Vendor: Check Point
Exam Code: 156-915.71
Exam Name: Check Point Certified Security Expert update blade
To change the default port of the Management Portal,
A. Edit the masters.conf file on the Portal server.
B. Modify the file cp_httpd_admin.conf.
C. Run sysconfig and change the management interface
D. Re-initialize SIC.
Where do Gateways managed by SmartProvisioning fetch their assigned profiles?
A. The Smartview Monitor
B. The standalone SmartProvisioning server
C. The Security Management server or CMA
D. They are fetched locally from the individual device
When synchronizing clusters, which of the following statements is NOT true?
A. Client Auth or Session Auth connections through a cluster member will be lost if the cluster member
B. The stare of connection using resources is maintained by a Security Server, so there connections
cannot be synchronized.
C. Only cluster members running on me same OS platform can be synchronized.
D. In the case of a failover, accounting information on the failed member may be lost despite a properly
What command will allow you to disable sync on a cluster firewall member?
A. fw ctl setaync 0
B. fw ctl syncsatat stop
C. fw ctl syncstat off
D. fw ctl setsync off
By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:
A. The Security Policy is saved.
B. The Security Policy is installed.
C. The user database is installed.
D. The standby Security Management Server starts for the first time.
A customer is calling saying one member’s status is Down. What will you check?
A. cphaprob list (verify what critical device is down)
B. Fw ctl debug -m cluster + forward (forwarding layer debug)
C. tcpdump/snoop (CCP traffic)
D. fw ctl pstat (check sync)
You have a High Availability ClusterXL configuration. Machines are not synchronizer. What happens to connections on failover?
A. It is not possible to configure High Availability that is not synchronized.
B. B. Old connections are lost but can be reestablished.
C. Connection cannot be established until cluster members are fully synchronized.
D. Old connections are lost but are automatically recovered whenever the failed machine recovers.
When using ClusterXl in load sharing, what method is used be default?
A. IPs, SPIs
B. IPs, Ports, SPIs
D. IPs, Ports
John is configuring a new R17 Gateway cluster but he cannot configure the cluster as Third Party IP Clustering in Gateway Cluster Properties:
A. John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.
B. Third Party Clustering is not available for R71 Security Gateways.
C. ClusterXL needs to be unsetected to permit 3nd party clustering configuration.
D. John has an invalid ClusterXL license
A customer calls saying that a load-sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence. I will recommend:
A. Change the load on each member.
B. configuring flush and ack
C. turning off SDF (Sticky Decision Function)
D. turning on SDF (Sticky Decision Function)
Which at the following commands shows full synchronization status?
A. cphaprob -i list.
B. fw ctl if list
C. Fw hastat
D. cphaprob -a if
If Victor wanted to edit new Signature Protections, what tab would he need to access in Smart Dashboard?
A. QoS Tab
B. SmartDefense Tab
C. IPSec VPN Tab
D. IPS Tab
Due to some recent performance issues, you are asked to add additional processors to your firewall. If you already have CoreXL enabled, how are you able to increase Kernel instances?
A. Kernel instances are automatically added after process installed and no additional configuration
B. In SmartUpdate, right-click on Firewall Object and choose Add Kernel instances.
C. Once CoreXL is installed you cannot enable additional Kernel instances without reinstalling R71.
D. Use cpconfig to reconfigure CoreXL.
Which of the following is the default port few Management Portal?
Which of the ft flowing is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. VTTs cannot be assigned a proxy interface
B. Local IP addresses are not configured, remote IP addresses are configured
C. VTIs can only be physical, not loopback
D. VTIs are only supported on the IPSO Operating System
SSL termination takes place:
A. In a DMZ and LAN deployment on a Security Gateway
B. In a DMZ and LAN department scenario on a Security Gateway
C. In a DMZ and LAN deployment scenario fin a Connectra Gateway
D. In a DMZ deployment on a Connectra Gateway
Which component functions as the Internal Certificate Authority for R71?
A. Security Gateway
B. Management Server
C. Policy Server
Which operating system(s) support(s) unnumbered VPN Tunnel Interface (VTIs) for route-based VPNs?
A. SecurelPlatform for NGX and higher
B. Solaris 9 and higher
C. IPSO 3.9 and higher
D. Red Hat Linux
If you want to pass Check Point 156-915.71 successfully, donot missing to read latest lead2pass Check Point 156-915.71 dumpractice tests.
If you can master all lead2pass questions you will able to pass 100% guaranteed.