Checkpoint 156-315 Exam Practice PDF, Sale Best Checkpoint 156-315 Certification Exams Download Guaranteed Success
The service establishes the baseline for ongoing sup-port and security management operations of the new environment. The key Checkpoint 156-315 exam sample questions benefit of this service is providing the capability for security organizations to internalize and adapt quickly to the FLYDUMPS Checkpoint 156-315 virtualized and cloud platforms to minimize transition risk. Analysts expect Checkpoint 156-315 to beat expectations aided by the new Checkpoint 156-315 Foundation contracts as the company holds a dominating position in this segment. Moreover, increasing adoption of cloud computing technology and expansions in the FLYDUMPS database will boost Checkpoint 156-315 demand for Checkpoint 156-315 exam sample questions, which in turn is Checkpoint 156-315 exam expected to drive top-line growth going forward.
QUESTION 200
Which of the following commands can be used to bind a NIC to a single processor when using a Performance Pack on SecurePlatform?
A. sim affinity
B. splat proc
C. set proc
D. fw fat path nic
Correct Answer: A
QUESTION 201
Review the Rule Base displayed.
“Pass Any Exam. Any Time.” – www.actualtests.com 78 Checkpoint 156-315.75 Exam For which rules will the connection templates be generated in SecureXL?
A. Rule nos. 2 and 5
B. Rule no. 2 only
C. All rules except rule no. 3
D. Rule nos. 2 to 5
Correct Answer: B
QUESTION 202
Your customer asks you about the Performance Pack. You explain to him that a Performance Pack is a software acceleration product which improves the performance of the Security Gateway. You may enable or disable this acceleration by either:
1) The command cpconfig
2) The command fwaccel on ff
What is the difference between these two commands?
A. Both commands function identically.
B. The fwaccel command determines the default setting. The command cpconfig can dynamically change the setting, but after the reboot it reverts to the default setting.
C. The command cpconfig works on the Security Platform only. The command fwaccel can be used on all platforms.
D. The cpconfig command enables acceleration. The command fwaccel can dynamically change the setting, but after the reboot it reverts to the default setting.
Correct Answer: D
QUESTION 203
Your customer complains of the weak performance of his systems. He has heard that Connection Templates accelerate traffic. How do you explain to the customer about template restrictions and how to verify that they are enabled?
“Pass Any Exam. Any Time.” – www.actualtests.com 79 Checkpoint 156-315.75 Exam
A. To enhance connection-establishment acceleration, a mechanism attempts to “group together” all connections that match a particular service and whose sole discriminating element is the source port. To test if connection templates are enabled, use the command fwaccel stat.
B. To enhance connection-establishment acceleration, a mechanism attempts to “group together” all connections that match a particular service and whose sole discriminating element is the destination port. To test if connection templates are enabled, use the command fwacel templates.
C. To enhance connection-establishment acceleration, a mechanism attempts to “group together” all connections that match a particular service and whose sole discriminating element is the destination port. To test if connection templates are enabled, use the command fw ctl templates.
D. To enhance connection-establishment acceleration, a mechanism attempts to “group together” all connections that match a particular service and whose sole discriminating element is the source port. To test if connection templates are enabled, use the command fw ctl templates.
Correct Answer: A
QUESTION 204
Frank is concerned with performance and wants to configure the affinities settings. His gateway does not have the Performance Pack running. What would Frank need to perform in order configure those settings?
A. Edit $FWDIR/conf/fwaffinity.conf and change the settings.
B. Edit affinity.conf and change the settings.
C. Run fw affinity and change the settings.
D. Run sim affinity and change the settings.
Correct Answer: A QUESTION 205
You are concerned that the processor for your firewall running NGX R71 SecurePlatform may be overloaded. What file would you view to determine the speed of your processor(s)?
A. cat /etc/cpuinfo
B. cat /proc/cpuinfo
C. cat /var/opt/CPsuite-R71/fw1/conf/cpuinfo
D. cat /etc/sysconfig/cpuinfo
Correct Answer: B QUESTION 206
Which of the following is NOT a restriction for connection template generation?
A. SYN Defender
B. ISN Spoofing
C. UDP services with no protocol type or source port mentioned in advanced properties
D. VPN Connections
Correct Answer: C QUESTION 207
In CoreXL, what process is responsible for processing incoming traffic from the network interfaces, securely accelerating authorized packets, and distributing non-accelerated packets among kernel instances?
