. Do nothing. Old logs are deleted, until free space is restored.
D. Use the fwm logexport command to export the old log files to other location.
E. Do nothing. The SmartCenter Server archives old logs to another directory.
Answer: B

11. Frank wants to know why users on the corporate network cannot receive multicast transmissions from the Internet. An NGX Security Gateway protects the corporate network from the Internet. Which of the following is a possible cause for the connection problem?
A. NGX does not support multicast routing protocols and streaming media through the Security Gateway.
B. Frank did not install the necessary multicast license with SmartUpdate, when he upgraded to NGX.
C. The Multicast Rule is below the Stealth Rule. NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
D. Multicast restrictions are not configured properly on the corporate internal network interface properties of the Security Gateway object.
E. Anti-spoofing is enabled. NGX cannot pass multicast traffic, if anti-spoofing is enabled.
Answer: D

12. Gary is a Security Administrator in a small company. He needs to determine if the company’s Web servers are accessed for an excessive number of times from the same host. How would he configure this setting in SmartDefense?
A. Successive multiple connections
B. HTTP protocol inspection
C. Successive alerts
D. General HTTP worm catcher
E. Successive DoS attacks
Answer: A

13. When you change an implicit rule’s order from "last" to "first" in Global Properties, how do you make the change effective?
A. Close SmartDashboard, and reopen it.
B. Select install database from the Policy menu.
C. Select save from the file menu.
D. Reinstall the Security Policy.
E. Run fw fetch from the Security Gateway.
Answer: D

14. If a digital signature is used to achieve both data-integrity checking and verification of sender, digital signatures are only used when implementing:
A. A symmetric encryption algorithm.
B. CBL-DES.
C. ESP.
D. An asymmetric encryption algorithm.
E. Triple DES.
Answer: D

15. Larry is the Security Administrator for a software-development company. To isolate the corporate network from the developers’ network, Larry installs an internal Security Gateway. Larry wants to optimize the performance of this Gateway. Which of the following actions is most likely to improve the Gateway’s performance?
A. Remove unused Security Policies from Policy Packages.
B. Clear all Global Properties check boxes, and use explicit rules.
C. Use groups within groups in the manual NAT Rule Base.
D. Put the least-used rules at the top of the Rule Base.
E. Use domain objects in rules, where possible.
Answer: A

You can view Examsoon to get more information about 156-915.65 Trainning Materials

You can view Examsoon to get more information about 156-310 Trainning Materials

Free 156-315 Demo Download

Examsoon offers free demo for CheckPoint 156-315 exam (Check Point Certified Security Expert NGX). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-315 PDF exam Trainning Materials

1. You are preparing a lab for a ClusterXL environment, with the following topology:
Vip internal cluster IP = 172.16.10.1; Vip external cluster IP = 192.168.10.3
Cluster Member 1: four NICs, three enabled: qfe0: 192.168.10.1/24, qfe1: 10.10.10.1/24, qfe2: 172.16.10.1/24
Cluster Member 2: five NICs, three enabled; hme0: 192.168.10.2/24, eth1: 10.10.10.2/24, eth2: 172.16.10.2/24
Member Network tab on internal-cluster interface: is 10.10.10.0, 255.255.255.0
SmartCenter Pro Server: 172.16.10.3
External interfaces 192.168.10.1 and 192.168.10.2 connect to a Virtual Local Area Network (VLAN) switch. The upstream router connects to the same VLAN switch. Internal interfaces 10.10.10.1 and 10.10.10.2 connect to a hub. There is no other machine in the 10.10.10.0 network. 172.19.10.0 is the synchronization network. What is the problem with this configuration?
A. The SmartCenter Pro Server cannot be in the synchronization network.
B. There is no problem with this configuration. It is correct.
C. Members do not have the same number of NICs.
D. The internal network does not have a third cluster member.
E. Cluster members cannot use the VLAN switch. They must use hubs.
Answer: B

