Because CheckPoint 156-305 exam has changed recently,Flydumps presents the new version of CheckPoint 156-305 exam practice test, which helps candidates to pass the CheckPoint 156-305 exam easily.The exam dumps covers all aspect of CheckPoint 156-305 exam.You can visit our website to free CheckPoint 156-305 exam download the New Version VCE Player.
QUESTION 61
Which of the following modes allows a client in a load-balanced environment to retain its connection with the same server during a session?
A. Persistent Client Mode
B. Persistent Server Mode
C. Persistent Router Mode
D. Active Server Mode
E. Active Client Mode
Correct Answer: B
QUESTION 62
Certificate Revocation Lists (CRL) are maintained on the LDAP Server. You have problems when the Server. Which of the following troubleshooting steps would you perform?
A. Check the connectivity.
B. Check the entrust.ini files.
C. Run “fw authgexport -f -f_” from a command line prompt.
D. Use FireWall-1/VPN-1 Resource Hit’s certlist.exe.
E. Create the text file $FWAUTH/conf/loggers and input the public key.
Correct Answer: C
QUESTION 63
When configuring MEP, “Enable Backup Gateway for SecuRemote connections” must be selected from what tab of the Properties Setup screen?
A. IP Pool NAT
B. Security Policy
C. Entry Point
D. High Availability
E. Security Servers
Correct Answer: D
QUESTION 64
What interface should be resolvable to the firewall module’s real host name when dealing with a SEP configuration?
A. DMZ Interface
B. Secure (Control) Interface
C. External Interface
D. Virtual Interface
E. Internal Interface
Correct Answer: B
QUESTION 65
State synchronization should be used with the _______ High Availability configuration.
A. Single Entry Point
B. Dual Entry Point
C. Tandem Entry
D. Collateral Entry
E. Synchronized Entry
Correct Answer: A
QUESTION 66
When describing encryption domain, a PROPER SUBSET implies that:
A. Gateway encryption domains are identical.
B. Gateway encryption domains share on or more hosts, but each host that are NOT shared.
C. One Gateway encryption domain is fully contained within another gateway encryption domain.
D. Two or more Gateway encryption domains are fully contained within another gateway encryption domain.
E. Gateway encryption domains share the same firewall.
Correct Answer: C
QUESTION 67
Which of the following is NOT one of the Desktop Policies that may be issued by a Policy Server?
A. Allow All
B. Allow Outgoing and Encrypted
C. Allow Incoming and Encrypted
D. Allow Outgoing Only
E. Allow Encrypted Only
Correct Answer: C
QUESTION 68
A ______ is a ______ with added features for securing an interval network?
A. Desktop Policy, Policy Server
B. SecureClient, SecuRemote Server
C. SecureRemote Server, Policy Server
D. Policy Server, SecuRemote Server
E. Policy Server, Desktop Policy
Correct Answer: D
QUESTION 69
When a SecuRemote Client and Server Key exchange occurs, the SecuRemote user will be re-authenticated if the passwords has been erased.
A. True
B. False
Correct Answer: A
QUESTION 70
You are in the process of setting up a local firewall for aggressive ISAKMP Phase One Exchange. This means you are exchanging the standard six packet ISAKMP Phase One exchange for a(n) _________ packet exchange.
A. One
B. Two
C. Three
D. Five
E. Ten
Correct Answer: C
QUESTION 71
When using FWZ in a firewall-to-firewall VPN ______ is used to manage session keys, encryption methods, and data integrity.
A. ICMP
B. RDP
C. TCP
D. FW1_Mgmt
E. RWS
Correct Answer: B
QUESTION 72
You are setting up a VPN, and you want to encrypt not just the data packet, but the original headers as well. Which encryption scheme would you select?
A. Tunneling Mode
B. In-place
C. BlowFish
D. RC4
E. CAST
Correct Answer: A
QUESTION 73
You are developing a network between separate corporate partners, each having its own secure intranet. If you want to share data among them, the type of VPN you would develop is a(n):
A. Client-to-Site VPN
B. Server-to-Server VPN
C. Intranet VPN
D. Extranet VPN
E. None of the above.
Correct Answer: D
QUESTION 74
Which of the following are SYNDefender schemes offered by the VPN-1/FireWall-1 software to protect against SYN flood attacks?
A. SYNProtector, SYNStopper
B. SYN Gateway, Passive SYN Gateway
C. SYN Gateway, SYNStopper
D. SYNProtector, SYN Gateway, Passive SYN Gateway
E. SYNProtector, SYN Gateway, SYNStopper, Passive SYN Gateway
Correct Answer: B
QUESTION 75
The user composes a mail message and sends it through the firewalled gateway SMTP client to the original server. Assuming all necessary actions have been performed and the message has been transferred to the spool directory, which actions does the mail dequeuer perform next?
