Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

156 816


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

156 816

  1. 1.     Check Point 156-816 Check Point Certified Managed Security Expert Plus VSX NGX 140 Q&A Version: C9.0                                                                              
  2. 2.    CertifyMe - King of Computer CertificationImportant Information, Please Read CarefullyOther CertifyMe productsA) Offline Testing engineUse the offline Testing engine product to practice the questions in an exam environment.B) Study Guide (not available for all exams)Build a foundation of knowledge which will be useful also after passing the exam.Latest VersionWe are constantly reviewing our products. New material is added and old material isupdated. Free updates are available for 90 days after the purchase. You should check yourmember zone at CertifyMe and update 3-4 days before the scheduled exam date.Here is the procedure to get the latest version:1.Go towww.certifyme.com2.Click on Member zone/Log in (right side)3. Then click My Account4.The latest versions of all purchased products are downloadable from here. Just click thelinks.For most updates,it is enough just to print the new questions at the end of the new version, not thewhole document.FeedbackIf you spot a possible improvement then please let us know. We always interested inimproving product quality.Feedback should be send to You should include the following:Exam number, version, page number, question number, and your login ID.Our experts will answer your mail promptly.CopyrightEach PDF file contains a unique serial number associated with your particular name andcontact information for security purposes. So if we find out that a particular PDF file isbeing distributed by you, CertifyMe reserves the right to take legal action against youaccording to the International Copyright Laws.ExplanationsThis product does not include explanations at the moment. If you are interested inproviding explanations for this exam, please contact                                                                              
  3. 3.    1. Which of the following can function as a Management Server for a VSX Gateway?A. Check Point IntegrityB. SiteManager-1 NGX: Multi-Domain ServerC. Security Management PortalD. VPN-1/FireWall-1 Small OfficeE. Provider-1 NGX: Multi-Domain ServerAnswer: E2. You are configuring source-based routing in a VSX Gateway deployment with both External and InternalVirtual Routers. Which of the following functions cannot be configured for the Virtual Systems?A. Virtual System clusteringB. Anti-spoofing measuresC. Network Address TranslationD. Remote access VPNsE. Intranet VPNsAnswer: B3. During MDS installation, you must configure at least one VSX Administrator. After creating theAdministrator, you are prompted to perform which task?A. Grant VSX-specific privileges to the AdministratorB. Assign the Administrator to manage a specific Virtual SystemC. Add the Administrator to a groupD. Assign the Administrator to manage a specific interface on the VSX GatewayE. Assign the Administrator to manage a specific CMAAnswer: C4. In a VSX Gateway cluster, which of the following objects are available by default as installation targets forthe Management Virtual System?A. Individual Management Virtual Systems (MVS) for each cluster memberB. MVS cluster objectC. Individual External Virtual Routers for each cluster memberD. Virtual Switch cluster objectE. Individual Virtual Switch MembersAnswer: B5. Which of the following MDS types allows you to create and manage a VSX Gateway?A. MDS CLMB. MDS Manager stationC. MDS VSX Integrator                                                                              
  4. 4.    D. MDS MLME. MDS Manager + Container stationAnswer: E6. What are the two levels of VSX Gateway clustering?A. INSPECT and database levelB. Database and VSX Gateway levelsC. Virtual device and database levelsD. INSPECT and configuration levelsE. Virtual device and VSX Gateway levelsAnswer: E7. When deploying a VSX Gateway managed by a SmartCenter Server, which of the following statements isTRUE?A. VSX Administrators can configure different domains for each Virtual System.B. Multiple Administrators can simultaneously connect to the same database, to manage multipleCustomers.C. All Customer objects, rules, and users are shared in a single database.D. Each Virtual System has its own unique Certificate Authority.E. VSX superuser Administrators can configure granular permissions for each Customer Administrator.Answer: C8. What is the difference between Single-Context and Multi-Context processes?A. Single-Context processes are implemented in standard firewall deployments, while only Multi-Contextprocesses are implemented in VSX Gateway deployments.B. Single-Context processes are shared between VSX Gateways in an HA configuration, whileMulti-Context processes are shared between VSX Gateways in a Load Sharing environment.C. Single-Context processes are ones in which all Virtual Systems share, while Multi-Context processes areunique to each Virtual System.D. Single-Context processes are implemented in a single VSX Gateway environment, while Multi-Contextprocesses are only implemented in VSX Gateway High Availability (HA).E. Single-Context processes are unique to each Virtual System on a Gateway, while Multi-Contextprocesses are ones in which all Virtual Systems share.Answer: E9. A Warp Link is a virtual point-to-point connection between a:A. Virtual Router and Virtual System.B. Virtual Router and Virtual Switch.C. Virtual System and the management interface.                                                                              