2. How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair Queuing
E. guaranteed per VoIP rule
Answer: A

3. Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company’s file server, on \eriscogoldenapplefilespublic. Robert receives reports that users are unable to access the shared partition, unless they use the file server’s IP address. Which of the following is a possible cause?
A. Mapped shares do not allow administrative locks.
B. The CIFS resource is not configured to use Windows name resolution.
C. Access violations are not logged.
D. Remote registry access is blocked.
E. Null CIFS sessions are blocked.
Answer: B

4. You set up a mesh VPN Community, so your internal networks can access your partner’s network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All other traffic among your internal and partner networks is sent in clear text. How do you configure the VPN Community?
A. Disable "accept all encrypted traffic", and put FTP and HTTP in the Excluded services in the Community object. Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field.
B. Disable "accept all encrypted traffic" in the Community, and add FTP and HTTP services to the Security Policy, with that Community object in the VPN field.
C. Enable "accept all encrypted traffic", but put FTP and HTTP in the Excluded services in the Community. Add a rule in the Security Policy, with services FTP and http, and the Community object in the VPN field.
D. Put FTP and HTTP in the Excluded services in the Community object. Then add a rule in the Security Policy to allow Any as the service, with the Community object in the VPN field.
Answer: B

5. Which service type does NOT invoke a Security Server?
A. HTTP
B. FTP
C. Telnet
D. CIFS
E. SMTP
Answer: D

6. The following rule contains an FTP resource object in the Service field:
Source: local_net
Destination: Any
Service: FTP-resource object
Action: Accept
How do you define the FTP Resource Properties > Match tab to prevent internal users from sending corporate files to external FTP servers, while allowing users to retrieve files?
A. Enable the "Get" method on the match tab.
B. Disable "Get" and "Put" methods on the Match tab.
C. Enable the "Put" and "Get" methods.
D. Enable the "Put" method only on the match tab.
E. Disable the "Put" method globally.
Answer: A

7. The following is cphaprob state command output from a ClusterXL New mode High Availability member:When member 192.168.1.2 fails over and restarts, which member will become active?
A. 192.168.1.2
B. 192.168.1.1
C. Both members’ state will be standby
D. Both members’ state will be active
Answer: B

8. You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/FireWall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure?
1. Change the version, in the General Properties of the gateway-cluster object.
2. Upgrade the SmartCenter Server, and reboot after upgrade.
3. Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade.
4. Reinstall the Security Policy.
A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4
E. 1, 2, 3, 4
Answer: D

9. Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee
Answer: A

10. You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed
Answer: C

11. Which of the following commands shows full synchronization status?
A. cphaprob -i list
B. cphastop
C. fw ctl pstat
D. cphaprob -a if
E. fw hastat
Answer: A

12. Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization’s three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
A. The related end-points domain specifies an address range.
B. VoIP Domain SIP objects cannot be placed in simple groups.
C. The installed VoIP gateways specify host objects.
D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
E. The VoIP Domain SIP object’s name contains restricted characters.
Answer: B

13. Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies.
How do you request a new license for this VPN-1 NGX upgrade?
A. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP address. Request a new local license for the NGX VPN-1 Pro Gateway.
B. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
D. Request a VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway, licensed for the existing SmartCenter Server IP address.
Answer: D

14. You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VPN-1 and FireWall-1
C. SecurePlatform NGX R60
D. SVN Foundation
E. VPN-1 Pro/Express NGX R60
Answer: C

15. To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
C. Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
D. Change the cluster mode to Unicast on the cluster-member object.
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address.
Answer: A

You can view Examsoon to get more information about 156-510 Trainning Materials

Free 156-215 Demo Download

Examsoon offers free demo for CheckPoint 156-215 exam (Check Point Security Administration NGX ). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-215 PDF exam Trainning Materials

1. The Internal Certificate Authority (ICA) is corrupt on your SmartCenter Server. The server is installed on a SecurePlatform machine in the MegaCorp home office. You use IP address 10.1.1.1. You need to have management connectivity restored to a Security Gateway on a second SecurePlatform computer, which plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for restoring management connectivity on the Gateway before shipping it?
1. Run cpconfig on the Gateway, select "Secure Internal Communication", enter the activation key, and reconfirm.
2. Run fwm sic reset on the SmartCenter Server.
3. Configure the gateway object with the host name and IP addresses for the remote site.
4. Click the Communication button in the gateway object’s general screen, click Reset button, enter the activation key, and click Initialize and OK.
5. Install the Security Policy.
Select the best response.
A. 2, 1, 4, 5
B. 2, 3, 1, 4, 5
C. 1, 2, 3, 4
D. 1, 3, 2, 4, 5
Answer: A

