Download Free Check Point 156-315.65 PDF and VCE Updated Today

Vendor: Check Point
Exam Code: 156-315.65
Exam Name: Check Point Certified Expert NGX R65

QUESTION 1
The following is cphaprob state command output from a ClusterXL New mode High Availability memberWhen member 192.168.1.2 fails over and restarts, which member will become active?

A.    192.168.1.2
B.    192.168.1 1
C.    Both members’ state will be standby
D.    Both members’ state will be active

Answer: B

QUESTION 2
What is the command to upgrade a SecurePlatform NG with Application Intelligence (Al) R55 SmartCenter Server to VPN-1 NGX using a CD?

A.    cd patch add
B.    fwm upgrade_tool
C.    cppkg add
D.    patch add
E.    patch add cd

Answer: E

QUESTION 3
You have a production implementation of Management High Availability, at version VPN-1 NG with Application Intelligence R55. You must upgrade your two SmartCenter Servers to VPN-1 NGX.
What is the correct procedure?

A.    1. Synchronize the two SmartCenter Servers.
2. Upgrade the secondary SmartCenter Server.
3. Upgrade the primary SmartCenter Server.
4. Configure both SmartCenter Server host objects version to VPN-1 NGX.
5. Synchronize the Servers again.
B.    1. Synchronize the two SmartCenter Servers.
2. Perform an advanced upgrade on the primary SmartCenter Server.
3. Upgrade the secondary SmartCenter Server.
4. Configure both SmartCenter Server host objects to version VPN-1 NGX.
5. Synchronize the Servers again.
C.    1. Perform an advanced upgrade on the primary SmartCenter Server.
2. Configure the primary SmartCenter Server host object to version VPN-1 NGX.
3. Synchronize the primary with the secondary SmartCenter Server.
4. Upgrade the secondary SmartCenter Server.
5. Configure the secondary SmartCenter Server host object to version VPN-1 NGX.
6. Synchronize the Servers again.
D.    1. Synchronize the two SmartCenter Servers.
2. Perform an advanced upgrade on the primary SmartCenter Server.
3. Configure the primary SmartCenter Server host object to version VPN-1 NGX.
4. Synchronize the two Servers again.
5. Upgrade the secondary SmartCenter Server.
6. Configure the secondary SmartCenter Server host object to version VPN-1 NGX.
7. Synchronize the Servers again.

Answer: B

QUESTION 4
Your primary SmartCenter Server is installed on a SecurePlatform Pro machine, which is also a VPN-1 Pro Gateway. You want to implement Management High Availability (HA). You have a spare machine to configure as the secondary SmartCenter Server. How do you configure the new machine to be the standby SmartCenter Server, without making any changes to the existing primary SmartCenter Server? (Changes can include uninstalling and reinstalling.)

A.    You cannot configure Management HA, when either the primary or secondary SmartCenter Server is running on a VPN-1 Pro Gateway.
B.    The new machine cannot be installed as the Internal Certificate Authority on its own.
C.    The secondary Server cannot be installed on a SecurePlatform Pro machine alone.
D.    Install the secondary Server on the spare machine. Add the new machine to the same network as the primary Server.

Answer: A

QUESTION 5
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four machines with the following configurations:
Cluster Member 1: OS: SecurePlatform, NICs: QuadCard, memory: 256 MB, Security Gateway version: VPN-1 NGX
Cluster Member 2: OS: SecurePlatform, NICs: four Intel 3Com, memory: 512 MB, Security Gateway version: VPN-1 NGX
Cluster Member 3: OS: SecurePlatform, NICs: four other manufacturers, memory: 128 MB, Security Gateway version: VPN-1 NGX
SmartCenter Pro Server: MS Windows Server 2003, NIC: Intel NIC (one), Security Gateway and primary SmartCenter Server installed version: VPN-1 NGX
Are these machines correctly configured for a ClusterXL deployment?

A.    No, the SmartCenter Pro Server is not using the same operating system as the cluster members.
B.    Yes, these machines are configured correctly for a ClusterXL deployment.
C.    No, Cluster Member 3 does not have the required memory.
D.    No, the SmartCenter Pro Server has only one NIC.

Answer: B

QUESTION 6
You set up a mesh VPN Community, so your internal networks can access your partner’s network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All other traffic among your internal and partner networks is sent in clear text. How do you configure the VPN Community?

A.    Disable "accept all encrypted traffic", and put FTP and HTTP in the Excluded services in the Community object. Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field.
B.    Disable "accept all encrypted traffic" in the Community, and add FTP and HTTP services to the Security Policy, with that Community object in the VPN field.
C.    Enable "accept all encrypted traffic", but put FTP and HTTP in the Excluded services in the Community. Add a rule in the Security Policy, with services FTP and http, and the Community object in the VPN field.
D.    Put FTP and HTTP in the Excluded services in the Community object. Then add a rule in the Security Policy to allow Any as the service, with the Community object in the VPN field.

