Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Checkpoint 156-510 Exam -

Free 156-510 Sample Questions:

1. You can tell if CPMAD is enabled because you see the message
"FireWall-1: Starting cpmad (Malicious Activity Detection)"
when you perform a fwstart. True of false?
A. False
B. True
Answer: A

2. When installing FW-1 on a Windows NT platform, what state should IP forwarding be in for correct FW-1 operation?
A. Enabled
B. Disabled
Answer: A

3. What is true about detecting "blocked connection port scanning"?
A. It requires less memory than general port scanning
B. It is less secure than general port scanning
C. It is more secure than general port scanning
D. It requires more memory than general port scanning
Answer: A, B

4. In a load sharing MEP environment accessed by secuRemote.What is true about gateway selection?
A. SecuRemote will choose the gateway closest to the server
B. SecuRemote will use the first gateway to respond
C. SecuRemote will chose the gateway randomly
D. SecuRemote will prefer its primary gateway if both respond
Answer: C

5. Which two types of overlapping encryption domains are supported by FW -1?
A. Partial overlap
B. Full overlap
C. Proper subset
D. Partial subset
Answer: B, C

6. What does LDAP stand for?
A. Link level Direct Access Process
B. Layered Directory Administration Protocol
C. Layer Dependent Administration process
D. Lightweight Directory Access Protocol
Answer: D

7. By default a Windows NT platform enables both TCP/IP a nd IPX. What does FW-1 do with any IPX traffic?
A. Logs it, then drops it
B. Allows it through without being inspected
C. Drops all traffic regardless
D. Inspects the traffic and decide whether to allow it through
Answer: B

8. When using IP pools for MEP VPN access, where would you specify the pool to be used for a particular gateway?
A. The NAT screen of the gateway's properties configuration
B. The ADVANCED screen of the gateway's properties configuration
C. The VPN screen of the gateway's properties screen
D. The TOPOLOGY screen of the gateway's properties configuration
Answer: A

9. What is the maximum limit to the number of secondary management modules allowed?
A. No limit
B. 4
C. 2
D. 1
E. 8
Answer: A

10. What is a land attack?
A. It causes incomplete TCP connections
B. It involves gaining access by imitating an authorized IP address
C. It involves scanning for ports on an IP address that will allow access
D. It causes a server to send packets to itself
Answer: D

11. If CPMAD terminates, how can you restart it?
A. By using the GUI log client
B. It automatically starts itself
C. By using fw cpmadstart
D. By using fwstop/fwstart
Answer: D

12. What is true when using SEP high availability encryption topologies?
A. Gateways must use the same FW-1 build level
B. All of these
C. You must use a distributed installation of VPN -1/FW-1
D. Gateways must use the same platform and OS
E. Gateways must run identical policies
Answer: B

13. In a resilient MEP topology, what mechanism can be used by SecuRemote to determine that the primary gateway is still available?
A. TCP Ping
B. TCP keepalives
C. RDP status queries
D. UDP ping
Answer: C

14. Which are two network related conditions required by high availability in SEP VPN's?
A. The gateways must be synchronized
B. Traffic must be redirected correctly to the backup gateway when the primary gateway fails
C. The gateways must use identical MAC addresses
D. NTP (network time protocol) must be configured between both gateways
Answer: A, B

15. How much memory is reserved for the VPN-1/FW-1 kernel on a Nokia platform?
A. 5 MB
B. 15 MB
C. 3 MB
D. 10 MB
Answer: A

16. Which of the following should be disabled in a Windows NT platform when installing FW-1?
D. All of them
E. DHCP relay
Answer: D

17. CPMAD will try to connect to the LEA server a number of times before giving up. What are the default values for the number of connection attempts and the time interval between them?
A. 20 times with 30secs between attempts
B. 10 times with 60secs between attempts
C. 5 times with 60secs between attempts
D. 10 times with 10secs between attempts
Answer: B

18. When making changes to users in an LDAP server using the policy editor usermanager, when will the changes take effect?
A. After the user database is downloaded
B. When you log out of policy editor
C. After a policy download
D. When cache times out
Answer: A, C, D

19. Addresses allocated from an IP pool remain allocated for a configurable period, even after all connections to that address are closed. What is the default time before the address is returned to the pool?
A. 120 mins
B. 180mins
C. 30 mins
D. 60 mins
Answer: D

20. How often will SecuRemote check for the availability of a VPN gateway by default?
A. 60 secs
B. 120 secs
C. 30 secs
D. 90 secs
Answer: A

© 2014, All Rights Reserved