2. Your current security scenario gives you the option to choose between a stand-alone installation or a distributed installation. Which of the following factors would cause you to decide in favour of the distributed installation?
Select the best response.
A. You are required to use Clientless VPN.
B. You are required to use Windows as operating system.
C. You are required to use as few hardware resources as possible.
D. You are required to install HFA’s on the Security Gateway via SmartUpdate.
Answer: D

3. What is the reason?
A. No Security Policy installed on the Security Gateway
B. No Secure Internal Communications established between the SmartCenter Server and Security Gateway
C. Time not synchronized between the SmartCenter Server and Security Gateway
D. Version mismatch between the SmartCenter Server and Security Gateway
Answer: A

4. The third shift Administrator was updating SmartCenter Access settings in Global Properties. He managed to lock all of the administrators out of their accounts. How can you unlock these accounts?
Select the best response.
A. Type fwm lock_admin ua from the command line of the SmartCenter Server.
B. Type fwm unlock_admin ua from the command line of the SmartCenter Server.
C. Type fwm unlock_admin ua from the command line of the Security Gateway.
D. Clear the "locked" box of the user’s General Properties in SmartDashboard.
Answer: A

5. Initialize SIC for the Gateway object on the SmartCenter Server.
3. Configure the gateway object with the host name and IP addresses for the remote site.
4. Click the Communication button in the gateway object’s general screen, enter the activation key, and click Initialize and OK.
5. Install the Security Policy.
Select the best response.
A. 1, 3, 2, 4, 5
B. 2, 3, 1, 4, 5
C. 3, 4, 5
D. 1, 2, 4, 3
Answer: C

6. The third shift Administrator was updating SmartCenter Access settings in Global Properties. He managed to lock himself out of his account. How can you unlock this account?
Select the best response.
A. Type fwm lock_admin u from the command line of the SmartCenter Server.
B. Type fwm unlock_admin u from the command line of the Security Gateway.
C. Delete the file admin.lock in the $FWDIR/tmp/ directory of the SmartCenter Server.
D. Type fwm unlock_admin u from the command line of the SmartCenter Server.
Answer: A

7. You installed SmartCenter Server on a computer running SecurePlatform in the MegaCorp home office. You use IP address 10. You also installed the Security Gateway on a second SecurePlatform computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for setting up SIC on the Gateway before shipping it?
1. Run cpconfig on the Gateway, select "Secure Internal Communication", enter the activation key, and reconfirm.
2. Initialize SIC for the Gateway object on the SmartCenter Server.
3. Configure the gateway object with the host name and IP addresses for the remote site.
4. Click the Communication button in the gateway object’s general screen, enter the activation key, and click Initialize and OK.
5. Install the Security Policy.
Select the best response.
A. 1, 3, 2, 4, 5
B. 2, 3, 1, 4, 5
C. 3, 4, 5
D. 1, 2, 4, 3
Answer: C

8. Install the Security Policy.
Select the best response.
A. 1, 3, 2, 4, 5
B. 2, 3, 1, 4, 5
C. 3, 4, 5
D. 1, 2, 4, 3
Answer: C

9. Click the Communication button in the gateway object’s general screen, enter the activation key, and click Initialize and OK.
5. Install the Security Policy.
Select the best response.
A. 1, 3, 2, 4, 5
B. 2, 3, 1, 4, 5
C. 3, 4, 5
D. 1, 2, 4, 3
Answer: C

10. Which SmartConsole tool would you use to see the last policy pushed in the audit log?
Select the best response.
A. SmartView Status
B. SmartView Server
C. SmartView Tracker
D. Eventia Reporter
Answer: C