Answer: B

QUESTION 7
How does a standby SmartCenter Server receive logs from all Security Gateways, when an active SmartCenter Server fails over?

A.    The remote Gateways must set up SIC with the secondary SmartCenter Server, for logging.
B.    Establish Secure Internal Communications (SIC) between the primary and secondary Servers.
The secondary Server can then receive logs from the Gateways, when the active Server fails over.
C.    On the Log Servers screen (from the Logs and Masters tree on the gateway object’s General Properties screen), add the secondary SmartCenter Server object as the additional log server.
Reinstall the Security Policy.
D.    Create a Check Point host object to represent the standby SmartCenter Server. Then select "Secondary SmartCenter Server" and Log Server", from the list of Check Point Products on the General properties screen.
E.    The secondary Server’s host name and IP address must be added to the Masters file, on the remote Gateways.

Answer: C

QUESTION 8
You want only RAS signals to pass through H.323 Gatekeeper and other H.323 protocols, passing directly between end points. Which routing mode in the VoIP Domain Gatekeeper do you select?

A.    Direct
B.    Direct and Call Setup
C.    Call Setup
D.    Call Setup and Call Control

Answer: A

QUESTION 9
Which component functions as the Internal Certificate Authority for VPN-1 NGX?

A.    VPN-1 Certificate Manager
B.    SmartCenterServer
C.    SmartLSM
D.    Policy Server
E.    Security Gateway

Answer: B

QUESTION 10
You are configuring the VoIP Domain object for a Skinny Client Control Protocol (SCCP) environment protected by VPN-1 NGX. Which VoIP Domain object type can you use?

A.    CallManager
B.    Gatekeeper
C.    Gateway
D.    Proxy
E.    Transmission Router

Answer: A

QUESTION 11
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?

A.    ICMP Port Unreachable
B.    TCP keep alive
C.    IKE Key Exchange
D.    ICMP Destination Unreachable
E.    UDP keep alive

Answer: E

QUESTION 12
Which Security Servers can perform Content Security tasks, but CANNOT perform authentication tasks?

A.    Telnet
B.    FTP
C.    SMTP
D.    HTTP

Answer: C

QUESTION 13
Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?

A.    FTP
B.    SMTP
C.    Telnet
D.    HTTP
E.    rlogin

Answer: B

QUESTION 14
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all sitE. to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?

A.    internal_clear > AII_GwToGw
B.    Communities > Communities
C.    lnternal_clear > External_Clear
D.    lnternal_clear > Communities
E.    internal clear>All communities

Answer: E

QUESTION 15
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?

A.    Internal Gateway VPN Domain = internal_net;
External VPN Domain = external net + external gateway object + internal_net.
B.    Internal Gateway VPN Domain = internal_net.
External Gateway VPN Domain = external_net + internal gateway object
C.    Internal Gateway VPN Domain = internal_net;
External Gateway VPN Domain = internal_net + external_net
D.    Internal Gateway VPN Domain = internal_net.
External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

Answer: D

QUESTION 16
A cluster contains two members, with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster’s IP address is 172.28.108.3, and the internal cluster’s IP address is 10.4.8.3. The synchronization interfaces are 192.168.1.1 and 192.168.1.2. The Security Administrator discovers State Synchronization is not working properly, cphaprob if command output displays as follows:What is causing the State Synchronization problem?

A.    Another cluster is using 192.168.1.3 as one of the unprotected interfaces.
B.    Interfaces 192.168.1.1 and 192.168.1.2 have defined 192.168.1.3 as a suB. interface.
C.    The synchronization interface on the cluster member object’s Topology tab is enabled with "Cluster Interface". Disable this interface.
D.    The synchronization network has a cluster, with IP address 192.168.1.3 defined in the gateway- cluster object. Remove the 192.168.1.3 VIP interface from the cluster topology.

Answer: D

If you want to pass Check Point 156-315.65 successfully, donot missing to read latest lead2pass Check Point 156-315.65 practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/156-315-65.html

         

Why Choose Lead2pass?

If you want to pass the exam successfully in first attempt you have to choose the best IT study material provider, in my opinion, Lead2pass is one of the best way to prepare for the exam.

Lead2pass Testking Pass4sure Actualtests Others
$99.99 $124.99 $125.99 $189 $29.99-$49.99
Up-to-Dated
Real Questions
Error Correction
Printable PDF
Premium VCE
VCE Simulator
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back

Comments are closed.