Checkpoint 156-915 Exam Tests, Most Important Checkpoint 156-915 Answers With Low Price

Welcome to download the newest Examwind 1Z0-052 dumps:

100% Valid And Newest–Do not worry about your Checkpoint 156-915 exam! Just try Flydumps the latest Checkpoint 156-915 exam dumps.The latest new version with all the official new added Checkpoint 156-915 questions and answers.High pass rate and money back.

QUESTION 131
Jacob is using a mesh VPN Community to create a site-to-site VPN. The VPN properties in this mesh Community display in this graphic: Which of the following statements is TRUE?
A. If Jacob changes the setting, “Perform key exchange encryption with” from “3DES” to “DES”, he will enhance the VPN Community’s security and reduce encryption overhead.
B. Jacob must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES.
C. If Jacob changes the setting “Perform IPsec data encryption with” from “AES-128” to “3DES”, he will increase the encryption overhead.
D. Jacob’s VPN Community will perform IKE Phase 1 key-exchange encryption, using the longest key VPN-1 NGX supports.

Correct Answer: C
QUESTION 132
Frank wants to know why users on the corporate network cannot receive multicast transmission from the Internet. An NGX Security Gateway protects the corporate network from the Internet. Which of the following is a possible cause for the connection problem?
A. NGX does not support multicast routing protocols and streaming media through the Security Gateway.
B. Frank did not install the necessary multicast license with SmartUpdate, when he upgraded to NGX.
C. The Multicast Rule is below the Stealth Rule. NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
D. Multicast restrictions are not configured properly on the corporate internal network interface properties of the Security Gateway object.
E. Anti-spoofing is enabled. NGX cannot pass multicast traffic, if anti-spoofing is enabled.

Correct Answer: D
QUESTION 133
Gail is the Security Administrator for a marking firm. Gail is working with the networking team, to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks Gail to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should Gail use to check these objects and rules?
A. SmartView Monitor
B. SmartUpdate
C. SmartView Tracker
D. SmartDashboard
E. SmartView Status
Correct Answer: D
QUESTION 134
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and view hidden rules. Select the rule, right-click, and select Disable.
B. Uninstall the Security Policy, and then disable the rule.
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again.
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule.
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rule (s)”.

Correct Answer: E
QUESTION 135
Which of these changes to a Security Policy optimizes Security Gateway performance?
A. Using domain objects in rules when posssible.
B. Using groups within groups in the manual NAT Rule Base.
C. Putting the least-used rule at the top of the Rule Base.
D. Logging rules as much as possible.
E. Removing old or unused Security Policies from Policy Packages.

Correct Answer: E
QUESTION 136
One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive error message “unknown”. What is the problem?
A. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.
B. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX.
C. The Internal Certificate Authority for the SmartCenter object has been removed from objects_5_0.C.
D. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection.

Correct Answer: E
QUESTION 137
A Security Administrator is notified that some long-lasting Telnet connections to a mainframe are dropped every time after an hour. The Administrator suspects that the Security Gateway might be blocking these connections. As she reviews the Smart Tracker the Administrator sees the packet is dropped with the error “Unknown established connection”. How can she resolve this problem, without causing other security issues? Choose the BEST answer. She can:
A. increase the session time-out in the mainframe’s Object Properties.
B. create a new TCP service object on port 23, and increase the session time-out for this object. She only uses this new object in the rule that allows the Telnet connections to the mainframe.
C. increase the session time-out in the Service Properties of the Telnet service.
D. increase the session time-out in the Global Properties.
E. ask the mainframe users to reconnect every time this error occurs.

Correct Answer: B
QUESTION 138
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access, after the next Phase 2 exchange occurs?
A. Phase 3 Key Revocation
B. Perfect Forward Secrecy
C. MD5 Hash Completion
D. SHA1 Hash Completion
Correct Answer: B QUESTION 139
Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee

Correct Answer: A
QUESTION 140
What do you use to view an NGX Security Gateway’s status, including CPU use, amount of virtual memory, percent of free hard-disk space, and version?
A. SmartLSM
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartView Status.

Correct Answer: D
QUESTION 141
Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?
A. Guarantees
B. Low Latency Queuing
C. Differentiated Services
D. Weighted Fair Queueing
E. Limits

Correct Answer: C
QUESTION 142
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule.