A. NAD (Network Accelerator Daemon)
B. SND (Secure Network Distributor)
C. SSD (Secure System Distributor)
D. SNP (System Networking Process)
Correct Answer: B QUESTION 208
Due to some recent performance issues, you are asked to add additional processors to your firewall. If you already have CoreXL enabled, how are you able to increase Kernel instances?
A. Once CoreXL is installed you cannot enable additional Kernel instances without reinstalling R75.
B. In SmartUpdate, right-click on Firewall Object and choose Add Kernel Instances.
C. Use cpconfig to reconfigure CoreXL.
D. Kernel instances are automatically added after process installed and no additional configuration is needed.
Correct Answer: C QUESTION 209
Which of the following platforms does NOT support SecureXL?
A. Power-1 Appliance
B. IP Appliance
C. UTM-1 Appliance
D. UNIX Correct Answer: D QUESTION 210
Which of the following is NOT supported by CoreXL?
A. SmartView Tracker
B. Route-based VPN
C. IPS
D. IPV4
Correct Answer: B
QUESTION 211
If the number of kernel instances for CoreXL shown is 6, how many cores are in the physical machine?
A. 6
B. 8
C. 4
D. 12
Correct Answer: B
QUESTION 212
Which of the following is NOT accelerated by SecureXL?
A. Telnet
B. FTP
C. SSH
D. HTTPS
Correct Answer: B
QUESTION 213
To verify SecureXL statistics you would use the command ________?
A. fwaccel stats
B. fw ctl pstat
C. fwaccel top
D. cphaprob stat
Correct Answer: A
QUESTION 214
How can you disable SecureXL via the command line (it does not need to survive a reboot)?
A. cphaprob off
B. fw ctl accel off
C. securexl off
D. fwaccel off
Correct Answer: D
QUESTION 215
Which of these is a type of acceleration in SecureXL?
A. FTP
B. connection rate
C. GRE
D. QoS
Correct Answer: B QUESTION 216
The CoreXL SND (Secure Network Distributor) is responsible for:
A. distributing non-accelerated packets among kernel instances
B. accelerating VPN traffic
C. shutting down cores when they are not needed
D. changing routes to distribute the load across multiple firewalls
Correct Answer: A QUESTION 217
How can you verify that SecureXL is running?
A. cpstat os
B. fw ver
C. fwaccel stat
D. securexl stat
Correct Answer: C QUESTION 218
Which of the following services will cause SecureXL templates to be disabled?
A. TELNET
B. FTP
C. HTTPS
D. LDAP
Correct Answer: B QUESTION 219
How do you enable SecureXL (command line) on SecurePlatform?
A. fw securexl on
B. fw accel on
C. fwaccel on
D. fwsecurexl on
Correct Answer: C QUESTION 220
The following graphic illustrates which command being issued on SecurePlatform?
“Pass Any Exam. Any Time.” – www.actualtests.com 85 Checkpoint 156-315.75 Exam
A. fwaccel stats
B. fw accel stats
C. fw securexl stats
D. fwsecurexl stats
Correct Answer: A QUESTION 221
After Travis added new processing cores on his server, CoreXL did not use them. What would be the most plausible reason why? Travis did not:
A. edit the Gateway Properties and increase the kernel instances.
B. run cpconfig to increase the number of CPU cores.
C. edit the Gateway Properties and increase the number of CPU cores.
D. run cpconfig to increase the kernel instances.
Correct Answer: D QUESTION 222
Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen. What is the problem?
“Pass Any Exam. Any Time.” – www.actualtests.com 86 Checkpoint 156-315.75 Exam
A. Steve must enable directional_match(true) in the objects_5_0.C file on SmartCenter Server.
B. Steve must enable Advanced Routing on each Security Gateway.
C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Steve must enable a dynamic routing protocol, such as OSPF, on the Gateways.
E. Steve must enable VPN Directional Match on the gateway object’s VPN tab.
Correct Answer: C QUESTION 223
A SmartProvisioning Gateway could be a member of which VPN communities?
(i)
Center In Star Topology
(ii)
Satellite in Star Topology
(iii) Carter in Remote Access Community
(iv)
Meshed Community
A.
