Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Checkpoint 156-315.71 Exam -

Free 156-315.71 Sample Questions:

Q: 1
How do new connections get established through a Security Gateway with SecureXL enabled?
A. The new connection will be first inspected by SecureXL and if it does not match the drop table of SecureXL, then it will passed to the firewall module for a rule match.
B. If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match.
C. New connections are always inspected by the firewall and if they are accepted, the subsequent packets of the same connection will be passed through SecureXL.
D. New connection packets never reach the SecureXL module.
Answer: B

Q: 2
How do you verify the Check Point kernel running on a firewall?
A. fw ctl get kernel
B. fw ctl pstat
C. fw kernel
D. fw ver -k
Answer: D

Q: 3
You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?
A. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.
B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain.
C. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community.
D. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes.
Answer: A

Q: 4
A user cannot authenticate to SSL VPN. You have verified the user is assigned a user group and reproduced the problem, confirming a failed-login session. You do not see an indication of this attempt in traffic log. The user is not using a client certificate for login. To debug this error, where in the authentication process could the solution the solution be found?
A. apache
B. admin
C. cvpnd
D. cpauth
Answer: C

Q: 5
A VPN Tunnel Interface (VTI) is defined on SecurePlatform Pro as:
vpn shell interface add numbered madrid.cp
What do you know about this VTI?
A. The peer Security Gateway’s name is “madrid.cp”
B. The local Gateway’s object name is “madrid.cp”
C. The VTI name is ” madrid.cp”
D. is the local Gateway’s internal interface, and is the internal interface of the remote Gateway.
Answer: A

Q: 6
You use the snapshot feature to store your Connectra SSL VPN configuration. What do you expect to find?
A. Nothing: snapshot is not supported in Connectra SSL VPN
B. The management configuration of the currect product, on a management or stand-alone machine
C. A complete image of the local file system
D. Specified directories of the local file system.
Answer: C

Q: 7
When ruuning DLP Wizard for the first time, which of the following is a mandatory configuration?
A. Mail Server
B. E-mail Domain in My Organization
C. DLP Portal URL
D. Active Directory
Answer: D

Q: 8
Which procedure creates a new administrator in SmartWorkflow?
A. Run cpconfig, supply the Login Name, Properties, Name, Access Applications and Permissions.
B. In SmartDashboad, click SmartWorkflow / Enable SmartWorkflow and the Enable SmartWorkflow wizard will start. Supply the Login Name, Profile Properties, Name, Access Applications and Permissions when prompted.
C. On the Provider-1 primary MDS, run cpconfig, supplythe Login Name, Properties, Name, Access Applications and Permissions
D. In SmartDashboard, click Users and Administrators righ click Administrators / New Administrator and supply the Login Name, Profile Properties, Name, Access Applications and Permissions.
Answer: D

Q: 9
What command will allow you to disable sync on a cluster firewall member?
A. fw ctl setsync 0
B. fw ctl syncstat stop
C. fw ctl syncstat off
D. fw ctl setsync off
Answer: D

Q: 10
Which of the following statements about the Port Scanning feature of IPS is TRUE?
A. The default scan detection is more than 500 open inactive ports are ports are open for a period of 120 seconds.
B. Tne Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
C. Port Scanning does not block scanning; it detects port scans with one of three levels of detection sensitvity.
D. When a port scan is detected, only a log is issued, never an alert.
Answer: C

© 2014, All Rights Reserved