11. Which SmartConsole tool would you use to verify the installed Security Policy name?
Select the best response.
A. SmartUpdate
B. SmartView Monitor
C. Eventia Reporter
D. SmartView Status
Answer: B

12. Upon checking SmartView Monitor, you find the following Critical Problem notification.
Select the best response.
A. No Security Policy installed on the Security Gateway
B. No Secure Internal Communications established between the SmartCenter Server and Security Gateway
C. Time not synchronized between the SmartCenter Server and Security Gateway
D. Version mismatch between the SmartCenter Server and Security Gateway
Answer: A

13. Which SmartConsole tool would you use to verify the installed Security Policy name?
Select the best response.
A. Eventia Reporter
B. SmartView Status
C. SmartView Server
D. SmartView Monitor
E. SmartUpdate
Answer: D

14. Configure the gateway object with the host name and IP addresses for the remote site.
4. Click the Communication button in the gateway object’s general screen, enter the activation key, and click Initialize and OK.
5. Install the Security Policy.
Select the best response.
A. 1, 3, 2, 4, 5
B. 2, 3, 1, 4, 5
C. 3, 4, 5
D. 1, 2, 4, 3
Answer: C

15. Your current security scenario gives you the option to choose between a stand-alone installation or a distributed installation. Which of the following factors would cause you to decide in favour of the stand-alone installation?
Select the best response.
A. You are required to use as few hardware resources as possible.
B. You are required to use Clientless VPN.
C. You are required to use Windows as operating system.
D. You are required to install HFA’s on the Security Gateway via SmartUpdate.
Answer: A

You can view Examsoon to get more information about 156-210 Trainning Materials

Free 156-816 Demo Download

Examsoon offers free demo for CheckPoint 156-816 exam (Check Point Certified Managed Security Expert Plus VSX NGX). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-816 PDF exam Trainning Materials

1. Which of the following statements is true concerning the default Security Policy of the External Virtual Router?
A. The External Virtual Router automatically performs Hide NAT behind its external interface for all Virtual Systems connected to it.
B. The default Policy of the External Virtual Router denies all traffic going to or coming from it.
C. The default policy of the External Virtual Router cannot be changed.
D. All traffic coming from networks protected by a VSX Gateway is accepted. All other traffic is dropped.
E. The External Virtual Router always enforces the same Policy as the Management Virtual System.
Answer: B

2. Which of the following is NOT a type of physical interface seen in a VSX Gateway?
A. Warp
B. Internal
C. Dedicated management
D. External
E. Synchronization
Answer: A

3. Which of the following can function as a Management Server for a VSX Gateway?
A. Check Point Integrity
B. SiteManager-1 NGX: Multi-Domain Server
C. Security Management Portal
D. VPN-1/FireWall-1 Small Office
E. Provider-1 NGX: Multi-Domain Server
Answer: E

4. When deploying a VSX Gateway managed by a Provider-1 MDS, how many Administrators can connect in Read/Write mode to the MDS database simultaneously?
A. One for each CMA
B. No more than 250
C. One
D. No more than 25
E. Two; one can connect to the Management Virtual System database, while the other connects to the Virtual System database.
Answer: A

5. A Warp Link is a virtual point-to-point connection between a:
A. Virtual Router and Virtual System.
B. Virtual Router and Virtual Switch.
C. Virtual System and the management interface.
D. Virtual Router and a physical interface.
E. Virtual System and another Virtual System.
Answer: A

6. You are configuring source-based routing in a VSX Gateway deployment with both External and Internal Virtual Routers. Which of the following functions cannot be configured for the Virtual Systems?
A. Virtual System clustering
B. Anti-spoofing measures
C. Network Address Translation
D. Remote access VPNs
E. Intranet VPNs
Answer: B

7. When deploying a VSX Gateway managed by a SmartCenter Server, which of the following statements is TRUE?
A. VSX Administrators can configure different domains for each Virtual System.
B. Multiple Administrators can simultaneously connect to the same database, to manage multiple Customers.
C. All Customer objects, rules, and users are shared in a single database.
D. Each Virtual System has its own unique Certificate Authority.
E. VSX superuser Administrators can configure granular permissions for each Customer Administrator.
Answer: C