(ii) and (iii)
B.
All
C.
(i), (ii) and (iii)
D.
(ii) only
Correct Answer: A QUESTION 224
What process manages the dynamic routing protocols (OSPF, RIP, etc.) on SecurePlatform Pro?
A. gated
B. There’s no separate process, but the Linux default router can take care of that.
C. routerd
D. arouted
Correct Answer: A QUESTION 225
What is the command to enter the router shell?
A. gated
B. routerd
C. clirouter
D. router
Correct Answer: D
QUESTION 226
Which statement is TRUE for route-based VPN’s?
A. Route-based VPN’s replace domain-based VPN’s.
B. Route-based VPN’s are a form of partial overlap VPN Domain.
C. Dynamic-routing protocols are not required.
D. IP Pool NAT must be configured on each Gateway.
Correct Answer: C
QUESTION 227
VPN routing can also be configured by editing which file?
A. $FWDIR\conf\vpn_route.c
B. $FWDIR\bin\vpn_route.conf
C. $FWDIR\conf\vpn_route.conf
D. $FWDIR\VPN\route_conf.c
Correct Answer: C
QUESTION 228
If both domain-based and route-based VPN’s are configured, which will take precedence?
A. Must be chosen/configured manually by the Administrator in the Policy > Global Properties
B. Must be chosen/configured manually by the Administrator in the VPN community object
C. Domain-based
D. Route-based
Correct Answer: C
QUESTION 229
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. They are only supported on the IPSO Operating System.
B. VTIs cannot be assigned a proxy interface.
C. VTIs can only be physical, not loopback.
D. Local IP addresses are not configured, remote IP addresses are configured.
Correct Answer: A
QUESTION 230
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. VTIs must be assigned a proxy interface.
B. VTIs can only be physical, not loopback.
C. VTIs are only supported on SecurePlatform.
D. Local IP addresses are not configured, remote IP addresses are configured.
Correct Answer: A QUESTION 231
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. Local IP addresses are not configured, remote IP addresses are configured
B. VTI specific additional local and remote IP addresses are not configured
C. VTIs are only supported on SecurePlatform
D. VTIs cannot be assigned a proxy interface
Correct Answer: B QUESTION 232
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
A. VTIs are assigned only local addresses, not remote addresses
B. VTIs are only supported on IPSO
C. VTIs cannot share IP addresses
D. VTIs cannot use an already existing physical-interface IP address
Correct Answer: D QUESTION 233
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
A. VTIs can use an already existing physical-interface IP address
B. VTIs cannot share IP addresses
C. VTIs are supported on SecurePlatform Pro
D. VTIs are assigned only local addresses, not remote addresses
Correct Answer: C QUESTION 234
When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered?
A. 1, 3, and 4
B. 2 and 3
C. 1, 2, and 4
D. 1, 2, 3 and 4
Correct Answer: D QUESTION 235
How do you verify a VPN Tunnel Interface (VTI) is configured properly?
“Pass Any Exam. Any Time.” – www.actualtests.com 91 Checkpoint 156-315.75 Exam
A. vpn shell display <VTI name> detailed
B. vpn shell show <VTI name> detailed
C. vpn shell show interface detailed <VTI name>
D. vpn shell display interface detailed <VTI name>
Correct Answer: C QUESTION 236
What is used to validate a digital certificate?
A. S/MIME
B. CRL
C. IPsec
D. PKCS
Correct Answer: B QUESTION 237
Which statement defines Public Key Infrastructure? Security is provided:
A. by Certificate Authorities, digital certificates, and two-way symmetric-key encryption.
B. by Certificate Authorities, digital certificates, and public key encryption.
C. via both private and public keys, without the use of digital Certificates.
D. by authentication.
Correct Answer: B QUESTION 238
Match the VPN-related terms with their definitions:
“Pass Any Exam. Any Time.” – www.actualtests.com 92 Checkpoint 156-315.75 Exam
A. A-3,B-2, C-1, D-4
B. A-3, B-4, C-1, D-2
C. A-3, B-2, C-4, D-1
D. A-2, B-3, C-4, D-1
Correct Answer: C
QUESTION 239
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?
A. Manually import your partner’s Access Control List.
B. Manually import your partner’s Certificate Revocation List.
C. Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).