A. The mail dequeuer examines the spool directory for the messages.
B. the mail dequeuer takes R files and sends them, or processes them into E files.
C. The mail dequeuer opens a second connection to the final SMTP Server.
D. The mail dequeuer, after opening a connection to the mail server, opens a connection to the CVP Server if needed.
E. The mail dequeuer receives the files back from CVP Server and completes the sending of the message to final SMTP Server.
Correct Answer: A
QUESTION 76
Most load-balancing algorithms use dynamic address translation. However, the ______ and _________ algorithms use Connect Control.
A. Round Trip, Server load
B. Random, Domain
C. Random, Round Robin
D. Server Load, Round Trip
E. Server Load, Domain
Correct Answer: B
QUESTION 77
CRL lookups flow from the FireWall-1 modules, or the SecuRemote machines, to the LDAP Server.
When problems occur with CRL verification, how would you verify that the IP addresses and port numbers
are correctly referencing the CA and LDAP Severs?
A. Check the connectivity.
B. Check CRL timeout and other config parameters.
C. Check the entrust.ini files.
D. Run “fw authgezport -f -n” from a command line prompt.
E. Use Windows NT Resource Kit’s pulist.exe.
Correct Answer: C
QUESTION 78
Multiple Entry Point configurations support:
A. Manual IPSec encryption
B. Gateway clusters
C. IP pools
D. SKIP encryption
E. Local management
Correct Answer: C QUESTION 79
When describing encryption domains, a FULL OVERLAP implies that:
A. Gateway encryption domains are identical.
B. Gateway encryption domains share on or more hosts, but each has hosts that are NOT shared.
C. One Gateway encryption domain is fully contained within another gateway encryption domain.
D. Two or more Gateway encryption domains are fully contained within another gateway encryption domain.
E. Gateway encryption domains share the same firewall.
Correct Answer: A QUESTION 80
SecureClient syntax checking can be used to monitor users.C file parameters. This checking is used to prevent errors causing the site, to which it belongs, form being deleted.
A. True
B. False
Correct Answer: A QUESTION 81
A desktop user’s SecureClient has established an initial connection and downloaded a Desktop Policy from a Policy Server. Which of the following is a visual indicator conforming this event?
A. SecureClient button will appear in the NT Task Bar.
B. SecureClient button will disappear in the NT Task Bar.
C. Pop-up message will ask the user to reboot the machine.
D. Grey login shortcut icon on SecureClient toolbar will “light up” become available for use.
E. Grey login icon will disappear when the window is refreshed.
Correct Answer: D QUESTION 82
For standard RFC (Request For Comment) compliant IKE encryption, a user’s authenticationmethod is defined where?
A. In the “Authentication” tab of the user-
B. In the “Encryption” tab of the firewall and the “Authentication” tab of the user.
C. In the “Encryption” tab of the firewall and the “Encryption” tab of the user.
D. In the “Authentication” tab on the firewall.
E. In the “Authentication” tab of the firewall and the user.
Correct Answer: C QUESTION 83
Symmetric encryption uses the same key for encryption and decryption.
A. True
B. False
Correct Answer: A QUESTION 84
You are developing a Wide Area Network between a corporate main office and a group of branch sales offices. You are looking for fast, strong encryption for highspeed links. Reliability to ensure prioritization of missioncritical applications. The classification of this extended corporate network is:
A. Client-to-Firewall VPN
B. Server-to-Server VPN
C. Intranet VPN
D. Extranet VPN
E. None of the above.
Correct Answer: C
QUESTION 85
If there is a syntax error in the cvpm.conf file, where will the error be logged?
A. An error message will be displayed and a log entry will be generated to the VPN-1/FireWall-1 log.
B. An error message will be displayed but no log entry will be generated.
C. No error message is generated.
D. An error message will not be displayed but a long entry will be generated to the VPN-1/FirwWall-1 log.
E. An event is logged to the NT event viewer only.
Correct Answer: E
QUESTION 86
The Check Point VPN-1/FireWall-1 software provides Content Security for which combination of the following?
A. RLOGIN, HTTP, FTP
B. FTP, TELNET, HTTPS
C. HTTP, FTP, TELNET
D. HTTP, RLOGIN, SMTP
E. HTTP, FTP, SMTP
Correct Answer: E
QUESTION 87
Which of the following should NOT be used to write user-defined alert applications?
A. C/C++
B. ActiveX
C. Bourne shell
D. Perl
Correct Answer: B
QUESTION 88
Which configuration requires synchronized gateways?
A. Single Entry Point
B. Multiple Entry Point
C. Dual Entry Point
D. Tandem Entry
E. Synchronized Entry
Correct Answer: A
QUESTION 89
If you want to stop SecureClient users from changing their Desktop Policy, you can include the line “:manual_slan_control(false)” in which file?
