156-915.65 Online Practice Questions and Answers

Which of the following would NOT be a reason for beginning with a fresh installation of VPN.1 NGX R65, instead of upgrading a previous version to VPN.1 NGX R65?

A. You see a more logical way to organize your rules and objects.

B. YOU want to keep your Check Point configuration.

C. Your Security Policy includes rules and objects whose purpose you do not know.

D. Objects and rules' naming conventions have changed overtime.

Match the remote-access VPN Connection mode features with their descriptions:

A. A 3,B 4,C 2,D 1

B. A 2,B 3,C 4,D 1

C. A 2,B 4,C 3,D 1

D. A 1. B 3,C 4,D 2

Which of the following would NOT be a reason for beginning with a fresh installation of VPN-1 NGX R65, instead of upgrading a previous version to VPN-1 NGX R65?

A. You see a more logical way to organize your rules and objects.

B. YOU want to keep your Check Point configuration.

C. Your Security Policy includes rules and objects whose purpose you do not know.

D. Objects and rules' naming conventions have changed overtime.

When configuring Port Scanning, which level of sensitivity detects more than 100 inactive ports are tried for a period of 30 seconds?

A. LOW

B. High

C. None. Such a level does not exist.

D. Medium

Your VPN-1 NGX R65 primary SmartCenter Server is installed on SecurePlatform. You plan to schedule

the SmartCenter Server to run fw logswitch automatically every 48 hours.

How do you create this schedule?

A. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logs and Masters window, to schedule a logswitch.

B. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable "Schedule log switch", and select the time object.

C. Create a time object, and add 48 hours as the interval. Open the primary SmartCenter Server object's Logs and Masters window, enable "Schedule log switch", and select the Time object.

D. On a SecurePlatform SmartCenter Server, this can only be accomplished by configuring the fw logswitch command via the cron utility.

You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal network as defined on the Topology tab setting "All IP Addresses behind Gateway based on Topology information." You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPSec tunnels instead of the routed VTI tunnels. What is the problem and how do you make the VPN to use the VTI tunnels?

A. Route-based VTI takes precedence over the Domain VPN. Troubleshootthe static route entries to insure that they are correctly pointing to the VTI gateway IP

B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community

C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes

D. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain

The Check Point ClusterXL mode must synchronize the physical interface IP and MAC addresses on all clustered interfaces

A. New Mode HA

B. Legacy Mode HA

C. Multicast Mode Load Sharing

D. Pivot Mode Load Sharing

You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four

machines with the following configurations: Cluster Member 1: OS:

SecurePlatform, NICs: QuadCard, memory: 512 MB, Security Gateway only, and version:

VPN-1 NGX R65

Cluster Member 2: OS: SecurePlatform, NICs: 4 Intel 3Com, memory: 512 MB, Security Gateway only, and

version: VPN-1 NGX R65 Cluster Member 3: OS: SecurePlatform, NICs: 4 other manufacturers, memory:

256 MB, Security Gateway only, and version: VPN- 1 NGX R65 SmartCenter Server: MS Windows 2000,

NIC: Intel NIC (1), Security Gateway and primary SmartCenter Server installed, version: VPN-1 NGX R65

Are these machines correctly configured for a ClusterXL deployment?

A. No, Cluster Member 3 does not have the required memory.

B. NO, the Security Gateway cannot be installed on the SmartCenter Pro Server.

C. Yes, these machines are configured correctly for a ClusterXL deployment.

D. NO, the SmartCenter Pro Server is not running the same operating system as the cluster members.

Match the Best Management High Availability synchronization-status descriptions for your SmartCenter Server (SCS)

A. A3.B 1.C2.D4

B. A4.B3.C 1.D2

C. A3.B2.C 1.D4

D. A3.B 1.C4.D2

What port is used for communication to the User Center with SmartUpdate?

A. CPMI

B. TCP 8080

C. HTTPS

D. HTTP