最新的思科 微软 IBM Oracle HP 题库免费共享 又一个 WordPress 博客

  • 156-315题库demo免费下载

    Filed under CheckPoint
    Aug 3

    CheckPoint认证156-315考试题库介绍

    考试代号: 156-315
    问题数量:142 Q&As

    更新时间: 2009-09-23
    注册地点: Prometric/Pearson VUE
    题库全称:Check Point Certified Security Expert NGX

    免费156-315题库Demo赏析

     
     
    Exam : Check Point 156-315
    Title : Check Point Certified Security Expert NGX

    1. The following rule contains an FTP resource object in the Service field:
    Source: local_net
    Destination: Any
    Service: FTP-resource object
    Action: Accept
    How do you define the FTP Resource Properties > Match tab to prevent internal users from sending corporate files to external FTP servers, while allowing users to retrieve files?
    A. Enable the "Get" method on the match tab.
    B. Disable "Get" and "Put" methods on the Match tab.
    C. Enable the "Put" and "Get" methods.
    D. Enable the "Put" method only on the match tab.
    E. Disable the "Put" method globally.
    Answer: A

    2. Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies.
    How do you request a new license for this VPN-1 NGX upgrade?
    A. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP address. Request a new local license for the NGX VPN-1 Pro Gateway.
    B. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
    C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
    D. Request a VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway, licensed for the existing SmartCenter Server IP address.
    Answer: D

    3. If you check the box "Use Aggressive Mode", in the IKE Properties dialog box:
    A. The standard three-packet IKE Phase 1 exchange is replaced by a six-packet exchange.
    B. The standard six-packet IKE Phase 2 exchange is replaced by a three-packet exchange.
    C. The standard three-packet IKE Phase 2 exchange is replaced by a six-packet exchange.
    D. The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange.
    E. The standard six-packet IKE Phase 1 exchange is replaced by a twelve-packet exchange.
    Answer: D

    4. You set up a mesh VPN Community, so your internal networks can access your partner’s network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All other traffic among your internal and partner networks is sent in clear text. How do you configure the VPN Community?
    A. Disable "accept all encrypted traffic", and put FTP and HTTP in the Excluded services in the Community object. Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field.
    B. Disable "accept all encrypted traffic" in the Community, and add FTP and HTTP services to the Security Policy, with that Community object in the VPN field.
    C. Enable "accept all encrypted traffic", but put FTP and HTTP in the Excluded services in the Community. Add a rule in the Security Policy, with services FTP and http, and the Community object in the VPN field.
    D. Put FTP and HTTP in the Excluded services in the Community object. Then add a rule in the Security Policy to allow Any as the service, with the Community object in the VPN field.
    Answer: B

    5. Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization’s three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
    A. The related end-points domain specifies an address range.
    B. VoIP Domain SIP objects cannot be placed in simple groups.
    C. The installed VoIP gateways specify host objects.
    D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
    E. The VoIP Domain SIP object’s name contains restricted characters.
    Answer: B

    6. Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company’s file server, on \eriscogoldenapplefilespublic. Robert receives reports that users are unable to access the shared partition, unless they use the file server’s IP address. Which of the following is a possible cause?
    A. Mapped shares do not allow administrative locks.
    B. The CIFS resource is not configured to use Windows name resolution.
    C. Access violations are not logged.
    D. Remote registry access is blocked.
    E. Null CIFS sessions are blocked.
    Answer: B

    7. How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?
    A. Low latency class
    B. DiffServ rule
    C. guaranteed per connection
    D. Weighted Fair Queuing
    E. guaranteed per VoIP rule
    Answer: A

    8. You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from for the new Gateway, and you must conform to the following requirements:
    Operating-system vendor’s license agreement
    Check Point’s license agreement
    Minimum operating-system hardware specification
    Minimum Gateway hardware specification
    Gateway installed on a supported operating system (OS)
    Which machine meets ALL of the following requirements?
    A. Processor: 1.1 GHz
    RAM: 512 MB
    Hard disk: 10 GB
    OS: Windows 2000 Workstation
    B. Processor: 2.0 GHz
    RAM: 512 MB
    Hard disk: 10 GB
    OS: Windows ME
    C. Processor: 1.5 GHz
    RAM: 256 MB
    Hard disk: 20 GB
    OS: Red Hat Linux 8.0
    D. Processor: 1.67 GHz
    RAM: 128 MB
    Hard disk: 5 GB
    OS: FreeBSD
    E. Processor: 2.2 GHz
    RAM: 256 MB
    Hard disk: 20 GB
    OS: Windows 2000 Server
    Answer: E

    9. VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?
    A. H.323
    B. SIP
    C. MEGACO
    D. SCCP
    E. MGCP
    Answer: C

    10. You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?
    A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
    B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
    C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed
    D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
    E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed
    Answer: C

    11. To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
    A. Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
    B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
    C. Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
    D. Change the cluster mode to Unicast on the cluster-member object.
    E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address.
    Answer: A

    12. You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
    A. internal_clear > All_GwToGw
    B. Communities > Communities
    C. Internal_clear > External_Clear
    D. Internal_clear > Communities
    E. internal_clear > All_communities
    Answer: E

    13. The following is cphaprob state command output from a ClusterXL New mode High Availability member:When member 192.168.1.2 fails over and restarts, which member will become active?
    A. 192.168.1.2
    B. 192.168.1.1
    C. Both members’ state will be standby
    D. Both members’ state will be active
    Answer: B

    14. Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
    A. Guarantee Allocation
    B. Rule weight
    C. Apply rule only to encrypted traffic
    D. Rule limit
    E. Rule guarantee
    Answer: A

