Latest Real 156-915.76 Tests Dumps 0nd VCE Exam Questions 291-300

April 27, 2014



The following is cphaprob state command output from one New Mode High Availability ClusterXL cluster member:Which member will be active after member fails over and is rebooted?


A. Both members’ state will be collision.



D. Both members’ state will be active.


Answer: B




Match the remote-access VPN Connection mode features with their descriptions:


A. A 3, B 4, C 2, D 1

B. A 2, B 3, C 4, D 1

C. A 2, B 4, C 3, D 1

D. A 1. B 3, C 4, D 2


Answer: B




The following configuration is for VPN-1 NGX R76:ls this configuration correct for Management High Availability?


A. No, the SmartCenter Servers must be installed on the same operating system.

B. No, the SmartCenter Servers do not have the same number of NICs.

C. No, an NGXR76 SmartCenter Server cannot run on Red Hat Linux 7.3.

D. NO, the SmartCenter Servers must reside on the same network.


Answer: A




In New Mode HA, the internal cluster IP VIP address is The internal interfaces on two members are and Internal host Pings, and receives replies. The following is the ARP table from the internal Windows host to the output, which member is the standby machine?



B. The standby machine cannot be determined by this test.




Answer: A




What is the best tool to produce a report which represents historical system information?


A. Eventia Reporter-Standard Reports

B. Smartview Monitor

C. SmartView Tracker

D. Eventia Reporter-Express Reports


Answer: D




To clean the system of all events, you should delete the files in which folder(s)?


A. $FWDIRdistrib

B. $FWDIRevents_dp

C. $FWDIRdistrib and $RTDIR/events_db

D. $FWDIR/distrib_db and SFWDIR/events


Answer: C




John is the Mega Corp Security Administrator, and is using Check Point R76. Malcolm is the Security Administrator of a partner company and is using a different vendor’s product and both have to build a VPN tunnel between their companies. Both are using clusters with Load Sharing for their firewalls and John is using ClusterXL as a Check Point clustering solution. While trying to establish the VPN, they are constantly noticing problems and the tunnel is not stable and then Malcolm notices that there seems to be 2 SPIs with the same IP from the Check Point site. How can they solve this problem and stabilize the tunnel?


A. This can easily be solved by using the Sticky decision function in ClusterXL.

B. This can be solved by running the command “Sticky VPN” on the Check Point CLI. This keeps the VPN Sticky to one member and the problem is resolved.

C. This can be solved when using clusters; they have to use single firewalls.

D. This is surely a problem in the ISPs network and not related to the VPN configuration.


Answer: A




Which of the following commands can be used to bind a NIC to a single processor when using a Performance Pack on SecurePlatform?


A. sim affinity

B. splat proc

C. set proc

D. fw fat path nic


Answer: A




Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?


A. Global Properties

B. QoS Class objects

C. $CPDIR/conf/qos_props.pf

D. Check Point gateway object properties


Answer: A




Which of these four Check Point QoS technologies prevents the transmission of redundant packets when multiple copies of a packet are concurrently queued on the same flow?


A. Weighted Flow Random Early Drop (WFRED)

B. Retransmission Detection Early Drop (RDED)

C. Intelligent Queuing Engine

D. Stateful Inspection


Answer: B




Which of the following components receives events and assigns severity levels to the events; then invokes any defined automatic reactions and adds the events to the Events Data Base?


A. IPS Event Analysis DataServer


B. IPS Event Analysis Client

C. IPS Event Correlation Unit

D. IPS Event Analysis Server


Answer: D




How does ClusterXL Unicast mode handle new traffic?


A. The pivot machine receives all the packets and runs an algorithm to determine which member should process the packets.

B. All cluster members process all packets and members synchronize with each other. The pivot is responsible for the master sync catalog.

C. The pivot machine receives and inspects all new packets then synchronizes the connections with other members.

D. All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.


Answer: A




In the following command, LSMcli [-d] <server> <user> <pswd> <action> “server” should be replaced with:


A. Hostname DAIP device

B. Hostname of ROBO gateway

C. GUI client

D. IP address of the Security Management server


Answer: D




You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting “All IP Addresses behind Gateway based on Topology information.”

You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.


A. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes.

B. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.

C. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain.

D. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community.


Answer: C




Even after configuring central logging on Connectra, Connectra logs are not displaying in SmartView Tracker. What could be the cause of this problem?


A. R76 does not support a host object with the same IP address as a Management Server used as secondary log server or management station.

B. You must install the Security Policy, and try again.

C. You must install the Management Server database.

D. You must reestablish logging from Connectra to the Management Server, using a dummy log- server object.


Answer: C




How many IPS Events can be shown at one time in the Event preview pane?


A. 1,000

B. 30,000

C. 15,000

D. 5,000


Answer: B




What cluster mode is represented in this case?

1 (local) 100% active

2 0% standby


A. 3rd party cluster

B. Load Sharing (multicast mode)

C. Load Sharing Unicast (Pivot) mode

D. HA (New mode).


Answer: D




For best performance in Event Correlation, you should use:


A. Nothing slows down Event Correlation

B. Many objects

C. Large groups

D. IP address ranges


Answer: D




If SmartWorkflow is configured to work without Sessions or Role Segregation, how does the SmartDashboard function?


A. The SmartDashboard will have no session but SmartView Tracker and audit trail will be available.

B. The SmartDashboard functions as if SmartWorkflow is not enabled but an automatic session exists in the background and full SmartView tracker and audit trail functionality will be available.

C. All functions of SmartWorkflow will be available on a per rule basis.

D. The SmartDashboard will function without SmartWorkflow, with no session and no audit trail functionality.


Answer: B




Which Check Point QoS feature marks the ToS byte in the IP header?


A. Weighted Fair Queuing

B. Low Latency Queuing

C. Guarantees

D. Differentiated Services


Answer: D