Checkpoint 156-315 Real Testing, Best Checkpoint 156-315 Cert With 100% Pass Rate
Flydumps ensures Checkpoint 156-315 study guide are the newest and valid enough to help you pass the test.Please visit Flydumps.com and get valid Checkpoint 156-315 PDF and VCE exam dumps with free new version.100% valid and success.
QUESTION 87
Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?
A. FTP
B. SMTP
C. Telnet
D. HTTP
E. rlogin
Correct Answer: B
QUESTION 88
Which OPSEC server is used to prevent users from accessing certain Web sites?
A. LEA
B. URI
C. UFP
D. AMON
E. CVP
Correct Answer: C
QUESTION 89
You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade?
A. Only VPN-1 Pro Security Gateway
B. Both the operating system (OS) and all Check Point products
C. All products, except the Policy Server
D. Only the patch utility is upgraded using this command
E. Only the OS
Correct Answer: B
QUESTION 90
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four
machines with the following configurations:
Cluster Member 1: OS: SecurePlatform, NICs: QuadCard, memory: 256 MB, Security Gateway version:
VPN-1 NGX
Cluster Member 2: OS: SecurePlatform, NICs: four Intel 3Com, memory: 512 MB, Security Gateway
version: VPN-1 NGX Cluster Member 3: OS: SecurePlatform, NICs: four other manufacturers, memory:
128 MB, Security Gateway version: VPN-1 NGX SmartCenter Pro Server: MS Windows Server 2003, NIC:
Intel NIC (one), Security Gateway and primary SmartCenter Server installed version: VPN-1 NGX
Are these machines correctly configured for a ClusterXL deployment?
A. No, the SmartCenter Pro Server is not using the same operating system as the cluster members.
B. Yes, these machines are configured correctly for a ClusterXL deployment.
C. No, Cluster Member 3 does not have the required memory.
D. No, the SmartCenter Pro Server has only one NIC.
Correct Answer: B
QUESTION 91
You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional connections are allowed in the Action properties. If traffic passing through the QoS Module matches both rules, which of the following statements is true?
A. Neither rule will be allocated more than 10% of available bandwidth.
B. The H.323 rule will consume no more than 2048 Kbps of available bandwidth.
C. 50% of available bandwidth will be allocated to the H.323 rule.
D. 50% of available bandwidth will be allocated to the Default Rule.
E. Each H.323 connection will receive at least 512 Kbps of bandwidth.
Correct Answer: B
QUESTION 92
Wayne configures an HTTP Security Server to work with the content vectoring protocol to screen forbidden sites. He has created a URI resource object using CVP with the following settings:
Use CVP Allow CVP server to modify content Return data after content is approved
He adds two rules to his Rule Base: one to inspect HTTP traffic going to known forbidden sites, the other to allow all other HTTP traffic.
Wayne sees HTTP traffic going to those problematic sites is not prohibited.
What could cause this behavior?
A. The Security Server Rule is after the general HTTP Accept Rule.
B. The Security Server is not communicating with the CVP server.
C. The Security Server is not configured correctly.
D. The Security Server is communicating with the CVP server, but no restriction is defined in the CVP server.
Correct Answer: A
QUESTION 93
You have an internal FTP server, and you allow uploading, but not downloading. Assume Network Address Translation (NAT) is set up correctly and you want to add an inbound rule with: Source: Any Destination: FTP server Service: an FTP resource object.
How do you configure the FTP resource object and the action column in the rule to achieve this goal?
A. Disable “Get” and “Put” methods in the FTP Resource Properties and use them in the rule, with action accept.
B. Enable both “Put” and “Get” methods in the FTP Resource Properties and use them in the rule, with action drop.
C. Enable only the “Get” method in the FTP Resource Properties and use this method in the rule, with action accept.
D. Enable only the “Put” method in the FTP Resource Properties and use this method in the rule, with action drop.
E. Enable only “Put” method in the FTP Resource Properties and use this method in the rule, with action accept.
Correct Answer: E
QUESTION 94
Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen.
What is the problem?
A. Steve must enable directional_match(true) in the objects_5_0.C file on SmartCenter Server.
B. Steve must enable Advanced Routing on each Security Gateway.
C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Steve must enable a dynamic-routing protocol, such as OSPF, on the Gateways.
E. Steve must enable VPN Directional Match on the gateway object’s VPN tab.
Correct Answer: C
QUESTION 95
How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_A to end point Net_B, through an NGX Security Gateway?
A. Net_A/Net_B/VoIP_any/accept
B. Net_A/Net_B/sip and sip_any/accept
C. Net_A/Net_B/VoIP/accept
D. Net_A/Net_B/sip_any/accept
Correct Answer: D
QUESTION 96
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule
Correct Answer: A
QUESTION 97
How can you completely tear down a specific VPN tunnel in an intranet IKE VPN deployment?
A. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.
B. Run the command vpn tu on the SmartCenter Server, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.
C. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for a given peer (GW)”.
D. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for a given user (Client)”.
E. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for ALL peers and users”.
Correct Answer: C
QUESTION 98
Which operating system is NOT supported by VPN-1 SecureClient?
A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 8.0
E. MacOS X
Correct Answer: A
QUESTION 99
VPN-1 NGX supports VoIP traffic in all of the following environments, except which environment?
A. H.509-b
B. SIP
C. MGCP
D. H.323
E. SCCP
Correct Answer: A
This volume is part of the Exam Certification Guide Series from Checkpoint 156-315. Checkpoint 156-315 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Checkpoint 156-315 Certification candidates identify weaknesses,concentrate their study efforts,and enhance their confidence as Checkpoint 156-315 exam day nears.