  5. 5.    D. Virtual Router and a physical interface.E. Virtual System and another Virtual System.Answer: A10. Which of the following statements is true concerning the default Security Policy of the External VirtualRouter?A. The External Virtual Router automatically performs Hide NAT behind its external interface for all VirtualSystems connected to it.B. The default Policy of the External Virtual Router denies all traffic going to or coming from it.C. The default policy of the External Virtual Router cannot be changed.D. All traffic coming from networks protected by a VSX Gateway is accepted. All other traffic is dropped.E. The External Virtual Router always enforces the same Policy as the Management Virtual System.Answer: B11. How many Management Virtual System instances does each member of a VSX Gateway cluster run?A. One for each physical interface on the GatewayB. One for each cluster memberC. Only oneD. Two, the cluster MVS and the unique Gateway MVSE. One for each Virtual System configured on the GatewayAnswer: C12. Which of the following items is most commonly configured as the default Gateway for a ManagementVirtual System?A. Interface leading to the management networkB. Same setting as the default Gateway of the External Virtual Router; typically this is a perimeter router.C. External Virtual RouterD. Internal Virtual RouterE. Interface leading to the synchronization networkAnswer: C13. Which of the following is NOT a type of physical interface seen in a VSX Gateway?A. WarpB. InternalC. Dedicated managementD. ExternalE. SynchronizationAnswer: A14. A __________ is a virtual security device configured on a VSX Gateway, which operates as a complete                                                                              
  6. 6.    routing and security domain, with firewall and VPN capabilities.A. Virtual SwitchB. Context Identification ModuleC. Virtual System ExtensionD. Virtual SystemE. External Virtual RouterAnswer: D15. When deploying a VSX Gateway managed by a Provider-1 MDS, how many Administrators canconnect in Read/Write mode to the MDS database simultaneously?A. One for each CMAB. No more than 250C. OneD. No more than 25E. Two; one can connect to the Management Virtual System database, while the other connects to theVirtual System database.Answer: A16. During the initial configuration of a VSX Gateway cluster, the VSX Administrator is prompted to specifyeach cluster members name, as shown below:Which of the following best describes this name?A. IP address of the individual VSX Gateway in the clusterB. Any name the VSX Administrator chooses to describe the cluster member                                                                              
  7. 7.    C. Customer for which this VSX Gateway cluster is configuredD. MAC address of the individual VSX Gateway in the clusterE. Hostname of the individual VSX Gateway in the clusterAnswer: B17. When configuring Virtual Systems with overlapping IP addressing, the Virtual Systems must:A. Be included in a VPN.B. Be on the same network.C. Perform Network Address Translation.D. Perform in Bridge mode.E. Define VLAN Tags.Answer: C18. When configuring a Provider-1 management solution for your VSX Gateway, what is the fewest numberof CMAs that must be licensed, for VSX management functionality?A. 50B. 25C. 5D. 10E. 1Answer: D19. If you want your customers Virtual Systems to give protected hosts access to and from the Internet,which of the following must be configured as a public IP address?A. Default Gateway IP address of the Virtual SwitchB. Main IP of the customers Virtual SystemC. Main IP of the Virtual SwitchD. Default Gateway IP address of the Management Virtual SystemE. Main IP of the Management Virtual SystemAnswer: B20. TRUE or FALSE. A Virtual System in Bridge mode can enforce anti-spoofing definitions.A. True, anti-spoofing must be manually defined in bridge mode.B. True, as long as the Virtual System has more than two interfaces defined.C. True, as long as Network Address Translation is performed.D. True, anti-spoofing measures are defined automatically in Bridge mode.E. False, anti-spoofing cannot be configured for Virtual Systems in Bridge mode.Answer: A21. The VSX Management Server uses which of the following channels to communicate with components                                                                              