A. server.def
B. userc.C
C. policy.h
D. client.def
E. rulebase.fws
Correct Answer: B
QUESTION 90
During a SecuRemote installation, which of the following options must you select to activate SecureClient?
A. Install SecuRemote without Desktop Support.
B. Install on all network adapters.
C. Log into Policy Server.
D. Install Desktop Security Support.
E. Install on Mobile Desktop Components.
Correct Answer: D
QUESTION 91
Which encrypting scheme provides “In-place” encryption?
A. SKIP
B. Manual IPSec
C. IKE
D. FWZ
E. DES
Correct Answer: D
QUESTION 92
Where do you configure the types of alerts that CPMAD generates?
A. $syntax/conf directory
B. $FWDIR/bin directory
C. The cpmad_config.conf file, and the Log and Alert tab of the Properties Setup screen.
D. The Security tab of the Workstation Properties screen for the firewall object.
E. The Security of the Server Properties screen for the firewall object.
Correct Answer: C
QUESTION 93
You are implementing load-balancing, and using the firewall’s external IP address as the logical server IP address. Does the following Rule Base correctly apply HTTP load-balancing?
A. True
B. False
Correct Answer: A
QUESTION 94
By default, how often will SecuRemote query the external gateway of a MEP configured network?
A. Every 30 minutes.
B. Every 15 minutes.
C. Every 5 minutes.
D. Every minute.
E. Never
Correct Answer: D QUESTION 95
When you configure a proper subset cryptosystem, you must configure the Rule Base of exterior gateway to allow SecuRemote connections to remain encrypted passing though the internal gateway.
A. True
B. False
Correct Answer: A QUESTION 96
Which parameter, if FALSE, will postpone sending an RDP status query until the information is actually needed?
A. keepalive
B. dns_xlate
C. active_resolver
D. resolver_session_interval
E. resolver_ttl
Correct Answer: C QUESTION 97
You have NOT selected “Encapsulate SecuRemote connections”. A packet will still reach its destination unless destination has an illegal or reserved IP address.
A. True
B. False
Correct Answer: A QUESTION 98
You are using a 56-bit encryption key called DES. Your client is concerned that us insufficient security. You reconfigure the VPN to use the strongest encryption used by the VPN-1/FireWall-1. Which of the following would you use?
A. 3DES
B. FWZ-1
C. BlowFish
D. RC4
E. CAST
Correct Answer: A QUESTION 99
Based on the Rule Base, the inspect engine diverts all packets that match this rule to the corresponding Security Server.
A. True
B. False
Correct Answer: B QUESTION 100
Which of the following describes one of the network conditions that must be satisfied when implementing a SEP configuration?
A. IP pools must be defined and implemented.
B. The Management Server must be installed on a member of the SEP configuration.
C. Manual IPSec encryption cannot be used.
D. Participating SEP gateways must be using a similar Security Policy.
E. State synchronization between the participating gateways.
Correct Answer: E
QUESTION 101
How do you enable “connection” logging when using SecureClient?
A. Go into the registry and add the key EnableLogging=1.
B. Create a file fwenc.log in the root directory.
C. Select “Enable Logging under options in the tool menu of the SecureClient GUI.
D. Create a file sr.log in the log directory.
E. Create a file sr.log in the root directory.
Correct Answer: C
QUESTION 102
The IKE encryption key for SecuRemote connections remains valid by default for:
A. About 15 minutes.
B. About 30 minutes.
C. About 45 minutes.
D. About 60 minutes.
E. The entire remote user operating session.
Correct Answer: E
QUESTION 103
You are in the process of the setting up a local firewall object. You are installing the Security Policy to update the CA and DH keys. Once you fetch the CA public key you will see a warning message. At this point you should:
A. Select Verify from the options menu.
B. Close the message and verify the key by some non-network means.
C. Re-send to the Certificate Authority to confirm the key.
D. Immediately shut down as your net has been compromised.
E. Restart the firewall to clear the false error.
Correct Answer: B
QUESTION 104
If for some reason CPMAD terminates, which of the following commands listed below will restart it?
A. $FWDIR/bin/fwstart
B. $FWDIR/conf/cpmad_start
C. $FWDIR/bin/cpmad_start
D. $FWDIR/conf/fwstart
E. None of the above.
Correct Answer: A
QUESTION 105
When you have selected Wild Cards as the URI match, which of the following is NOT a valid scheme for URI resources?
A. mailto
B. news
C. WAIS
D. HTTP
E. UDP
Correct Answer: E
We provide CheckPoint 156-305 exam help and information on a wide range of issues. CheckPoint 156-305 is professional and confidential and your issues will be replied within 12 hous.CheckPoint 156-305 exam free to send us any questions and we always try our best to keeping our Customers Satisfied.
