156-315.1 Dumps | CheckPoint

Latest 156-315 Real Exam Download 181-190

November 10, 2013

Ensurepass

QUESTION 181

What proprietary Check Point protocol is the basis of the functionality of Check Point ClusterXL inter-module communication?

 

A. RDP

B. IPSec

C. CCP

D. HA OPCODE

E. CKPP

 

Answer: C

 

 

QUESTION 182

Which of the following is part of the PKI? Select all that apply.

 

A. User certificate

B. Attribute Certificate

C. Certificate Revocation Lists

D. Public-key certificate

 

Answer: A,C,D

 

 

QUESTION 183

Which of the following are valid PKI architectures?

 

A. mesh architecture

B. Bridge architecture

C. Gateway architecture

D. Hierarchical architecture

 

Answer: A,C,D

 

 

QUESTION 184

Which of the following are valid reasons for beginning with a fresh installation VPN-1 NGX R65, instead of upgrading a previous version to VPN-1 NGX R65? Select all that apply.

 

A. You see a more logical way to organize your rules and objects

B. You want to keep your Check Point configuration.

C. Your Security Policy includes rules and objects whose purpose you do not know.

D. Objects and rules’ naming conventions have changed over time.

 

Answer: A,C,D

 

 

QUESTION 185

Public keys and digital certificates provide which of the following? Select three.

 

A. nonrepudiation

B. Data integrity

C. Availability

D. Authentication

 

Answer: A,B,D

 

 

QUESTION 186

Which of the following uses the same key to decrypt as it does to encrypt?

 

A. dynamic encryption

B. Certificate-based encryption

C. static encryption

D. Symmetric encryption

E. Asymmetric encryption

 

Answer: D

 

 

QUESTION 187

Which of the following happen when using Pivot Mode in ClusterXL? Select all that apply.

 

A. The Pivot forwards the packet to the appropriate cluster member.

B. The Security Gateway analyzes the packet and forwards it to the Pivot.

C. The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.

D. The Pivot’s Load Sharing decision function decides which cluster member should handle the packet.

 

Answer: A,C,D

 

 

QUESTION 188

Central License management allows a Security Administrator to perform which of the following? Select all that apply.

 

A. Attach and/or delete only NGX Central licenses to a remote module (not Local licenses)

B. Check for expired licenses

C. Add or remove a license to or from the license repository

D. Sort licenses and view license properties

E. Delete both NGX Local licenses and Central licenses from a remote module

F. Attach both NGX Central and Local licenses to a remote moduel

 

Answer: A,B,C,D

 

 

QUESTION 189

How should Check Point packages be uninstalled?

 

A. In the same order in which the installation wrapper initially installed from.

B. In the opposite order in which the installation wrapper initially installed them.

C. In any order, CPsuite must be the last package uninstalled

D. In any order as long as all packages are removed

 

Answer: B

 

 

QUESTION 190

You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting “All IP Addresses behind Gateway based on Topology information.”

You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.

What is the problem and how do you make the VPN to use the VTI tunnels?

 

A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community.

B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain

C. Route-based VTI takes precedence over the Domain VPN. To Make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes.

D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.

 

Answer: B

 

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.