Checkpoint 156-315.71

Check Point Security Expert R71

(Page 1 out of 32)
Showing 15 of 480 Questions
Exam Version: 8.0
Question No : 1 - Topic 1

Control connections between the Security Management Server and the Gateway are not
encrypted by the VPN Community. How are these connections secured?

  • A. They are encrypted and authenticated using SIC.
  • B. They are not encrypted, but are authenticated by the Gateway
  • C. They are secured by PPTP
  • D. They are not secured.

Answer : D



Question No : 2 - Topic 1

In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal
interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings
10.4.8.3, and receives replies. The following is the ARP table from the internal Windows
host 10.4.8.108:
According to the output, which member is the pivot machine?

  • A. 10.4.8.2
  • B. 10.4.8.1
  • C. 10.4.8.3
  • D. The pivot machine cannot be determined by this test.

Answer : A



Question No : 3 - Topic 1

Which statement about LDAP and Active Directory (AD) with SSL VPN is TRUE?

  • A. SSL VPN does not support LDAP password remediation.
  • B. SSL VPN is capable of administering or creating users and groups directly on an LDAP server.
  • C. SSL VPN never stores the user records of LDAP/AD groups.
  • D. By default. SSL VPN sends username and password credentials to LDAP servers in UTF-8 encoding

Answer : B



Question No : 4 - Topic 1

John is the MegaCorp Security Administrator, and is using Check Point R71. Malcolm is
the Security Administrator of a partner company and is using a different vendor's product
and both have to build a VPN tunnel between their companies. Both are using clusters with
Load Sharing for their firewalls and John is using ClusterXL as a Check Point clustering
solution. While trying to establish the VPN, they are constantly noticing problems and the
tunnel is not stable and then Malcolm notices that there seems to be 2 SPIs with the same
IP from the Check Point site. How can they solve this problem and stabilize the tunnel?

  • A. This can be solved by running the command Sticky VPN on the Check Point CLI. This keeps the VPN Sticky to one member and the problem is resolved.
  • B. This is surely a problem in the ISPs network and not related to the VPN configuration.
  • C. This can be solved when using clusters; they have to use single firewalls.
  • D. This can easily be solved by using the Sticky decision function in ClusterXL.

Answer : D



Question No : 5 - Topic 1

Which technology is responsible for assembling packet streams and passing ordered data
to the protocol parsers in IPS?

  • A. Pattern Matcher
  • B. Content Management Infrastructure
  • C. Accelerated INSPECT
  • D. Packet Streaming Layer

Answer : D



Question No : 6 - Topic 1

To clean the system of all events, you should delete the files in which folder(s)?

  • A. $FWDIR/distrib
  • B. $FWDIR/ events_db
  • C. $FWDIR/distrib and $PWDIR/events_db
  • D. $FWDIR/distrib db and $FWDIR/events

Answer : C



Question No : 7 - Topic 1

Which of the following actions is most likely to improve the performance of Check Point
QoS?

  • A. Put the most frequently used rules at the bottom of the QoS Rule Base.
  • B. Define Check Point QoS only on the external interfaces of the QoS Module.
  • C. Turn per rule limits into per connection limits
  • D. Turn per rule guarantees into per connection guarantees.

Answer : B



Question No : 8 - Topic 1

Which Check Point QoS feature marks the ToS byte in the IP header?

  • A. Differentiated Services
  • B. Guarantees
  • C. Weighted Fair Queuing
  • D. Low Latency Queuing

Answer : A



Question No : 9 - Topic 1

Which of the following can NOT be modified by editing the cp_httpd_admin.conf file?

  • A. Toggling HTTP or HTTPS protocol use
  • B. The web server port
  • C. Modifying Web server certificate attributes
  • D. Administrative Access Level

Answer : D



Question No : 10 - Topic 1

The following graphic illustrates which command being issued on SecurePlatform?

  • A. The administrator will have to open the old session and make the changes, no note is added automatically, however, the manager adds his notes stating the changes required.
  • B. The same session is modified with a note automatically added stating Under repair.
  • C. The old status is removed and a new session is created with the same name, but with a note stating New session after repair.
  • D. A new session is created by the name Repairing Session <old id> and the old session status is updated to Repaired with a note stating Repaired by Session < new id>

Answer : D



Question No : 11 - Topic 1

A user cannot authenticate to SSL VPN. You have verified the user is assigned a user
group and reproduced the problem, confirming a failed-login session. You do not see an
indication of this attempt in the traffic log. The user is not using a client certificate for login.
To debug this error, where in the authentication process could the solution be found?

  • A. apache
  • B. admin
  • C. cvpnd
  • D. cpauth

Answer : C



Question No : 12 - Topic 1

You are running R71 and using the new IPS Software Blade. To maintain the highest level
of security, you are doing IPS updates regularly. What kind of problems can be caused by
the automatic updates?

  • A. None; updates will not add any new security checks causing problematic behaviour on the systems.
  • B. None, all new updates will be implemented in Detect only mode to avoid unwanted trafficinterruptions. They have to be activated manually later.
  • C. None, all the checks will be activated from the beginning, but will only detect attacks and not disturb any non-malicious traffic in the network.
  • D. All checks will be activated from the beginning and might cause unwanted traffic outage due to false positives of the new checks and non-RFC compliant self-written applications.

Answer : B



Question No : 13 - Topic 1

How do you verify the Check Point Kernel running on a firewall?

  • A. fw ctl get kernel
  • B. fw ctl pstat
  • C. fw kernel
  • D. fw ver –k

Answer : D



Question No : 14 - Topic 1

When load sharing Multicast mode is defined in a ClusterXL cluster object, how are
packets being handled by cluster members?

  • A. only one member at a time is active. The active cluster member processes all packets.
  • B. All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.
  • C. AB cluster members process all packets and members synchronize with each other.
  • D. All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.

Answer : B



Question No : 15 - Topic 1

Which of the following statements about the Port Scanning feature of IPS is TRUE?

  • A. The default scan detection is when more than 500 open inactive ports are open for a period of 120 seconds.
  • B. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
  • C. Port Scanning does not block scanning; it detects port scans with one of three levels of detection sensitivity.
  • D. When a port scan is detected, only a log is issued, never an alert.

Answer : C



(Page 1 out of 32)
Showing of 480 Questions
Exam Version: 8.0