Correct Answer: A
QUESTION 143
The following diagram illustrates how a VPN-1 SecurieClient user tries to establish a VPN with hosts in the external_net and internal_net from the Internal. How is the Security Gateway VPN Domain created?
A. Internal Gateway VPN Domain = internal_net; External VPN Domain = external net + external gateway object + internal_net
B. Internal Gateway VPN Domain = internal_net; External Gateway VPN Domain = external_net + internal gateway object
C. Internal Gateway VPN Domain = internal_net; External Gateway VPN Domain = internal_net + external_net
D. Internal Gateway VPN Domain = internal_net; External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

Correct Answer: D
QUESTION 144
If you are experiencing LDAP issues, which of the following should you check?
A. Secure Internal Communications (SIC)
B. VPN tunneling
C. Overlapping VPN Domains
D. NGX connectivity
E. VPN Load Balancing

Correct Answer: D
QUESTION 145
Barak is a Security Administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?
1.
Disable “Pre-Shared Secret” on the London and Oslo gateway objects.

2.
Add the Madrid gateway object into the Oslo and London’s mesh VPN Community.

3.
Manually generate ICA Certificates for all three Security Gateways.

4.
Configure “Traditional mode VPN configuration” in the Mardrid gateway object’s VPN screen.

5.
Reinstall the Security Policy on all three Security Gateways.
A. 1,2,5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1,2,3,4

Correct Answer: A
QUESTION 146
Jerry is concerned that a denial-of-service (DoS) attack may affect his VPN Communities. He decides to implement IKE DoS protection. Jerry needs to minimize the performance impact of implementing this new protection. Which of the following configuraions is MOST appropriate for Jerry?
A. Set Support IKE DoS protection from identified source to “Puzzles”, and Support IKE DoS protection from unidentified source to “Stateless”.
B. Set Support IKE DoS Protection from identified source, and Support IKE DoS protection from unidentified source to “Puzzles”.
C. Set Support IKE DoS protection from identified source to “Stateless,” and Support IKE DoS protection from unidentified source to “Puzzles”.
D. Set “Support IKE DoS protection” from identified source, and “Support IKE DoS protection” from unidentified source to “Stateless”.
E. Set Support IKE DoS protection from identified source to “Stateless”, and Support IKE DoS protection from unidentified source to “None”.
Correct Answer: D
QUESTION 147
How does a standby SmartCenter Server receive logs from all Security Gateways, when an active SmartCenter Server fails over?
A. The remote Gateways must set up SIC with the secondary SmartCenter Server, for logging.
B. Establish Secure Internal Communications (SIC) between the primary and secondary Servers. The secondary Server can then receive logs from the Gateways, when the active Server fails over.
C. On the Log Servers screen (from the Logs and Masters tree on the gateway object’s General Properties screen), add the secondary SmartCenter Server object as the additional log server. Reinstall the Securtiy Policy.
D. Create a Check Point host object to represent the standby SmartCenter Server. Then select “Secondary SmartCenter Server” and Log Server”, from the list of Check Point Products on the General properties screen.
E. The secondary Server’s host name and IP address must be added to the Masters file, on the remote Gateways.

Correct Answer: C
QUESTION 148
Your primary SmartCenter Server is installed on a SecurePlatform Pro machine, which is also a VPN-1 Pro Gateway. You want to implement Management High Availability (HA). You have a spare machine to configure as the secondary SmartCenter Server. How do you configure the new machine to be the standby SmartCenter Server, without making any changes to the existing primary SmartCenter Server? (Changes can include uninstalling and reinstalling.)
A. You cannot configure Management HA, when either the primary or secondary SmartCenter Server is running on a VPN-1 Pro Gateway.
B. The new machine cannot be installed as the Internal Certificate Authority on its own.
C. The secondary Server cannot be installed on a SecurePlatform Pro machine alone.
D. Install the secondary Server on the spare machine. Add the new machine to the same network as the primary Server.

Correct Answer: A
QUESTION 149
Larry is the Security Administrator for a software-development company.
To isolate the corportate network from the developers’ network, Larry installs an internal Security Gateway. Larry wants to optimize the performance of this Gateway. Which of the following actions is most likely to improve the Gateway’s performance?
A. Remove unused Security Policies from Policy Packages.
B. Clear all Global Properties check boxes, and use explicit rules.
C. Use groups within groups in the manual NAT Rule Base.
D. Put the least-used rules at the top of the Rule Base.
E. Use domain objects in rules, where possible.

Correct Answer: A
QUESTION 150
You want to upgrade a cluster withc two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/FireWall-1 NG FP3, with the latest Hotfix.
What is the correct upgrade procedure?
1.
Change the version, in the General Properties of the gateway-cluster object.

2.
Upgrade the SmartCenter Server, and reboot after upgrade.

3.
Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade.

