The Check Point Security Gateway's virtual machine (kernel) exists between which two layers of the OSI model?
A. Physical and Data Link layers
B. Application and Presentation layers
C. Network and Data Link layers
D. Session and Network layers
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
A. VTIs are supported on SecurePlatform
B. VTIS cannot share IP addresses
C. VTIs can use an already existing physical-interface IP address
D. VTIS are assigned only local addresses, not remote addresses
Which NGX R65 logs can you configure to send to DShield.org?
A. SNMP and account logs
B. Alert and user-defined alert logs
C. Account and alert logs
D. Audit and alert logs
Where can an administrator configure the notification action in the event of a policy install time change?
A. SmartDashboard: Policy Package Manager
B. SmartView Tracker: Audit Log
C. SmartView Monitor: Global Thresholds
D. SmartDashboard: Security Gateway Object: Advanced Properties Tab
You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal network as defined on the Topology tab setting "All IP Addresses behind Gateway based on Topology information." You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPSec tunnels instead of the routed VTI tunnels. What is the problem and how do you make the VPN to use the VTI tunnels?
A. Route-based VTI takes precedence over the Domain VPN. Troubleshootthe static route entries to insure that they are correctly pointing to the VTI gateway IP
B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
D. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain
In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
A. Do nothing. Old logs are deleted, until free space is restored.
B. Do nothing. The SmartCenter Server automatically copies old logs to a backup server before purging.
C. Use the fwm logexport command to export the old log files to other location.
D. Configure a script to run fw logswitch and SCP the output file to a separate file server.
What is a Consolidation Policy?
A. A global Policy used to share a common enforcement policy for multiple similar Security Gateways
B. The collective name of the logs generated by Eventia Reporter
C. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
D. The specific Policy written in SmartDashboard to configure which log data is stored in the Eventia Reporter database
A third shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. How would you check this using SmartConsole?
A. SmartView Monitor
B. SmartView Tracker
C. Eventia Analyzer
D. This information can only be viewed with fw ctl pstat command from the CLI.
Your online bookstore has customers connecting to a variety of Web servers to place or change orders, and check order status. You ran penetration tests through the Security Gateway, to determine if the Web servers were protected from a recent series of cross-site scripting attacks. The penetration testing indicated the Web servers were still vulnerable. You have checked every box in the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?
A. Configure the Security Gateway protecting the Web servers as a Web server.
B. Check the "Products > Web Server" box on the host node objects representing your Web servers.
C. Configure resource objects as Web servers, and use them in the rules allowing HTTP traffic to the Web servers.
D. The penetration software you are using is malfunctioning and is reporting a false- positive.
You want to establish a VPN, using Certificates. Your VPN will exchange Certificates with an external partner. Which of the following activities should you dc first?
A. Exchange exported CAkeys and uses them to create a new server object to represent your partner's Certificate Authority (CA).
B. Manually import your partner's Access Control List.
C. Manually import your partner's Certificate Revocation List.
D. Create a new logical-server object to represent your partner's CA.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-915.65 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.