8. During MDS installation, you must configure at least one VSX Administrator. After creating the Administrator, you are prompted to perform which task?
A. Grant VSX-specific privileges to the Administrator
B. Assign the Administrator to manage a specific Virtual System
C. Add the Administrator to a group
D. Assign the Administrator to manage a specific interface on the VSX Gateway
E. Assign the Administrator to manage a specific CMA
Answer: C

9. What are the two levels of VSX Gateway clustering?
A. INSPECT and database level
B. Database and VSX Gateway levels
C. Virtual device and database levels
D. INSPECT and configuration levels
E. Virtual device and VSX Gateway levels
Answer: E

10. How many Management Virtual System instances does each member of a VSX Gateway cluster run?
A. One for each physical interface on the Gateway
B. One for each cluster member
C. Only one
D. Two, the cluster MVS and the unique Gateway MVS
E. One for each Virtual System configured on the Gateway
Answer: C

11. What is the difference between Single-Context and Multi-Context processes?
A. Single-Context processes are implemented in standard firewall deployments, while only Multi-Context processes are implemented in VSX Gateway deployments.
B. Single-Context processes are shared between VSX Gateways in an HA configuration, while Multi-Context processes are shared between VSX Gateways in a Load Sharing environment.
C. Single-Context processes are ones in which all Virtual Systems share, while Multi-Context processes are unique to each Virtual System.
D. Single-Context processes are implemented in a single VSX Gateway environment, while Multi-Context processes are only implemented in VSX Gateway High Availability (HA).
E. Single-Context processes are unique to each Virtual System on a Gateway, while Multi-Context processes are ones in which all Virtual Systems share.
Answer: E

12. Which of the following items is most commonly configured as the default Gateway for a Management Virtual System?
A. Interface leading to the management network
B. Same setting as the default Gateway of the External Virtual Router; typically this is a perimeter router.
C. External Virtual Router
D. Internal Virtual Router
E. Interface leading to the synchronization network
Answer: C

13. A __________ is a virtual security device configured on a VSX Gateway, which operates as a complete routing and security domain, with firewall and VPN capabilities.
A. Virtual Switch
B. Context Identification Module
C. Virtual System Extension
D. Virtual System
E. External Virtual Router
Answer: D

14. Which of the following MDS types allows you to create and manage a VSX Gateway?
A. MDS CLM
B. MDS Manager station
C. MDS VSX Integrator
D. MDS MLM
E. MDS Manager + Container station
Answer: E

15. In a VSX Gateway cluster, which of the following objects are available by default as installation targets for the Management Virtual System?
A. Individual Management Virtual Systems (MVS) for each cluster member
B. MVS cluster object
C. Individual External Virtual Routers for each cluster member
D. Virtual Switch cluster object
E. Individual Virtual Switch Members
Answer: B

Free 156-110 Demo Download

Examsoon offers free demo for CheckPoint 156-110 exam (CheckPoint Certified Security Principles Associate (CCSPA)). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-110 PDF exam Trainning Materials

1. Which of the following is MOST likely to cause management to view a security-needs proposal as invalid?
A. Real-world examples
B. Exaggeration
C. Ranked threats
D. Quantified risks
E. Temperate manner
Answer: B

2. All of the following are possible configurations for a corporate intranet, EXCEPT:
A. Value-added network
B. Wide-area network
C. Campus-area network
D. Metropolitan-area network
E. Local-area network
Answer: A

3. _______ can mimic the symptoms of a denial-of-service attack, and the resulting loss in productivity can be no less devastating to an organization.
A. ICMP traffic
B. Peak traffic
C. Fragmented packets
D. Insufficient bandwidth
E. Burst traffic
Answer: D

4. Which of the following tests provides testing teams some information about hosts or networks?
A. Partial-knowledge test
B. Full-knowledge test
C. Zero-knowledge test
Answer: A

5. One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?
A. On-line training
B. Formal classroom training
C. Train-the-mentor training
D. Alternating-facilitator training
E. Self-paced training
Answer: C