D. Create a new logical-server object to represent your partner’s CA.
Correct Answer: C
QUESTION 240
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
A. Communities > Communities
B. internal_clear > All_GwToGw
C. internal_clear > All_communities
D. Internal_clear > External_Clear “Pass Any Exam. Any Time.” – www.actualtests.com 93 Checkpoint 156-315.75 Exam
Correct Answer: C
QUESTION 241
Which of the following statements is FALSE regarding OSPF configuration on SecurePlatform Pro?
A. router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all Gateways.
B. router ospf 1 creates the Router ID for the Security Gateway and should be different for all Gateways.
C. router ospf 1 creates an OSPF routing instance and this process ID should be different for each Security Gateway.
D. router ospf 1 creates an OSPF routing instance and this process ID should be the same on all Gateways.
Correct Answer: D
QUESTION 242
If you need strong protection for the encryption of user data, what option would be the BEST choice?
A. When you need strong encryption, IPsec is not the best choice. SSL VPN’s are a better choice.
B. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.
C. Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.
D. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
Correct Answer: D
QUESTION 243
“Pass Any Exam. Any Time.” – www.actualtests.com 94 Checkpoint 156-315.75 Exam Review the following list of actions that Security Gateway R75 can take when it controls packets. The Policy Package has been configured for Simplified Mode VPN. Select the response below that includes the available actions:
A. Accept, Drop, Encrypt, Session Auth
B. Accept, Drop, Reject, Client Auth
C. Accept, Hold, Reject, Proxy
D. Accept, Reject, Encrypt, Drop
Correct Answer: B
QUESTION 244
Your organization maintains several IKE VPN’s. Executives in your organization want to know which mechanism Security Gateway R75 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?
A. Digital signatures
B. Certificate Revocation Lists
C. Key-exchange protocols
D. Application Intelligence
Correct Answer: A QUESTION 245
There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:
A. Probe links for availability.
B. Use links based on Day/Time.
C. Assign links to specific VPN communities.
D. Use links based on authentication method.
Correct Answer: A QUESTION 246
There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:
A. Assign links to use Dynamic DNS.
B. Use links based on authentication method.
C. Use links based on Day/Time.
D. Use Load Sharing to distribute VPN traffic.
Correct Answer: D QUESTION 247
There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:
A. Assign links to specific VPN communities.
B. Assign links to use Dynamic DNS.
C. Use links based on services.
D. Prohibit Dynamic DNS.
Correct Answer: C QUESTION 248
There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:
A. Use links based on Day/Time.
B. Set up links for Remote Access.
C. Assign links to specific VPN communities.
D. Assign links to use Dynamic DNS.
Correct Answer: B QUESTION 249
What type of object may be explicitly defined as a MEP VPN?
A. Mesh VPN Community
B. Any VPN Community
C. Remote Access VPN Community
D. Star VPN Community
Correct Answer: D
QUESTION 250
MEP VPN’s use the Proprietary Probing Protocol to send special UDP RDP packets to port ____ to discover if an IP is accessible.
A. 259
B. 256
C. 264
D. 201
Correct Answer: A
QUESTION 251
Which of the following statements is TRUE concerning MEP VPN’s?
A. State synchronization between Secruity Gateways is required.
B. MEP VPN’s are not restricted to the location of the gateways.
C. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first connection fail.
D. MEP Security Gateways cannot be managed by separate Management Servers.
Correct Answer: B
QUESTION 252
Which of the following statements is TRUE concerning MEP VPN’s?
A. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first connection fail.
B. MEP Security Gateways can be managed by separate Management Servers.
C. MEP VPN’s are restricted to the location of the gateways.
D. State synchronization between Secruity Gateways is required.
Correct Answer: B
QUESTION 253
Which of the following statements is TRUE concerning MEP VPN’s?
A. State synchronization between Security Gateways is NOT required.
B. MEP Security Gateways cannot be managed by separate Management Servers.
C. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first connection fail.
D. MEP VPN’s are restricted to the location of the gateways.
Correct Answer: A
QUESTION 254
Which of the following statements is TRUE concerning MEP VPN’s?
A. MEP Security Gateways cannot be managed by separate Management Servers.
B. MEP VPN’s are restricted to the location of the gateways.
C. The VPN Client selects which Security Gateway takes over, should the first connection fail.
D. State synchronization betweened Secruity Gateways is required.
Correct Answer: C QUESTION 255
You need to publish SecurePlatform routes using the ospf routing protocol. What is the correct command structure, once entering the route command, to implement ospf successfully?
