Testking checkpoint ccse 156-515
- Sunday, August 24, 2008, 10:58
- Study Guide
- 83 views
- Add a comment
Check Point Certified Security Expert Plus NGX : 156-515 Exam
# Test IP forwarding routing and connectivity, before installing VPN-1 NGX.
# Monitor the Default Filter and Initial Policy’s effect on traffic through a Security Gateway, to demonstrate protection these offer.
# Troubleshoot Secure Internal Communications and Internal Certificate Authority issues.
# Troubleshoot Network Address Translation (NAT) issues.
# Given an issue with a particular Check Point product, list the data required for troubleshooting.
# Collect data using the cpinfo utility, for off-line viewing and troubleshooting using the InfoView utility.
# Use DbEdit or GuiDBedit to view and manipulate *.c and *.def files and observe their impact on Security Gateway functionality.
# Manage the fwauth.NDB file to maintain the user database.
# Use log commands to observe and manipulate log files.
# Use tcpdump to capture packets and analyze packet-header formats.
# Use snoop to capture packets, and review three output modes.
# Use fw monitor to capture packets.
# Review fw monitor output using Ethereal.
# Perform kernel debugging using the fw ctl debug command.
# Use fwm debug to analyze SmartCenter Server issues.
# Use fwd debug to analyze kernel-to-application layer issues.
# Use cpd debug to analyze SIC issues.
# Identify relevant fw commands to obtain critical information about NGX components’ status.
# Use fw and fw advanced commands with proper options, to obtain critical information for troubleshooting.
# Identify different stages in the folding process.
# Troubleshoot Security Server issues.
# Debug Security Servers.
# Identify and explain the two phases of the IKE negotiation process.
# Use VPN debugging tools for common troubleshooting practices.
# Use VPN log files and the vpn debug command to troubleshoot VPN connections.
# Use troubleshooting tables as general guidelines for troubleshooting VPN issues.
# Identify necessary ports and their functions when VPN-1 SecuRemote/SecureClient connects to sites.
# Identify packet flows during SecuRemote/SecureClient connection stages.
# Use srfw monitor to capture traffic on SecureClient, and fw monitor on a Security Gateway.
# Use ike debug to capture ike.elg data.
# Analyze ike.elg in IKEview.
# Identify differences between route-based VPNs and domain-based VPNs.
# Configure VTI for route-based VPN Gateways.
# Configure OSPF for dynamic VPN routing in a Community.
# Identify the Wire Mode function by testing a VPN failover.
# Configure Directional VPN Rule Match for route-based VPN.
# Implement and test ClusterXL by following Check Point configuration recommendations.
# Troubleshoot ClusterXL problems, using cphaprob and other related commands.
Donwload Free Certbible, The Most Realistic Practice Questions and Answers,Help You Pass any Exams
A. drwtsn32.log
B. vmcore.log
C. core.log
D. memory.log
E. info.log
Answer: A
Question No: 2 VPN debugging information is written to which of the following files?
A. FWDIR/log/ahttpd.elg
B. FWDIR/log/fw.elg
C. $FWDIR/log/ike.elg
D. FWDIR/log/authd.elg
E. FWDIR/log/vpn.elg
Answer: C
Question No: 1 Which files should be acquired from a Windows 2003 Server system crash with a Dr. Watson
error?
Question No: 3 fw monitor packets are collected from the kernel in a buffer. What happens if the buffer
becomes full?
A. The information in the buffer is saved and packet capture continues, with new data stored in the buffer.
B. Older packet information is dropped as new packet information is added.
C. Packet capture stops.
D. All packets in it are deleted, and the buffer begins filling from the beginning.
Answer: D
Question No: 4 Which file provides the data for the host_table output, and is responsible for keeping a
record of all internal IPs passing through the internal interfaces of a restricted hosts licensed Security
Gateway?
A. hosts.h
B. external.if
C. hosts
D. fwd.h
E. fwconn.h
Answer: D
Question No: 5 You modified the *def file on your Security Gateway, but the changes were not applied. Why?
A. There is more than one *.def file on the Gateway.
B. You did not have the proper authority.
C. *.def files must be modified on the SmartCenter Server.
D. The *.def file on the Gateway is read-only.
Answer: C
Question No: 6 Assume you have a rule allowing HTTP traffic, on port 80, to a specific Web server in a
Demilitarized Zone (DMZ). If an external host port scans the Web server’s IP address, what information
will be revealed?
A. Nothing; the NGX Security Server automatically block all port scans.
B. All ports are open on the Security Server.
C. All ports are open on the Web server.
D. The Web server’s file structure is revealed.
E. Port 80 is open on the Web server.
Answer: E
Question No: 7 Which of the following types of information should an Administrator use tcpdump to
view?
A. DECnet traffic analysis
B. VLAN trunking analysis
C. NAT traffic analysis
D. Packet-header analysis
E. AppleTalk traffic analysis
Answer: D
Question No: 8 Which statement is true for route based VPNs?
A. IP Pool NAT must be configured on each gateway
B. Route-based VPNs replace domain-based VPNs
C. Route-based VPNs are a form of partial overlap VPN Domain
D. Packets are encrypted or decrypted automatically
E. Dynamic-routing protocols are not required
Answer: E
Question No: 9 The list below provides all the actions Check Point recommends to troubleshoot a problem
with an NGX product.
A.List Possible Causes B.Identify the
Problem C.Collect Related Information
D.Consult Various Reference Sources
E.Test Causes Individually and Logically
Select the answer that shows the order of the recommended actions that make up Check Point’s
troubleshooting guidelines?
A. B, C, A, E, D
B. A, E, B, D, C
C. A, B, C, D, E
D. B, A, D, E, C
E. D, B, A, C, E
Answer: A
Question No: 10 NGX Wire Mode allows:
A. Peer gateways to establish a VPN connection automatically from predefined preshared secrets.
B. Administrators to verify that each VPN-1 SecureClient is properly configured, before allowing it access to the
protected domain.
C. Peer gateways to fail over existing VPN traffic, by avoiding Stateful Inspection.
D. Administrators to monitor VPN traffic for troubleshooting purposes.
E. Administrators to limit the number of simultaneous VPN connections, to reduce the traffic load passing
through a Security Gateway.
Answer: C
Interactive Testing Engine Included!
70 Questions
Updated : 03/04/2008
Price : $87.99 $79.99
More info:Testking checkpoint 156-515
password:www.testking.name
| certification braindumps |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Certbible 's Exam Pack |
597 |
1 days ago | Available |
Realted Post
Top Posts for Today
- Packet Tracer 5.0 Full Version (309 views)
- All crack Pass4sure Exams (205 views)
- Packet Tracer 5.1 for Windows with Cisco Official tutorials (183 views)
- Cisco Packet Tracer 5.0 Beta4 (178 views)
- Free Certification Bible Dumps and IT eBooks (153 views)
- How to Open VCE Files (148 views)
- SAP Ebooks Megapost - 2 - AF (124 views)
- Draft of New PMBOK - PMBOK 4th edition is now available (102 views)
- New Pass4sure Cisco CCNA 640-802 V3.20 Dumps (92 views)
- Java Scjp 1.5 Exam Dumps Excellent (90 views)
Visited 295 times, 4 so far today
About the Author
certificate has written 9258 stories on this site.
If you have any doubts about legality of content or you have another suspicions, feel free to contact us:CertGuard@gmail.com
Write a Comment
Gravatars are small images that can show your personality. You can get your gravatar for free today!