6. A(n) ________________ is a one-way mathematical function that maps variable values into smaller values of a fixed length.
A. Symmetric key
B. Algorithm
C. Back door
D. Hash function
E. Integrity
Answer: D

7. What is mandatory sign-on? An authentication method that:
A. uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication
B. requires the use of one-time passwords, so users authenticate only once, with a given set of credentials
C. requires users to re-authenticate at each server and access control
D. stores user credentials locally, so that users need only authenticate the first time a local machine is used
E. allows users to authenticate once, and then uses tokens or other credentials to manage subsequent authentication attempts
Answer: C

8. The items listed below are examples of ___________________ controls.
*Procedures and policies
*Employee security-awareness training
*Employee background checks
*Increasing management security awareness
A. Technical
B. Administrative
C. Role-based
D. Mandatory
E. Physical
Answer: B

9. Which of the following is the MOST important consideration, when developing security- awareness training materials?
A. Training material should be accessible and attractive.
B. Delivery mechanisms should allow easy development of additional materials, to complement core material.
C. Security-awareness training materials should never contradict an organizational security policy.
D. Appropriate language should be used to facilitate localization, should training materials require translation.
E. Written documentation should be archived, in case of disaster.
Answer: C

10. Which of the following is a cost-effective solution for securely transmitting data between remote offices?
A. Standard e-mail
B. Fax machine
C. Virtual private network
D. Bonded courier
E. Telephone
Answer: C

11. Which of the following statements about the maintenance and review of information security policies is NOT true?
A. The review and maintenance of security policies should be tied to the performance evaluations of accountable individuals.
B. Review requirements should be included in the security policies themselves.
C. When business requirements change, security policies should be reviewed to confirm that policies reflect the new business requirements.
D. Functional users and information custodians are ultimately responsible for the accuracy and relevance of information security policies.
E. In the absence of changes to business requirements and processes, information-security policy reviews should be annual.
Answer: D

12. INFOSEC professionals are concerned about providing due care and due diligence. With whom should they consult, when protecting information assets?
A. Law enforcement in their region
B. Senior management, particularly business-unit owners
C. IETF enforcement officials
D. Other INFOSEC professionals
E. Their organizations’ legal experts
Answer: E

13. Digital signatures are typically provided by a ____________________, where a third party verifies a key’s authenticity.
A. Network firewall
B. Security administrator
C. Domain controller
D. Certificate Authority
E. Hash function
Answer: D

14. How do virtual corporations maintain confidentiality?
A. Encryption
B. Checksum
C. Data hashes
D. Redundant servers
E. Security by obscurity
Answer: A

15. Which of the following is NOT an auditing function that should be performed regularly?
A. Reviewing IDS alerts
B. Reviewing performance logs
C. Reviewing IDS logs
D. Reviewing audit logs
E. Reviewing system logs
Answer: B

Free 156-515 Demo Download

Examsoon offers free demo for CheckPoint 156-515 exam (Check Point Certified Security Expert Plus NGX). You can check out the interface, question quality and usability of our practice exam before you decide to get it. We are the only one site can offer demo for almost all products.

Free Download 156-515 PDF exam Trainning Materials

1. How can you view cpinfo on a SecurePlatform Pro machine?
A. snoop -i
B. infotab
C. tcpdump
D. Text editor, such as vi
E. infoview
Answer: D

2. Which of the following fw monitor commands only captures traffic between IP addresses 192.168.11.1 and 10.10.10.1?
A. fw monitor -e "accept src=192.168.11.1 or dst=192.168.11.1 or src=10.10.10.1 or dst=10.10.10.1;"
B. fw monitor -e "accept src=192.168.11.1 or dst=192.168.11.1; src=10.10.10.1 or dst=10.10.10.1;"
C. fw monitor -e "accept src=192.168.111 and dst=192.168.11.1; src=10.10.10.1 and dst=10.10.10.1;"
D. fw monitor -e "accept src=192.168.11.1 or dst=192.168.11.1; and src=10.10.10.1 or dst=10.10.10.1;"
E. fw monitor -e "accept (src=192.168.11.1 and dst=10.10.10.1) or (src=10.10.10.1 and dst=192.168.11.1);"
Answer: E

