156-315.71 Exam Questions

Which Security Servers can perform Content Security tasks, but CANNOT perform authentication tasks?

The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the external_net and internal_net from the Internet. How is the Security Gate...

You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all sitE. to-site VPN Communities, including Remot...

A cluster contains two members, with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster's IP address is 172....

How can you completely tear down a specific VPN tunnel in an intranet IKE VPN deployment?

How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queue using Check Point QoS solution?

You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from for the new Gateway, and you must conform to the following requirements: Operati...

In a Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when: 1. The Security Policy is installed. 2. The Security Policy is...

Stephanie wants to reduce the encryption overhead and improve performance for her mesh VPN Community. The Advanced VPN Properties screen below displays adjusted page settings:What...

Check Point 156-315.71 Exam Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve...

Jerry is concerned that a denial-oF. service (DoS) attack may affect his VPN Communities. He decides to implement IKE DoS protection. Jerry needs to minimize the performance impact...

Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?

You are configuring the VoIP Domain object for an H.323 environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use?

Problems sometimes occur when distributing IPSec packets to a few machines in a Load Sharing Multicast mode cluster, even though the machines have the same source and destination I...

Rachel is the Security Administrator for a university. The university's FTP servers have old hardware and software. Certain FTP commands cause the FTP servers to malfunction. Upgra...

Jacob is using a mesh VPN Community to create a sitE. to-site VPN. The VPN properties in this mesh Community display in this graphic:Which of the following statements is TRUE?

You want to establish a VPN, using Certificates. Your VPN will exchange Certificates with an external partner. Which of the following activities should you do first?

You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?

Wayne configures an HTTP Security Server to work with the content vectoring protocol to screen forbidden sites. He has created a URI resource object using CVP with the following se...

You have two Nokia Appliances: one IP530 and one IP380. Both Appliances have IPSO 3.9 and VPN-1 Pro NGX installed in a distributed deployment. Can they be members of a gateway clus...

You want to block corporatE. internal-net and localnet from accessing Web sites containing inappropriate content. You are using WebTrends for URL filtering. You have disabled VPN-1...

VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. W...

Your organization has many VPN-1 Edge gateways at various branch offices, to allow VPN-1 Secure Client users to access company resources. For security reasons, your organization's...

Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company's file server, on \\erisco\goldenapple\files\public. Robe...

You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind...

Which is the BEST configuration option to protect internal users from malicious Java code, without stripping Java scripts?

Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX routE. based VPN feature, withou...

Which Security Server can perform authentication tasks, but CANNOT perform content security Check Point 156-315.71 Exam tasks?

You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD...

Which type of service should a Security Administrator use in a Rule Base to control access to specific shared partitions on target machines?

Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder's access, after the next Phase 2 exchange occurs?

How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_Ato end Check Point 156-315.71 Exam point Net_B, through an NGX Security Gateway?

After you add new interfaces to a cluster, how can you check if the new interfaces and the associated virtual IP address are recognized by ClusterXL?

Barak is a Security Administrator for an organization that has two sites using prE. shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that...

You have an internal FTP server, and you allow downloading, but not uploading. Assume Network Address Translation is set up correctly, and you want to add an inbound rule with: Sou...

Damon enables an SMTP resource for content protection. He notices that mail seems to slow down on occasion, sometimes being delivered late. Which of the following might improve thr...

You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations: Are these machines correctly configu...

What is the consequence of clearing the "Log VoIP Connection" box in Global Properties?

VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. W...

Your company has two headquarters, one in London, one in New York. Each headquarters includes several branch offices. The branch offices only need to communicate with the headquart...

You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?

Yoav is a Security Administrator preparing to implement a VPN solution for his multi-site organization. To comply with industry regulations, Yoav's VPN solution must meet the follo...

Which of the following commands shows full synchronization status?

In a distributed VPN-1 Pro NGX environment, where is the Internal Certificate Authority (ICA) installed?

You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network. The Registrar and proxy are installed on host 172.16.100.100. To allow handover enforc...

What is the behavior of ClusterXL in a High Availability environment?

Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?

You plan to incorporate OPSEC servers, such as Websense and Trend Micro, to do content filtering. Which segment is the BEST location for these OPSEC servers, when you consider Secu...

The following rule contains an FTP resource object in the Service field: Source: local_net Destination: Any Service: FTP-resource object Action: Accept Check Point 156-315.71 Exam...

VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?