A. Run cpconfig utility to enable ospf routing
B. ip route ospf ospf network1 ospf network2
C. Enable Configure terminal Router ospf [id] Network [network] [wildmask] area [id]
D. Use DBedit utility to either the objects_5_0.c file
Correct Answer: C QUESTION 256
At what router prompt would you save your OSPF configuration?
A. localhost.localdomain(config)#
B. localhost.localdomain(config-if)#
C. localhost.localdomain#
D. localhost.localdomain(config-router-ospf)#
Correct Answer: C QUESTION 257
What is the router command to save your OSPF configuration?
A. save memory
B. write config
C. save
D. write mem
Correct Answer: D QUESTION 258
What is the command to show OSPF adjacencies?
A. show ospf interface
B. show ospf summary-address
C. show running-config
D. show ip ospf neighbor
Correct Answer: D QUESTION 259
A VPN Tunnel Interface (VTI) is defined on SecurePlatform Pro as: vpn shell interface add numbered 10.10.0.1 10.10.0.2 madrid.cp What do you know about this VTI?
A. 10.10.0.1 is the local Gateway’s internal interface, and 10.10.0.2 is the internal interface of the remote Gateway.
B. The peer Security Gateway’s name is madrid.cp.
C. The VTI name is madrid.cp.
D. The local Gateway’s object name is madrid.cp.
Correct Answer: B QUESTION 260
Which of the following operating systems support numbered VTI’s?
A. SecurePlatform Pro
B. Solaris
C. IPSO 4.0 +
D. Windows Server 2008
Correct Answer: A QUESTION 261
Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?
A. Domain-based VPN
B. Route-based VPN
C. Subnet-based VPN
D. Host-based VPN
Correct Answer: B QUESTION 262
You have installed SecurePlatform R75 as Security Gateway operating system. As company requirements changed, you need the VTI features of R75. What should you do?
A. Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokia appliances.
B. In SmartDashboard click on the OS drop down menu and choose SecurePlatform Pro. You have to reboot the Security Gateway in order for the change to take effect.
C. Type pro enable on your Security Gateway and reboot it.
D. You have to re-install your Security Gateway with SecurePlatform Pro R75, as SecurePlatform R75 does not support VTIs.
Correct Answer: C QUESTION 263
Which operating system(s) support(s) unnumbered VPN Tunnel Interfaces (VTIs) for route-based VPN’s?
“Pass Any Exam. Any Time.” – www.actualtests.com 101 Checkpoint 156-315.75 Exam
A. Solaris 9 and higher
B. IPSO 3.9 and higher
C. Red Hat Linux
D. SecurePlatform for NGX and higher
Correct Answer: B QUESTION 264
You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?
A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
B. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.
C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
D. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain
Correct Answer: D
QUESTION 265
When configuring a Permanent Tunnel between two gateways in a Meshed VPN community, in what object is the tunnel managed?
A. VPN Community object
B. Each participating Security Gateway object
C. Security Management Server “Pass Any Exam. Any Time.” – www.actualtests.com 102 Checkpoint 156-315.75 Exam
D. Only the local Security Gateway object
Correct Answer: A
QUESTION 266
Which of the following commands would you run to remove site-to-site IKE and IPSec Keys?
A. vpn tu
B. ikeoff
C. vpn export_p12
D. vpn accel off
Correct Answer: A
QUESTION 267
Which of the following log files contains information about the negotiation process for encryption?
A. ike.elg
B. iked.elg
C. vpnd.elg
D. vpn.elg
Correct Answer: A
QUESTION 268
Which of the following log files contains verbose information regarding the negotiation process and other encryption failures?
A. iked.elg
B. ike.elg
C. vpn.elg
D. vpnd.elg
Correct Answer: D QUESTION 269
What is the most common cause for a Quick mode packet 1 failing with the error “No Proposal Chosen” error?
A. The OS and patch level of one gateway does not match the other.
B. The previously established Permanent Tunnel has failed.
C. There is a network connectivity issue.
D. The encryption strength and hash settings of one peer does not match the other.
Correct Answer: D QUESTION 270
Which component receives events and assigns severity levels to the events; invokes any defined automatic reactions, and adds the events to the Events Data Base?
