Best Deal for Unlimited Exam Access
The Fastest Way to Pass Any Exam for Only $149.00

Exam Code: 156-915.76
Exam Name: Check Point Certified Security Expert Update Blade
Certifications: View All..
Vendor: Checkpoint

269 Questions & Answers
Last update: Nov 20,19
Verified by IT Certification Professionals

Get Instant Access to 156-915.76 Exam and 1,200+ More

Unlimited Lifetime Access Package

  • Access any exam on the entire ActualTests site for life!

  • Our $149.00 Unlimited Access Package buys unlimited access to our library of downloadable PDFs for 1200+ exams.

  • You download the exam you need, and come back and download again when you need more. Your PDF is ready to read or print, and when there is an update, you can download the new version. Download one exam or all the exams - its up to you.

$149.00/lifetime

Actual Test Exam Engine

Upgrade your Unlimited Lifetime Access with our interactive Exam Engine! Working with the ActualTests Exam Engine is just like taking the actual tests, except we also give you the correct answers. See More >>

Total Cost: $348.00

Checkpoint 156-915.76 Exam Reviews 156-915.76 Exam Engine Features

Checkpoint 156-915.76 Exam Tips

What is the name given to the ability of SecuRemote gateways to provide redundancy?

Answers:
A. High uptime
B. Low downtime
C. High availability (correct)
D. High recovery

Explanation:

Relating to Checkpoint Technologies, 'High availability' enables enforcement modules to participate in CPHA (Check Point High Availability) configuration with one or more other enforcement modules to provide redundancy. See page 86 of Syngress Book 'Checkpoint NG- Next Generation Security Administration'.

What is not a valid load-balancing algorithm in FW1?

Answers:
A. Server load
B. Bandwidth (correct)
C. Round trip
D. Round robin
E. Random
F. Domain

Explanation:

'Bandwidth' is not a valid load-balancing algorithm in FW1, the valid ones are: Server load (that needs an agent installed in the servers to provide load information), Round Trip (that uses ICMP to calculate the best server), Round Robin (that selects the destination server in order from a list), Random (that sends the request in a random fashion) and Domain (that use the user location based on DNS).

Where would you configure desktop security for Secure Clients?

Answers:
A. On the global properties setup screen select security servers.
B. On the global properties setup screen select services.
C. On the global properties setup screen select security policy.
D. On the global properties screen select desktop security. (correct)

Explanation:

When you enter to the global properties, you have the 'Desktop Security' tab. From there you can configure SecuRemote and Secure Client Validation Timeouts, IKE properties for SecuRemote and
Secure Client, Desktop Configuration verification, Configuration Violation Verification and Early version verification.
See Page 12.9 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

How would you configure an MEP VPN on the global properties setup screen?

Answers:
A. On the high availability screen select "enable backup gateway". (correct)
B. On the high availability screen select "enable gateway clusters".
C. On the desktop security screen select "enable backup gateway".
D. On the connect control screen select "enable gateway clusters".

Explanation:

Multiple entry point VPNs (MEPs) deployment make use of the VPN1/FW1 'Backup Gateway Feature'. You should remember that MEP is primary used to support providing automatic backup gateways to SecuRemote clients. You can make this configuration at the 'Gateway High availability' tab in the properties of the Gateway object. Under the 'High availability options' select 'Enable backup gateway' to provide high availability in a multiple entry point configuration. See page 496 of Syngress Book 'Checkpoint NG - Next Generation Security Administration'.

When configuring a URI definition what is NOT a valid URI match specification type?

Answers:
A. CVP (correct)
B. Wild cards
C. File
D. UFP

Explanation:

NG suite supports 3 "URI match specification types" they are "Wild Cards", "File" and "UFP". This can be configured in the "General" tab in the properties of the URI resource. We don't have a "CVP option". The URI Match specification type radio group tells VPN1/FW1 how you want to inspect the URI's matched by this object. See page 321 of Syngress Book "Checkpoint NG - Next Generation Security Administration".

Which form of overlapping encryption domain is NOT supported by VPN-1/FW-?

Answers:
A. Full overlap
B. Partial overlap (correct)
C. Proper subset

Explanation:

A VPN encryption domain is a group of networks or hosts behind a firewalled gateway that participate in a VPN. Any traffic coming from one VPN domain and going to another will be encrypting outbound, and then decrypted inbound at the other end. We can have "Full overlap" and "Proper Subset" of overlapping in the VPN encryption domains supported by the NG suite. Partial overlap is not supported by VPN1/FW1.

What is the default port for a secure socket layer (SSL) LDAP connection?

Answers:
A. 389
B. 636 (correct)
C. 1024
D. 23

Explanation:

The normal port for LDAP servers is port 389 TCP but in the case that we want to use the LDAP services through a Secure Sockets Layer connection (SSL), the default port is 636 TCP. Your LDAP server must support connections through SSL to enable this type of connection. As a benefit, it increases security. You can check this in the online NG documentation, see "SSL + LDAP".

Which encryption algorithms are supported by IKE? (Choose all that apply)

Answers:
A. DES (correct)
B. CAST (correct)
C. FWZ-1
D. 3DES (correct)
E. AES-256 (correct)

Explanation:

IKE (Internet Key Exchange) encryption scheme can be used with the following encryption algorithms: DES, 3DES, AES and CAST, for integrity it can use MD5 or SHA-1. You cant use FWZ-1 as an encryption algorithm with IKE because it's Checkpoint's proprietary an is only supported by the FWZ encryption scheme.
See Page 7.13 of CCSE NG Official Courseware.(VPN1-FW1 Management II NG FP-1).

What is NOT true about single signon?

Answers:
A. It is useful for users who have network drives mapped behind a policy server.
B. It correlates NT and SecuRemote user names and passwords.
C. It is available for password authentication only.
D. It is suitable for clients with multiple sites defined. (correct)

Explanation:

By using "single sign on", users can save their Secure Client username and password, so they do not have to entered manually in the future. Single sign on is available for password authentication only, and is suitable for Secure Client hosts with only one site defined.
See Page 12.31 of CCSE NG Official Courseware.(VPN1-FW1 Management II NG FP-1).

Related Certifications Included