Checkpoint 156-915.71 Dumps
Exam: Check Point Certified Security Expert Update Blade
Checkpoint 156-915.71 Exam Tutorial
Question No : 1 - Topic 1
When using ClusterXl in load sharing, what method is used be default?
A. IPs, SPIs
B. IPs, Ports, SPIs
D. IPs, Ports
Question No : 2 - Topic 1
After repairing a Smart Workflow session:
A. The session moves to status Repaired and a new session can be started
B. The session moves to status Awaiting Repair and must be resubmitted
C. The session is continued with status Not approved and a new session must be started
D. The session is discarded and a new session is automatically started
Question No : 3 - Topic 1
Which of the following components receives events and assigns severity levels to the
events; then any defined automatic reactions and adds the events to the Events Data
A. SmartEvent Client
B. SmartEvent Server
C. SmartEvent Correlation Unit
D. SmartEvent Analysis DataServer
Question No : 4 - Topic 1
You have received an LDAP account unit and confirmed the apply & fetch branches
options works in SSL.VPN, but end users still cannot be authenticated. What is the most
A. The administrator login is incorrect
B. the LDAP server is incorrectly configured.
C. The user is not defined in active directory
Question No : 5 - Topic 1
You just upgraded to R71 and are using the IPS Software Blade You want to enable all
critical protections while keeping the rate of false positively very low. How can you achieve
A. The new IPS system is based on policies, but it has no ability to calculate or change the confidence level, so it always has a high rate of false positives.
B. This cant be achieved; activating any IPS system always causes a high rate of false positives.
C. The new IPS system is based on policies and gives you the ability to activate all checks with critical severity and a high confidence level.
D. As in SmartDefense, this can be achieved by activating all the critical checks manually.
Question No : 6 - Topic 1
By default, a standby Security Management Server is automatically synchronized by an
active Security Management Server, when:
A. The Security Policy is saved.
B. The Security Policy is installed.
C. The user database is installed.
D. The standby Security Management Server starts for the first time.
Question No : 7 - Topic 1
How do you verify the Check Pant kernel running on a firewall?
A. fw ctrl get kernel
B. fw ctrl pstat
C. fw kernel
D. fw ver -k
Question No : 8 - Topic 1
Which statement is TRUE for route-based VPNs?
A. IP Pool NAT must be configured on each Gateway
B. Route-based VPNs are a form of partial overlap VPN Domain
C. Dynamic-routing protocols are not required
D. Route-based VPNs replace domain-based VPNs
Question No : 9 - Topic 1
What could the following regular expression be used for in a DLP rule?
$ 9 [0-9] *, [0-9] [0-9] [0-9], [0-9] [0-9]
Select the best answer
A. As a Data Type to prevent programmers from leaking code outside the company
B. As a compound data type representation.
C. As a Data Type to prevent employees from sending an email that contains a complete price-list of nine products
D. As a Data Type to prevent the France Department from leaking salary information to employees
Question No : 10 - Topic 1
John is configuring a new R17 Gateway cluster but he cannot configure the cluster as Third
Party IP Clustering in Gateway Cluster Properties:
A. John is not using third party hardware as IP Clustering is part of Check Points IP Appliance.
B. Third Party Clustering is not available for R71 Security Gateways.
C. ClusterXL needs to be unsetected to permit 3nd party clustering configuration.
D. John has an invalid ClusterXL license
Question No : 11 - Topic 1
In which case is a Sticky Decision Function relevant?
A. Load Sharing - Unicast
B. Load Balancing - Forward
C. High Availability
D. Load Sharing - Multicast
Question No : 12 - Topic 1
The default port for browser access to the Management Portal is
Question No : 13 - Topic 1
When selecting a backup target using SmartProvisioning, which target is NOT available?
B. Locally on device
Question No : 14 - Topic 1
Date type = Large file (>500KB)
Source = My organization
Protocol = any
Action = ask user
All other rules are set to detect. User check is enabled and installed on all client machines.
A. when a user uploads a 600 KB file to his yahoo account via web mail (via his browser), he will be prompted by user check
B. When a user sends an e-mail with a small point with a small body and 5 attachments, each of 200 KB to, he will be prompted by user check.
C. When a user sends an email with an attachment larger than 500 KB to, he will be prompted by user check.
D. When a user sends an email with an attachment larger than 500 KB to, he will be prompted by user check.
Question No : 15 - Topic 1
TotallyCoolSecuirty Company has a large security staff. Bob configured a new IPS
Chicago_Profile for fw-Chicago using Detect mode. After reviewing Matt noticed that fw-
Chicago is not detecting any of the IPS protections that Bob had previously setup. Analyze
the output below and determine how Matt corrects the problem.
A. Matt should assign the fw-Chicago Security Gateway to the Chicago_Profile.
B. Matt should the Chicago_Profile to use Protect mode because Detect mode
C. Matt should re-create the Chicago_Profile and select Active protections manually instead of per the IPS Policy.
D. Matt should activate the Chicago_Profile as it is currently not activated.
Question No : 16 - Topic 1
A customer is calling saying one member's status is Down. What will you check?
A. cphaprob list (verify what critical device is down)
C. tcpdump/snoop (CCP traffic)
D. fw ctl pstat (check sync)
Question No : 17 - Topic 1
Which of the following is NOT an Smartevent event-triggered Automatic Reaction?
B. Block Access
C. External Script
D. SNMP Trap
Question No : 18 - Topic 1
The following graphic illustrates which command being issued a Secure Platform?
A. fwsecurexl stats
B. fwaccel stats
C. fw accel stats
D. fw securexl stats
Question No : 19 - Topic 1
When synchronizing clusters, which of the following statements is NOT true?
A. Client Auth or Session Auth connections through a cluster member will be lost if the cluster member fails.
B. The stare of connection using resources is maintained by a Security Server, so there connections cannot be synchronized.
C. Only cluster members running on me same OS platform can be synchronized.
D. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
Question No : 20 - Topic 1
With Smart Event what is the Analyzer function?
A. Analyze log entries, looking for event Policy patterns.
B. Generate a threat analysis report from the Analyzer database
C. Display received threats and tune the Events Policy.
D. Assign severity levels to events