A. SmartEvent Analysis DataServer
B. SmartEvent Client
C. SmartEvent Correlation Unit
D. SmartEvent Server
Correct Answer: D QUESTION 271
The ______________ contains the Events Data Base.
A. SmartEvent Client
B. SmartEvent Correlation Unit
C. SmartEvent DataServer
D. SmartEvent Server
Correct Answer: D QUESTION 272
The SmartEvent Correlation Unit:
A. adds events to the events database.
B. assigns a severity level to an event.
C. analyzes each IPS log entry as it enters the Log server.
D. displays the received events.
Correct Answer: C QUESTION 273
The SmartEvent Server:
A. analyzes each IPS log entry as it enters the Log server.
B. displays the received events.
C. forwards what is known as an event to the SmartEvent Server.
D. assigns a severity level to an event.
Correct Answer: D QUESTION 274
The SmartEvent Client:
A. analyzes each IPS log entry as it enters the Log server.
B. displays the received events.
C. adds events to the events database.
D. assigns a severity level to an event.
Correct Answer: B QUESTION 275
The SmartEvent Correlation Unit:
A. adds events to the events database.
B. displaya the received events.
C. looks for patterns according to the installed Event Policy.
D. assigns a severity level to an event.
Correct Answer: C QUESTION 276
The SmartEvent Correlation Unit:
A. adds events to the events database.
B. assigns a severity level to an event.
C. forwards what is identified as an event to the SmartEvent server.
D. displays the received events.
Correct Answer: C QUESTION 277
The SmartEvent Server:
A. displays the received events
B. adds events to the events database
C. invokes defined automatic reactions
D. analyzes each IPS log entry as it enters the Log server
Correct Answer: C QUESTION 278
What are the 3 main components of the SmartEvent Software Blade?
A. i. ii. iii
B. iv, v, vi
C. i, iv, v
D. i, iii, iv
Correct Answer: C
QUESTION 279
How many Events can be shown at one time in the Event preview pane?
A. 5,000
B. 30,000 C. 15,000
D. 1,000
Correct Answer: B QUESTION 280
You are reviewing computer information collected in ClientInfo. You can NOT:
A. Enter new credential for accessing the computer information.
B. Save the information in the active tab to an .exe file.
C. Copy the contents of the selected cells.
D. Run Google.com search using the contents of the selected cell. “Pass Any Exam. Any Time.” – www.actualtests.com 107 Checkpoint 156-315.75 Exam
Correct Answer: B
QUESTION 281
Which of the following is NOT a SmartEvent Permission Profile type?
A. Events Database
B. View
C. No Access
D. Read/Write
Correct Answer: B QUESTION 282
What is the SmartEvent Correlation Unit’s function?
A. Assign severity levels to events.
B. Display received threats and tune the Events Policy.
C. Analyze log entries, looking for Event Policy patterns.
D. Invoke and define automatic reactions and add events to the database.
Correct Answer: C QUESTION 283
What is the SmartEvent Analyzer’s function?
A. Assign severity levels to events.
B. Analyze log entries, looking for Event Policy patterns.
C. Display received threats and tune the Events Policy.
D. Generate a threat analysis report from the Analyzer database.
Correct Answer: A QUESTION 284
What is the SmartEvent Client’s function?
A. Display received threats and tune the Events Policy.
B. Generate a threat analysis report from the Reporter database.
C. Invoke and define automatic reactions and add events to the database.
D. Assign severity levels to events. Correct Answer: A
QUESTION 285
A tracked SmartEvent Candidate in a Candidate Pool becomes an Event. What does NOT happen in the Analyzer Server?
A. SmartEvent provides the beginning and end time of the Event.
B. The Correlation Unit keeps adding matching logs to the Event.
C. The Event is kept open, but condenses many instances into one Event.
D. SmartEvent stops tracking logs related to the Candidate.
Correct Answer: D QUESTION 286
How many pre-defined exclusions are included by default in SmartEvent R75 as part of the product installation?
A. 3
B. 0
C. 5
D. 10
Correct Answer: A QUESTION 287
What is the purpose of the pre-defined exclusions included with SmartEvent R75?