3. VPN debugging information is written to which of the following files?
A. FWDIR/log/ahttpd.elg
B. FWDIR/log/fw.elg
C. $FWDIR/log/ike.elg
D. FWDIR/log/authd.elg
E. FWDIR/log/vpn.elg
Answer: C

4. Gus is troubleshooting a problem with SMTP. He has enabled debugging on his Security Gateway and needs to copy the *.elg files into an archive to send to Check Point Support. Which of the
following files does Gus NOT need to send?
A. fwd.elg
B. mdq.elg
C. diffserv.elg
D. asmtpd.elg
Answer: C

5. Which one of these is a temporary pointer log file?
A. $FWDIR/log/xx.logptr
B. $FWDIR/log/xx.log
C. $FWDIR/log/xx.logaccount_ptr
D. $FWDIR/log/xx.logLuuidDB
Answer: D

6. When VPN-1 NGX starts after reboot, with no installed Security Policy, which of these occurs?
A. All traffic except HTTP connections is blocked.
B. All traffic except SmartDefense Console connections is blocked.
C. All traffic is blocked.
D. All traffic except SmartConsole/SmartCenter Server connections is blocked.
E. All traffic is allowed.
Answer: D

7. Which of the following vpn debug options purges ike.elg and vpnd.elg, and creates a time stamp before starting ike debug and vpn debug at the same time?
A. ike on
B. timeon
C. trunc
D. ikefail
E. mon
Answer: C

8. Which of the following commands would you run to debug a VPN connection?
A. debug vpn ike
B. debug vpn ikeon
C. vpn debug ike
D. debug vpn ike on
E. vpn debug ikeon
Answer: E

9. Which files should be acquired from a Windows 2003 Server system crash with a Dr. Watson error?
A. drwtsn32.log
B. vmcore.log
C. core.log
D. memory.log
E. info.log
Answer: A

10. To stop the sr_service debug process, you must first stop VPN-1 SecureClient, delete which of the following files, and restart SecureClient?
A. sr_auth.all
B. sr_topo.all
C. sr_tde.all
D. sr_service.all
E. sr_users.all
Answer: C

11. The virtual machine inspects each packet at the following points:
-Before the virtual machine, in the inbound direction (i or PREIN)
-After the virtual machine, in the inbound direction (I or POSTIN)
-Before the virtual machine, in the outbound direction (o or PREOUT)
-After the virtual machine, in the outbound direction (O or POSTOUT)
If Ethereal displays a packet with i, I, o, and O entries, what does that likely indicate?
A. The packet was rejected by the Rule Base.
B. The packet was destined for the Gateway.
C. Nothing unusual; the o and O entries only appear if there is a kernel-level error.
D. The packet was rerouted by the Gateway’s OS.
E. The packet arrived at the kernel and left the Security Gateway successfully.
Answer: E

12. A SecuRemote/SecureClient tunnel test uses which port?
A. UDP 18233
B. UDP 2746
C. UDP 18234
D. TCP 18231
E. UDP 18321
Answer: C

13. When collecting information relating to the perceived problem, what is the most important question to ask?
A. Is this problem repeatable?
B. Is this problem software or hardware related?
C. Under what circumstances does this problem occur?
D. What action or state am I trying to achieve?
E. Does the problem appear random or can you establish a pattern?
Answer: C

14. Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the Initial Policy?
A. fw monitor
B. cp policy
C. cp stat
D. fw policy
E. fw stat
Answer: E

15. NGX Wire Mode allows:
A. Peer gateways to establish a VPN connection automatically from predefined preshared secrets.
B. Administrators to verify that each VPN-1 SecureClient is properly configured, before allowing it access to the protected domain.
C. Peer gateways to fail over existing VPN traffic, by avoiding Stateful Inspection.
D. Administrators to monitor VPN traffic for troubleshooting purposes.
E. Administrators to limit the number of simultaneous VPN connections, to reduce the traffic load passing through a Security Gateway.
Answer: C