Checkpoint 156-315.71 Dumps
Exam: Check Point Certified Security Expert R71
Checkpoint 156-315.71 Exam Tutorial
Question No : 1 - Topic 1
Control connections between the Security Management Server and the Gateway are not
encrypted by the VPN Community. How are these connections secured?
A. They are encrypted and authenticated using SIC.
B. They are not encrypted, but are authenticated by the Gateway
C. They are secured by PPTP
D. They are not secured.
Question No : 2 - Topic 1
In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal
interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings
10.4.8.3, and receives replies. The following is the ARP table from the internal Windows
According to the output, which member is the pivot machine?
D. The pivot machine cannot be determined by this test.
Question No : 3 - Topic 1
Which statement about LDAP and Active Directory (AD) with SSL VPN is TRUE?
A. SSL VPN does not support LDAP password remediation.
B. SSL VPN is capable of administering or creating users and groups directly on an LDAP server.
C. SSL VPN never stores the user records of LDAP/AD groups.
D. By default. SSL VPN sends username and password credentials to LDAP servers in UTF-8 encoding
Question No : 4 - Topic 1
John is the MegaCorp Security Administrator, and is using Check Point R71. Malcolm is
the Security Administrator of a partner company and is using a different vendor's product
and both have to build a VPN tunnel between their companies. Both are using clusters with
Load Sharing for their firewalls and John is using ClusterXL as a Check Point clustering
solution. While trying to establish the VPN, they are constantly noticing problems and the
tunnel is not stable and then Malcolm notices that there seems to be 2 SPIs with the same
IP from the Check Point site. How can they solve this problem and stabilize the tunnel?
A. This can be solved by running the command Sticky VPN on the Check Point CLI. This keeps the VPN Sticky to one member and the problem is resolved.
B. This is surely a problem in the ISPs network and not related to the VPN configuration.
C. This can be solved when using clusters; they have to use single firewalls.
D. This can easily be solved by using the Sticky decision function in ClusterXL.
Question No : 5 - Topic 1
Which technology is responsible for assembling packet streams and passing ordered data
to the protocol parsers in IPS?
A. Pattern Matcher
B. Content Management Infrastructure
C. Accelerated INSPECT
D. Packet Streaming Layer
Question No : 6 - Topic 1
To clean the system of all events, you should delete the files in which folder(s)?
B. $FWDIR/ events_db
C. $FWDIR/distrib and $PWDIR/events_db
D. $FWDIR/distrib db and $FWDIR/events
Question No : 7 - Topic 1
Which of the following actions is most likely to improve the performance of Check Point
A. Put the most frequently used rules at the bottom of the QoS Rule Base.
B. Define Check Point QoS only on the external interfaces of the QoS Module.
C. Turn per rule limits into per connection limits
D. Turn per rule guarantees into per connection guarantees.
Question No : 8 - Topic 1
Which Check Point QoS feature marks the ToS byte in the IP header?
A. Differentiated Services
C. Weighted Fair Queuing
D. Low Latency Queuing
Question No : 9 - Topic 1
Which of the following can NOT be modified by editing the cp_httpd_admin.conf file?
A. Toggling HTTP or HTTPS protocol use
B. The web server port
C. Modifying Web server certificate attributes
D. Administrative Access Level
Question No : 10 - Topic 1
The following graphic illustrates which command being issued on SecurePlatform?
A. The administrator will have to open the old session and make the changes, no note is added automatically, however, the manager adds his notes stating the changes required.
B. The same session is modified with a note automatically added stating Under repair.
C. The old status is removed and a new session is created with the same name, but with a note stating New session after repair.
D. A new session is created by the name Repairing Session <old id> and the old session status is updated to Repaired with a note stating Repaired by Session < new id>
Question No : 11 - Topic 1
A user cannot authenticate to SSL VPN. You have verified the user is assigned a user
group and reproduced the problem, confirming a failed-login session. You do not see an
indication of this attempt in the traffic log. The user is not using a client certificate for login.
To debug this error, where in the authentication process could the solution be found?
Question No : 12 - Topic 1
You are running R71 and using the new IPS Software Blade. To maintain the highest level
of security, you are doing IPS updates regularly. What kind of problems can be caused by
the automatic updates?
A. None; updates will not add any new security checks causing problematic behaviour on the systems.
B. None, all new updates will be implemented in Detect only mode to avoid unwanted trafficinterruptions. They have to be activated manually later.
C. None, all the checks will be activated from the beginning, but will only detect attacks and not disturb any non-malicious traffic in the network.
D. All checks will be activated from the beginning and might cause unwanted traffic outage due to false positives of the new checks and non-RFC compliant self-written applications.
Question No : 13 - Topic 1
How do you verify the Check Point Kernel running on a firewall?
A. fw ctl get kernel
B. fw ctl pstat
C. fw kernel
Question No : 14 - Topic 1
When load sharing Multicast mode is defined in a ClusterXL cluster object, how are
packets being handled by cluster members?
A. only one member at a time is active. The active cluster member processes all packets.
B. All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.
C. AB cluster members process all packets and members synchronize with each other.
D. All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.
Question No : 15 - Topic 1
Which of the following statements about the Port Scanning feature of IPS is TRUE?
A. The default scan detection is when more than 500 open inactive ports are open for a period of 120 seconds.
B. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
C. Port Scanning does not block scanning; it detects port scans with one of three levels of detection sensitivity.
D. When a port scan is detected, only a log is issued, never an alert.
Question No : 16 - Topic 1
Which of the following explains Role Segregation?
A. Administrators have different abilities than managers within SmartWorkflow.
B. Different tasks within SmartDashboard are divided according to firewall administrator permissions.
C. Changes made by an administrator in a SmartWorkflow session must have managerial approval prior to commitment.
D. SmartWorkflow can be configured so that managers can only view their assigned sessions
Question No : 17 - Topic 1
Using SmartProvisioning Profiles, which of the following could be configured for both
SecurePlatform AND UTM-1 Edge devices?
(v) NTP server
A. (ii), (iii), (iv) and (vi)
B. (i), (iii), (iv) and (vi)
C. none of these options are available for both.
D. (i), (ii) and (iv)
Question No : 18 - Topic 1
A VPN Tunnel Interface (VTI) is defined on SecurePlatform Pro as:
vpn shell interface add numbered 10.10.0.1 10.10.0.2 "madrid.cp".
What do you know about this VTI?
A. The peer Security Gateway's name is "madrid.cp".
B. The local Gateway's object name is "madrid.cp".
C. The VTI name is "madrid.cp".
D. 10.10.0.1 is the local Gateway's internal interface, and 10.10.0.2 is the internal interface Gateway.
Question No : 19 - Topic 1
Which Check Point product implements a Consolidation policy?
A. SmartView Monitor
C. SmartView Tracker
Question No : 20 - Topic 1
John is upgrading a cluster from NGX R65 to R71. John knows that you can verify the
upgrade process using the pre-upgrade verifier tool. When John is running Pre-Upgrade
Verification, he see this warning message:Title: Incompatible pattern.What's happening?
A. The actual configuration contains user defined patterns in IPS that are not supported in R71. If the patterns are not fixed after upgrade, they will not be used with R71 Security Gateways.
B. R71 uses a new pattern matching engine. Incompatible patterns should be deleted before upgrade process to complete it successfully.
C. Pre-Upgrade Verification tool only shows that message but it is only informational.
D. Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will be aborted.