CheckPoint 156-215.75 Online Practice Questions and Exam Preparation

CheckPoint 156-215.75 Online Questions & Answers

• Question 401:

  You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?

  A. The guarantee of one of the rule's sub-rules exceeds the guarantee in the rule itself.
  B. The number of guaranteed connections is exceeded. The rule's action properties are not set to accept additional connections.
  C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.
  D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.
  B. The number of guaranteed connections is exceeded. The rule's action properties are not set to accept additional connections.

• Question 402:

  The CoreXL SND (Secure Network Distributor) is responsible for:

  A. distributing non-accelerated packets among kernel instances
  B. accelerating VPN traffic
  C. shutting down cores when they are not needed
  D. changing routes to distribute the load across multiple firewalls
  A. distributing non-accelerated packets among kernel instances

• Question 403:

  Stephanie wants to reduce the encryption overhead and improve performance for her mesh VPN Community. The Advanced VPN Properties screen below displays adjusted page settings:What can Stephanie do to achieve her goal?

  

  A. Check the box "Use Perfect Forward Secrecy"
  B. Change the setting "Use DiffiE. Hellman group" to "Group 5 (1536 bit)"
  C. Check the box "Use aggressive mode"
  D. Check the box "Support IP compression"
  E. Reduce the setting "Renegotiate IKE security associations every" to "720"
  D. Check the box "Support IP compression"

• Question 404:

  Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization's three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?

  A. The related end points domain specifies an address range.
  B. VoIP Domain SIP objects cannot be placed in simple groups.
  C. The installed VoIP gateways specify host objects.
  D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
  E. The VoIP Domain SIP object's name contains restricted characters.
  B. VoIP Domain SIP objects cannot be placed in simple groups.

• Question 405:

  Which of the following commands would you run to remove site-to-site IKE and IPSec Keys?

  A. vpn tu
  B. ikeoff
  C. vpn export_p12
  D. vpn accel off
  A. vpn tu

• Question 406:

  To clean the system of all events, you should delete the files in which folder(s)?

  A. $RTDIR/distrib and $RTDIR/events_db
  B. $RTDIR/events_db
  C. $FWDIR/distrib_db and $FWDIR/events
  D. $FWDIR/distrib
  A. $RTDIR/distrib and $RTDIR/events_db

• Question 407:

  When Converting Gateways to SmartLSM Security Gateways, you can:

  A. do nothing, the conversion is automatic.
  B. delete the device and re-install it in SmartProvisioning.
  C. reset SIC and re-establish communication with the new SmartProvisioning.
  D. convert a Security Gateway or UTM-1 Edge Gateway managed with SmartDashboard to a SmartLSM Security Gateway managed with SmartProvisioning.
  D. convert a Security Gateway or UTM-1 Edge Gateway managed with SmartDashboard to a SmartLSM Security Gateway managed with SmartProvisioning.

• Question 408:

  After installing VPN-1 Pro NGQ R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?

  A. The NIC is faulty. Replace it and reinstall.
  B. Make sure the driver for you particular NIC is available, and reinstall. You will be prompted for the driver.
  C. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the Web UI,
  D. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA).
  C. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the Web UI,

• Question 409:

  Your organization's disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R75 installation. Your plan must meet the following required and desired objectives: Upon evaluation, your plan:

  

  A. Meets the required objective and only one desired objective
  B. Meets the required objective and both desired objectives
  C. Meets the required objective but does not meet either desired objective
  D. Does not meet the required objective
  B. Meets the required objective and both desired objectives

• Question 410:

  When synchronizing clusters, which of the following statements are true?

  Select all that apply.

  A. Only cluster members running on the same OS platform can be synchronized.
  B. Client Auth or Session Auth connections through a cluster member will be lost of the cluster member fails.
  C. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.
  D. In the case of a failover, accounting information on the failed member may be lost despite a properly
  A. Only cluster members running on the same OS platform can be synchronized.
  B. Client Auth or Session Auth connections through a cluster member will be lost of the cluster member fails.
  C. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.