A. To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71.
B. To allow SmartEvent R75 to function properly with all other R71 devices.
C. To give samples of how to write your own exclusion.
D. As a base for starting and building exclusions.
Correct Answer: A QUESTION 288
What is the benefit to running SmartEvent in Learning Mode?
A. There is no SmartEvent Learning Mode
B. To run SmartEvent with preloaded sample data in a test environment
C. To run SmartEvent, with a step-by-step online configuration guide for training/setup purposes
D. To generate a report with system Event Policy modification suggestions
Correct Answer: D QUESTION 289
______________ is NOT an SmartEvent event-triggered Automatic Reaction.
A. SNMP Trap
B. Mail
C. Block Access
D. External Script
Correct Answer: C QUESTION 290
For best performance in Event Correlation, you should use:
A. IP address ranges
B. Large groups
C. Nothing slows down Event Correlation
D. Many objects
Correct Answer: A
QUESTION 291
What access level cannot be assigned to an Administrator in SmartEvent?
A. No Access
B. Write only
C. Read only
D. Events Database
Correct Answer: B
QUESTION 292
_______________ manages Standard Reports and allows the administrator to specify automatic uploads of reports to a central FTP server.
A. SmartDashboard Log Consolidator
B. SmartReporter
C. Security Management Server
D. SmartReporter Database
Correct Answer: B
QUESTION 293
_____________ generates a SmartEvent Report from its SQL database.
A. SmartEvent Client
B. Security Management Server
C. SmartReporter
D. SmartDashboard Log Consolidator
Correct Answer: C
QUESTION 294
Which SmartReporter report type is generated from the SmartView Monitor history file?
A. Custom
B. Express
C. Traditional
D. Standard
Correct Answer: B
QUESTION 295
Which Check Point product is used to create and save changes to a Log Consolidation Policy?
A. SmartReporter Client
B. Security Management Server
C. SmartDashboard Log Consolidator
D. SmartEvent Server
Correct Answer: C QUESTION 296
“Pass Any Exam. Any Time.” – www.actualtests.com 112 Checkpoint 156-315.75 Exam Which Check Point product implements a Consolidation Policy?
A. SmartReporter
B. SmartView Monitor
C. SmartLSM
D. SmartView Tracker
Correct Answer: A QUESTION 297
You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other. How would you accomplish this?
A. Define the two port-scan detections as an exception.
B. Select the two port-scan detections as a new event.
C. Select the two port-scan detections as a sub-event.
D. You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.
Correct Answer: A QUESTION 298
When do modifications to the Event Policy take effect?
A. When saved on the Correlation Units, and pushed as a policy.
B. As soon as the Policy Tab window is closed.
C. When saved on the SmartEvent Client, and installed on the SmartEvent Server.
D. When saved on the SmartEvent Server and installed to the Correlation Units.
Correct Answer: D QUESTION 299
“Pass Any Exam. Any Time.” – www.actualtests.com 113 Checkpoint 156-315.75 Exam To back up all events stored in the SmartEvent Server, you should back up the contents of which folder(s)?
A. $FWDIR/distrib
B. $FWDIR/distrib_db and $FWDIR/events
C. $RTDIR/distrib and $RTDIR/events_db
D. $RTDIR/events_db
Correct Answer: C QUESTION 300
To clean the system of all events, you should delete the files in which folder(s)?
A. $RTDIR/distrib and $RTDIR/events_db
B. $RTDIR/events_db
C. $FWDIR/distrib_db and $FWDIR/events
D. $FWDIR/distrib
Correct Answer: A QUESTION 301
What SmartConsole application allows you to change the Log Consolidation Policy?
A. SmartDashboard
B. SmartReporter
C. SmartUpdate
D. SmartEvent Server
Correct Answer: A QUESTION 302
Checkpoint 156-315 is just about the most desired and well-known It all accreditation companies or accreditation corporations, but it presents this is wide range of top quality and special accreditation exams. Checkpoint 156-315 is an extremely reliable including a incredibly valid accreditation. FLYDUMPS qualified experts to bring up to date FLYDUMPS PRF exam sample questions cost accreditation education elements often to take care of precision and top quality. We’re presenting modified and appropriate FLYDUMPS Checkpoint 156-315 exam sample questions having reasons and Checkpoint 156-315 test to hundreds of productive review applicants at this point.