Check Point Security Administration NGX II
Questions, Answers, Braindumps (156-315)
to www.exams.ws and www.4exam.com But there’s
no need to have it from both of them, only questions
from only one are sufficient I think.
You work a network administrator for Abc.com. You
configure a Check Point QoS Rule Base with two rules:
an H.323 rule with a weight of 10, and the Default
Rule with a weight of 10. The H.323 rule includes
a per-connection guarantee of 384 Kbps, and a per-connection
limit of 512 Kbps. The per-connection guarantee is
for four connections, and no additional connections
are allowed in the Action properties. If traffic passing
through the QoS Module matches both rules, which of
the following is true?
A. Neither rule will be allocated more than 10% of
B. The H.323 rule will consume no more than 2048 Kbps
of available bandwidth.
C. 50% of available bandwidth will be allocated to
the H.323 rule.
D. 50% of available bandwidth will be allocated to
the Default Rule
E. Each H.323 connection will receive at least 512
Kbps of bandwidth.
Abc.com has many VPN-1 Edge gateways at various branch
offices, to allow VPN-1 SecureClient users to access
Abc.com resources. For security reasons, Abc.com's
Secure policy requires all Internet traffic initiated
behind the VPN-1 Edge gateways first be inspected
by your headquarters' VPN-1 Pro Security Gateway.
How do you configure VPN routing in this star VPN
A. To the Internet an other targets only
B. To the center and other satellites, through the
C. To the center only
D. To the center, or through the center to other satellites,
then to the Internet and other VPN targets
You are preparing to configure your VoIP Domain Gatekeeper
object. Which two other object should you have created
A. An object to represent the IP phone network, AND
an object to represent the host on which the proxy
B. An object to represent the PSTN phone network,
AND an object to represent the IP phone network
C. An object to represent the IP phone network, NAD
an object to represent the host on which the gatekeeper
D. An object to represent the Q.931 service origination
host, AND an object to represent the H.245 termination
E. An object to represent the call manager, AND an
object to represent the host on which the transmission
router is installed.
Which Check Point QoS feature is used to dynamically
allocate relative portions of available bandwidth?
B. Differentiated Services
D. Weighted Fair Queuing
E. Low Latency Queing
Bandwidth Allocation and Rules
A rule can specify three factors to be applied to
bandwidth allocation for classified connections:
Weight is the relative portion of the available bandwidth
that is allocated to a rule.
To calculate what portion of the bandwidth the connections
matched to a rule receive, use the following formula:
thisrule's portion = this rule's weight / total weight
of all rules with open connections For example, if
this rule's weight is 12 and the total weight of all
the rules under which connections are currently open
is 120, then all the connections open under this rule
are allocated 12/120 (or 10%) of the available bandwidth.
In practice, a rule may get more than the bandwidth
allocated by this formula, if other rules are not
using their maximum allocated bandwidth.
Unless a per connection limit or guarantee is defined
for a rule, all connections under a rule receive equal
Allocating bandwidth according to weights ensures
full utilization of the line even if a specific class
is not using all of its bandwidth. In such a case,
the left over bandwidth is divided among the remaining
classes in accordance with their relative weights.
Units are configurable, see "Defining QoS Global
Properties" on page 94.
Chapter 4 Basic QoS Policy Management 35
A guarantee allocates a minimum bandwidth to the connections
matched with a rule.
Guarantees can be defined for:
the sum of all connections within a rule
A total rule guarantee reserves a minimum bandwidth
for all the connections under a rule combined. The
actual bandwidth allocated to each connection depends
on the number of open connections that match the rule.
The total bandwidth allocated to the rule can be no
less than the guarantee, but the more connections
that are open, the less bandwidth each one receives.
individual connections within a rule
A per connection guarantee means that each connection
that matches the particular rule is guaranteed a minimum
Although weights do in fact guarantee the bandwidth
share for specific connections, only a guarantee allows
you to specify an absolute bandwidth value.
A limit specifies the maximum bandwidth that is assigned
to all the connections together. A limit defines a
point beyond which connections under a rule are not
allocated bandwidth, even if there is unused bandwidth
Limits can also be defined for the sum of all connections
within a rule or for individual connections within
Which operating system is NOT supported by VPN-1 SecureClient?
A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 8.0
E. MacOS X
RedHat 8 is also not currently supported according
to the docs, but A is the most correct answer..
You want to upgrade a SecurePlatform NG with Application
Intelligence (AI) R55 Gateway to SecurePlatform NGX
R60 via SmartUpdate. Which package is needed in the
repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VNP-1 and FireWall-1
C. SecurePlatform NGX R60
D. SVN Founation
E. VPN-1 Pro/Express NGX R60
SmartCenter Upgrade on SecurePlatform R54, R55 and
Upgrading to NGX R60 over a SecurePlatform operating
system requires updating both operating system and
software products installed. SecurePlatform users
should follow the relevant SecurePlatform upgrade
The process described in this section will result
with an upgrade of all components (Operating System
and software packages) in a single upgrade process.
No further upgrades are required.
Refer to NGX R60 SecurePlatform Guide for additional
If a situation arises in which a revert to your previous
configuration is required refer to "Revert to
your Previous Deployment" on page 52 for detailed
Using a CD ROM
The following steps depict how to upgrade SecurePlatform
R54 and later versions using a CD ROM drive.
1 Log into SecurePlatform (Expert mode is not necessary).
2 Apply the SecurePlatform NGX R60 upgrade package:
# patch add cd.
3 At this point you will be asked to verify the MD5
4 Answer the following question:
Do you want to create a backup image for automatic
If you select Yes, a Safe Upgrade will be performed.
Safe Upgrade automatically takes a snapshot of the
entire system so that the entire system (operating
system and installed products) can be restored if
something goes wrong during the Upgrade process (for
example, hardware incompatibility). If the Upgrade
process detects a malfunction, it will automatically
revert to the Safe Upgrade image.
When the Upgrade process is complete, upon reboot
you will be given the option to manually choose to
start the SecurePlatform operating system using the
upgraded version image or using the image prior