    15. Which service type does NOT invoke a Security Server?
    A. HTTP
    B. FTP
    C. Telnet
    D. CIFS
    E. SMTP
    Answer: D

    16. You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/FireWall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure?
    1. Change the version, in the General Properties of the gateway-cluster object.
    2. Upgrade the SmartCenter Server, and reboot after upgrade.
    3. Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade.
    4. Reinstall the Security Policy.
    A. 3, 2, 1, 4
    B. 2, 4, 3, 1
    C. 1, 3, 2, 4
    D. 2, 3, 1, 4
    E. 1, 2, 3, 4
    Answer: D

    17. You are preparing a lab for a ClusterXL environment, with the following topology:
    Vip internal cluster IP = 172.16.10.1; Vip external cluster IP = 192.168.10.3
    Cluster Member 1: four NICs, three enabled: qfe0: 192.168.10.1/24, qfe1: 10.10.10.1/24, qfe2: 172.16.10.1/24
    Cluster Member 2: five NICs, three enabled; hme0: 192.168.10.2/24, eth1: 10.10.10.2/24, eth2: 172.16.10.2/24
    Member Network tab on internal-cluster interface: is 10.10.10.0, 255.255.255.0
    SmartCenter Pro Server: 172.16.10.3
    External interfaces 192.168.10.1 and 192.168.10.2 connect to a Virtual Local Area Network (VLAN) switch. The upstream router connects to the same VLAN switch. Internal interfaces 10.10.10.1 and 10.10.10.2 connect to a hub. There is no other machine in the 10.10.10.0 network. 172.19.10.0 is the synchronization network. What is the problem with this configuration?
    A. The SmartCenter Pro Server cannot be in the synchronization network.
    B. There is no problem with this configuration. It is correct.
    C. Members do not have the same number of NICs.
    D. The internal network does not have a third cluster member.
    E. Cluster members cannot use the VLAN switch. They must use hubs.
    Answer: B

    18. You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?
    A. SVN Foundation and VPN-1 Express/Pro
    B. VPN-1 and FireWall-1
    C. SecurePlatform NGX R60
    D. SVN Foundation
    E. VPN-1 Pro/Express NGX R60
    Answer: C

    19. Regarding QoS guarantees and limits, which of the following statements is FALSE?
    A. The guarantee of a sub-rule cannot be greater than the guarantee defined for the rule above it.
    B. If a guarantee is defined in a sub-rule, a guarantee must be defined for the rule above it.
    C. A rule guarantee must not be less than the sum defined in the guarantees’ sub-rules.
    D. If both a rule and per-connection limit are defined for a rule, the per-connection limit must not be greater than the rule limit.
    E. If both a limit and guarantee per rule are defined in a QoS rule, the limit must be smaller than the guarantee.
    Answer: E

    20. Which of the following commands shows full synchronization status?
    A. cphaprob -i list
    B. cphastop
    C. fw ctl pstat
    D. cphaprob -a if
    E. fw hastat
    Answer: A

    免费下载156-315题库Demo

    Examsoon提供最新的CheckPoint认证 156-315题库,其全名为:(Check Point Certified Security Expert NGX). 在您决定是否购买之前 可以先下载156-315题库的部分演示. Examsoon是全球唯一提供所有IT认证考试题库demo免费下载的厂商 ,以下为免费156-315模拟测试题的下载链接

    免费的156-315题库PDF下载链接

    CheckPoint 156-315学习指南

    CheckPoint认证 156-315考试已经证明了它在全世界的广泛性和重要性,因此明白这项认证考试的世界各地的人必须具备与认证考试相关领域所需的技能和知识。CheckPoint认证 156-315学习指南的目的是检查考生的能力和他对概念的意识。很多时候练习测试156-315考试都已经被修改过了,删掉了许多过时的东西,而那些需求是在考试课程。当应用到时候你所学的知识的时候,就会鉴定出你所学到的东西以及对所学知识的应用是多么的恰到好处。CheckPoint认证 156-315是在IT行业的知名品牌,所以如果您通过了这样一个知名公司举行的一次考试,你可以想象你将来的事业会做的多么好。

    想要通过这个考试当然存在很多困难。你所要做的就是准备好充足的勇气和信心,而这些都来源与你平时训练的好坏.建议大家可以去Examsoon这个网站看一下,它的156-315考试是为了测试您在这方面的知识的掌握程度,最好的部分是它可以使你不断更新你所学的知识,不断进步。如果你知道所有的概念和如何使用他们的时候才是你真正掌握了Examsoon的用意。这门考试检查了您的能力和一旦你通过这次考验你将成为最优秀的人才,其他156-315考试的Examsoon结算值得注意的影响就是你的薪水将直线上升这大概也是每个人都希望获得的,所以要找一些好的资源才行。

    Examsoon考题大师156-315试题都是考试原题的完美组合,覆盖率95%以上,答案由多位专业资深讲师原版破解得出,正确率100%,只要您使用Examsoon的考试题库参加156-315考试,保证您一次轻松通过考试;

    售后服务第一!我们相信要想在当今时代取得成功,必须为广大用户提供全套的周到细致的全程优质售后服务,只有客户满意了,才能发展。客户至上是Examsoon考题大师的一贯宗旨;

    No Comments

Leave a Reply

You must be logged in to post a comment.

 
Powered by Testinside考题大师
IT认证题库专家 || IT认证考试资源网

友情链接 | Examsoon IT 认证考试网 思科认证资源网 思科微軟考古題 IT證照模擬試題 考古題考試模擬軟件 70-649 70-643 70-646 640-802 640-863 e20-340 HP0-085 HP0-A25