  8. 8.    of the VSX Gateway?A. Security ManagementB. Gateway Management ConfigurationC. Context IdentificationD. VSX Inspection VerificationE. Forwarding ConfigurationAnswer: A22. Which of the following is a type of VLAN membership?A. Application-basedB. Session-basedC. Route-basedD. State-basedE. MAC address-basedAnswer: E23. Which of the following statements is TRUE concerning a VSX NGX deployment?A. A separate management interface is required for a management network to access and control a VSXGateway.B. Multiple VSX Administrators can be configured with granular permission control in a SmartCenter Servermanagement environment.C. VSX Administrators can manage VSX Gateways and clusters through the Internet. No specialmanagement interface is required.D. The functionality of VSX NGX is based on NG FP0.E. All VSX virtual devices now share all functions of a standard NGX Security Gateway.Answer: C24. Which of the following elements is NOT maintained separately by each Virtual System on a VSXGateway?A. Configuration parametersB. Management databaseC. Logging parametersD. Security PoliciesE. State tablesAnswer: B25. When deploying a VSX Gateway managed by a SmartCenter Server, how many Certificate Authoritieswill the deployment have?A. One for each Virtual System and Virtual Router configured on the VSX Gateway                                                                              
  9. 9.    B. One, shared by all componentsC. Two; one for the SmartCenter Server, and one shared by all Virtual Systems and Virtual RoutersD. One for each Virtual System configured on the VSX GatewayE. Three; one for the SmartCenter Server, one shared by all Virtual Systems, and one shared by the VirtualRoutersAnswer: B26. Delta Synchronization of VSX Gateways takes place through UDP broadcasts on which VSX Gatewayport?A. 18221B. 18192C. 18190D. 18211E. 8116Answer: E27. Which of the following objects allows you to configure resource settings, to limit the number ofconcurrent connections?A. VSX GatewayB. Virtual RouterC. Management Virtual SystemD. Internal Virtual SwitchE. External Virtual SwitchAnswer: C28. Both SmartCenter Server and Provider-1 can be used for central configuration, management, andmonitoring of multiple VSX Gateways and Virtual Systems. What criteria are used to decide whichmanagement model is used?A. Licensing restrictions and costs, administrative requirements, and operation modelB. The size of the deployment and planned expansion, administrative requirements, and security modelC. The size of the deployment and planned expansion, end-user requirements, operation model, andlicensing restrictionsD. The size of the deployment and planned expansion, administrative requirements, operation model, andlicensing restrictionsE. The size of the deployment and planned expansion, end-user requirements, and security modelAnswer: D29. When Virtual Systems are deployed in Bridge mode, they use ____________ to detect failures andforward traffic to another Virtual System in a cluster?                                                                              
  10. 10.    A. BPDUB. MPLSC. VRRPD. OSPFE. STPAnswer: E30. Consider the following scenario: You have two VSX Gateways configured for High Availability. Each hasone dedicated management interface, one synchronization interface, one external interface, and twointerfaces used to connect to protected customer networks. How many cluster interfaces do you have inthis configuration?A. Three; one Management Virtual System cluster, one External Virtual Router cluster, and one VirtualSystem cluster containing both customer Virtual SystemsB. Five; one VSX Gateway cluster, one Management Virtual System Cluster, one External Virtual Routercluster, and two Virtual System clustersC. Two; one External Virtual Router cluster, and one cluster containing all Virtual SystemsD. One; one VSX cluster containing all componentsE. Four; one Management Virtual System cluster, one External Virtual Router cluster, and two VirtualSystem clustersAnswer: B31. What is the term used to describe a port or interface that shares traffic from more than one VLAN?A. Frame-Strata enabledB. VLAN ridingC. Comprehensive layer-2 label supportD. VLAN trunkingE. Comprehensive VLAN Tag supportAnswer: D32. You need to provide a security layer for an existing core network. You need an inspection module thatoperates at layer 2, is completely transparent, and does not impact the existing IP structure or differentcontrol protocols in use. Which of the following virtual devices will perform the kind of inspection you need?A. External Virtual RouterB. Virtual SwitchC. Virtual System in Bridge modeD. Virtual SystemE. Internal Virtual RouterAnswer: C                                                                              
  11. 11. Pass Your Exam at First Attempt with 100% Pass Guarantee Buy Full Version of 156-816 Exam at