|Checkpoint 156-915.76 : Check Point Certified Security Expert Update Blade||269 Questions & Answers||Updated: Jul 21,18|
Immediate access to the Checkpoint 156-915.76 Exam and 1800+ other exam PDFs.
This is the BEST deal at only $149.00 for unlimited access. Pass FAST with actual answers to actual questions - We Guarantee You Pass!
Both of our Exams Packages come with all of our Checkpoint Exams including all ActualTests 156-915.76 tests. Find the same core area Checkpoint questions with professionally verified answers, and PASS YOUR EXAM.
Option 1: 156-915.76 exam and 1,800+ Other Exams
OR - Upgrade the Unlimited Access Package to include our Exam Engine. Know more than just the answers, understand the solutions! There is an Exam Engine for each of the 1,800 tests, including Checkpoint 156-915.76. Why Upgrade?
Option 2: 156-915.76 exam, 1,800+ Other Exams PLUS Exam Engine
ActualTests 156-915.76 Exam Engine Features
Customize your Check Point Certified Security Expert Update Blade certification experience.
Checkpoint 156-915.76 Exam Tips
What is the name given to the ability of SecuRemote gateways to provide redundancy?
A. High uptime
B. Low downtime
C. High availability (correct)
D. High recovery
Relating to Checkpoint Technologies, 'High availability' enables enforcement modules to participate in CPHA (Check Point High Availability) configuration with one or more other enforcement modules to provide redundancy. See page 86 of Syngress Book 'Checkpoint NG- Next Generation Security Administration'.
What is not a valid load-balancing algorithm in FW1?
A. Server load
B. Bandwidth (correct)
C. Round trip
D. Round robin
'Bandwidth' is not a valid load-balancing algorithm in FW1, the valid ones are: Server load (that needs an agent installed in the servers to provide load information), Round Trip (that uses ICMP to calculate the best server), Round Robin (that selects the destination server in order from a list), Random (that sends the request in a random fashion) and Domain (that use the user location based on DNS).
Where would you configure desktop security for Secure Clients?
A. On the global properties setup screen select security servers.
B. On the global properties setup screen select services.
C. On the global properties setup screen select security policy.
D. On the global properties screen select desktop security. (correct)
When you enter to the global properties, you have the 'Desktop Security' tab. From there you can configure SecuRemote and Secure Client Validation Timeouts, IKE properties for SecuRemote and
Secure Client, Desktop Configuration verification, Configuration Violation Verification and Early version verification.
See Page 12.9 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
How would you configure an MEP VPN on the global properties setup screen?
A. On the high availability screen select "enable backup gateway". (correct)
B. On the high availability screen select "enable gateway clusters".
C. On the desktop security screen select "enable backup gateway".
D. On the connect control screen select "enable gateway clusters".
Multiple entry point VPNs (MEPs) deployment make use of the VPN1/FW1 'Backup Gateway Feature'. You should remember that MEP is primary used to support providing automatic backup gateways to SecuRemote clients. You can make this configuration at the 'Gateway High availability' tab in the properties of the Gateway object. Under the 'High availability options' select 'Enable backup gateway' to provide high availability in a multiple entry point configuration. See page 496 of Syngress Book 'Checkpoint NG - Next Generation Security Administration'.
When configuring a URI definition what is NOT a valid URI match specification type?
A. CVP (correct)
B. Wild cards
NG suite supports 3 "URI match specification types" they are "Wild Cards", "File" and "UFP". This can be configured in the "General" tab in the properties of the URI resource. We don't have a "CVP option". The URI Match specification type radio group tells VPN1/FW1 how you want to inspect the URI's matched by this object. See page 321 of Syngress Book "Checkpoint NG - Next Generation Security Administration".
Which form of overlapping encryption domain is NOT supported by VPN-1/FW-?
A. Full overlap
B. Partial overlap (correct)
C. Proper subset
A VPN encryption domain is a group of networks or hosts behind a firewalled gateway that participate in a VPN. Any traffic coming from one VPN domain and going to another will be encrypting outbound, and then decrypted inbound at the other end. We can have "Full overlap" and "Proper Subset" of overlapping in the VPN encryption domains supported by the NG suite. Partial overlap is not supported by VPN1/FW1.
What is the default port for a secure socket layer (SSL) LDAP connection?
B. 636 (correct)
The normal port for LDAP servers is port 389 TCP but in the case that we want to use the LDAP services through a Secure Sockets Layer connection (SSL), the default port is 636 TCP. Your LDAP server must support connections through SSL to enable this type of connection. As a benefit, it increases security. You can check this in the online NG documentation, see "SSL + LDAP".
Which encryption algorithms are supported by IKE? (Choose all that apply)
A. DES (correct)
B. CAST (correct)
D. 3DES (correct)
E. AES-256 (correct)
IKE (Internet Key Exchange) encryption scheme can be used with the following encryption algorithms: DES, 3DES, AES and CAST, for integrity it can use MD5 or SHA-1. You cant use FWZ-1 as an encryption algorithm with IKE because it's Checkpoint's proprietary an is only supported by the FWZ encryption scheme.
See Page 7.13 of CCSE NG Official Courseware.(VPN1-FW1 Management II NG FP-1).
What is NOT true about single signon?
A. It is useful for users who have network drives mapped behind a policy server.
B. It correlates NT and SecuRemote user names and passwords.
C. It is available for password authentication only.
D. It is suitable for clients with multiple sites defined. (correct)
By using "single sign on", users can save their Secure Client username and password, so they do not have to entered manually in the future. Single sign on is available for password authentication only, and is suitable for Secure Client hosts with only one site defined.
See Page 12.31 of CCSE NG Official Courseware.(VPN1-FW1 Management II NG FP-1).
All Major Credit CardsWe accept Visa, Mastercard, Electron and American Express. You can also pay us via PayPal.
SSL Secure Transactions