156-315-71 Check Point Security Expert R71

Page 1   
Question 1

You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of
40, and the Default Rule with a weight of 10. If the only traffic passing through your QoS
Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?

  • A. 80%
  • B. 40%
  • C. 100%
  • D. 50%


Answer : D

Question 2

What is a task of the SmartEvent Correlation Unit?

  • A. Add events to the events database.
  • B. Look for patterns according to the installed Event Policy.
  • C. Assign a severity level to an event
  • D. Display the received events.


Answer : B

Question 3

Which Check Point QoS feature is used to dynamically allocate relative portions of
available bandwidth?

  • A. Guarantees
  • B. Weighted Fair Queuing
  • C. Low Latency Queuing
  • D. Differentiated Services


Answer : B

Question 4

Exhibit :


UserA is able to create a SmartLSM Security Cluster Profile , you must select the correct
justification.

  • A. False. The user must have at least Read permissions for the SmartLSM Gateways Database
  • B. True Only Object Database Read/Write permissions are required to create SmartLSM Profiles
  • C. False The user must have Read/Write permissions for the SmartLSM Gateways Database.
  • D. Not enough information to determine. You must know the user's Provisioning permissions to determine whether they are able to create a SmartLSM Security Cluster Profile


Answer : D

Question 5

When you check Web Server in a host-node object, what happens to the host?

  • A. The Web server daemon is enabled on the host.
  • B. More granular controls are added to the host, in addition to Web Intelligence tab settings.
  • C. You can specify allowed ports in the Web server's node-object properties. You then do not need to list all allowed ports in the Rule Base.
  • D. IPS Web Intelligence is enabled to check on the host.


Answer : B

Question 6

You are concerned that the processor for your firewall running NGX R71 SecurePlatform
may be overloaded. What file would you view to determine the speed of your processor(s)?

  • A. cat /etc/cpuinfo
  • B. cat /var/opt/CPsuite-R71/fw1/conf/cpuinfo
  • C. cat /etc/sysconfig/cpuinfo
  • D. cat /proc/cpuinfo


Answer : D

Question 7

Which of the following is the default port for Management Portal?

  • A. 4434
  • B. 443
  • C. 444
  • D. 4433


Answer : D

Question 8

John is the MegaCorp Security Administrator, and is using Check Point R71. Malcolm is
the Security Administrator of a partner company and is using a different vendor's product
and both have to build a VPN tunnel between their companies. Both are using clusters with
Load Sharing for their firewalls and John is using ClusterXL as a Check Point clustering
solution. While trying to establish the VPN, they are constantly noticing problems and the
tunnel is not stable and then Malcolm notices that there seems to be 2 SPIs with the same
IP from the Check Point site. How can they solve this problem and stabilize the tunnel?

  • A. This can be solved by running the command Sticky VPN on the Check Point CLI. This keeps the VPN Sticky to one member and the problem is resolved.
  • B. This is surely a problem in the ISPs network and not related to the VPN configuration.
  • C. This can be solved when using clusters; they have to use single firewalls.
  • D. This can easily be solved by using the Sticky decision function in ClusterXL.


Answer : D

Question 9

Which of the following statements about the Port Scanning feature of IPS is TRUE?

  • A. The default scan detection is when more than 500 open inactive ports are open for a period of 120 seconds.
  • B. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
  • C. Port Scanning does not block scanning; it detects port scans with one of three levels of detection sensitivity.
  • D. When a port scan is detected, only a log is issued, never an alert.


Answer : C

Question 10

John is the MultiCorp Security Administrator. If he suggests a change in the firewall
configuration, he must submit his proposal to David, a security manager. One day David is
out of the office and john submits his proposal to peter. Surprisingly, Peter is not able to
approve the proposal because the system does not permit him to do so?



Both David and Peter have accounts as administrators in the Security Management server
and both have the Read/Write ALL permission. What is the reason for this difference?

  • A. There were some Hardware/Software issues at Security Management server on the first day.
  • B. Peter was no logged on to system for a longer time
  • C. The attribute Manage Administrator was not assigned to Peter
  • D. The specific SmartWorkflow read/Write permission were assigned to David only.


Answer : C

Question 11

With SmartEvent, what is the Client's function?

  • A. Display received threats and tunes the Events Policy
  • B. Generate a threat analysis report from the Reporter database.
  • C. Assign severity levels to events.
  • D. Invoke and define automatic reactions and add events to the database


Answer : A

Question 12

Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?

  • A. Subnet-based VPN
  • B. Route-based VPN
  • C. Host-based VPN
  • D. Domain-based VPN


Answer : B

Question 13

Which Check Point product implements a Consolidation policy?

  • A. SmartView Monitor
  • B. SmartLSM
  • C. SmartView Tracker
  • D. SmartReporter


Answer : D

Question 14

What process manages the dynamic routing protocols (OSPF, RIP, etc.) on
SecurePlatform Pro?

  • A. gated
  • B. arouted
  • C. routerd
  • D. There's no separate process, but the Linux default router can take care of that.


Answer : A

Question 15

You are establishing a ClusterXL environment, with the following topology:


External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The
upstream router connects to the same VLAN switch. Internal interfaces 172.16 10.1 and
172.16.10.2 connect to a hub. 10.10.10.0 is the synchronization network. The Security
Management Server is located on the internal network with IP 172.16.10.3. What is the
problem with this configuration?

  • A. There is an IP address conflict
  • B. The Security Management Server must be in the dedicated synchronization network, not the internal network.
  • C. The Cluster interface names must be identical across all cluster members.
  • D. Cluster members cannot use the VLAN switch. They must use hubs.


Answer : B

Page 1