4.
Reinstall the Security Policy.
A. 3,2,1,4
B. 2,4,3,1
C. 1,3,2,4
D. 2.3.1.4
E. 1.2.3.4

Correct Answer: D
QUESTION 151
Which VPN Community object is used to configure VPN routing within the SmartDashboard?
A. Star
B. Mesh
C. Remote Access
D. Map

Correct Answer: A
QUESTION 152
Regarding QoS guarantees and limits, which of the following statements is FALSE?
A. The guarantee of a sub-rule cannot be greater than the guarantee defined for the rule above it.
B. If a guarantee is defined in a sub-rule, a guarantee must be defined for the rule above it.
C. A rule guarantee must not be less than the sum defined in the guarantees’ sub-rules.
D. If both a rule and per-connection limit are defined for a rule, the per-connection limit must not be greater than the rule limit.
E. If both a limit and guarantee per rule are defined in a QoS rule, the limit must be smaller than the guarantee.

Correct Answer: E
QUESTION 153
When you change an implicit rule’s order from “last” to “first” in Global Properties, how do you make the change effective?
A. Close SmartDashboard, and reopen it.
B. Select install database from the Policy menu.
C. Select save from the file menu.
D. Reinstall the Security Policy
E. Run fw fetch from the security Gateway.

Correct Answer: D
QUESTION 154
Which NGX component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time?
A. Reporting Module
B. Eventia Reporter
C. SmartUpdate
D. SmartView Status
E. SmarView Monitor

Correct Answer: A
QUESTION 155
The following is cphaprob state command output from a ClusterXL New mode High Auailability member: When member 192.168.1.2 fails over and restarts, which member will become active?
A. 192.168.1.2
B. 192.168.1.1
C. Both member’s state will be standby
D. Both members’ state will be active

Correct Answer: B
QUESTION 156
State Synchronizatioin is enable on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for “selective sync”.
The following is the fw tab -t connections -s output from both members: Is State Synchronization working properly between the two members?
A. Members A and B are synchronized, because ID for both members is identical in the connections table.
B. The connections-table output is incomplete. You must run the cphaprob state command, to determine if members A and B are synchronized.
C. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table.
D. Members A and B are synchronized, because #SLINKS are identical in the connections table.
E. Members A and B are not synchronized, because #VALS in the connections table are not close.

Correct Answer: E
QUESTION 157
Amanda is compiling traffic statistics for her company’s Internet activity during production hours. How could she use SmartView Monitor to find this information? By:
A. using the “Traffic Counters” settings and SmartVew Monitor to generate a graph showing the total HTTP traffic for the day.
B. monitoring each specific user’s Web traffic use.
C. viewing total packets passed through the Security Gateway.
D. selecting the “Tunnels” view, and generating a report on the statics.
E. configuring a Suspicious Activity Rule which triggers an alert when HTTP traffic pssses through the Gateway.

Correct Answer: A
QUESTION 158
By default, a standby SmartCenter Server is automatically synchronized by an active SmartCenter Server, when:
A. The Security Policy is installed.
B. The Security Policy is saved.
C. The user database is installed.
D. The Security Administrator logs in to the standby SmartCenter Server, for the first time.
E. The standby SmartCenter Server starts for the first time.

Correct Answer: A
QUESTION 159
Ben is the Security Administrator for a university. Ben configured and installed a new Security Policy this morning. An hour after installing the new Security Policy. Ben began receiving complaints that Internet access was very slow. Ben called his Internet Service Provider, who asked Ben how much virtual memory his Security Gateway had. Which SmartConsole application should Ben use to answer this question?
A. SmartView Tracker
B. SmartLSM
C. SmartUpdae
D. SmartVIew Monitor
E. SmartView Status

Correct Answer: D
QUESTION 160
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig.
D. Change the cluster mode to unicast on the cluster-member object.
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address.
Correct Answer: A

Checkpoint 156-915 exam is a hot Microsoft certification test. It is the choice of a great number of IT professionals. After using Examwind Latest Checkpoint 156-915 dumps,you don’t need to make other effort to take any other books or courses.Latest Checkpoint 156-915 dumps help you in keeping yourself up-to-date with the latest Latest Checkpoint 156-915 dumps available in the market. Flydumps Latest Checkpoint 156-915 dumps are designed to make individuals feel confident after your studying about Flydumps products.

Welcome to download the newest Examwind 1Z0-052 dumps: http://www.examwind.com/1Z0-052.html

CWNP CWNA-106 Practice Test, Buy Discount CWNP CWNA-106 Certification Exam With Low Price