Best Deal for Unlimited Exam Access
The Fastest Way to Pass Any Exam for Only $149.00

Exam Code: 156-315.65
Exam Name: Check Point Certified Expert NGX R65
Certifications: View All..
Vendor: Checkpoint

205 Questions & Answers
Last update: Oct 20,19
Verified by IT Certification Professionals

Get Instant Access to 156-315.65 Exam and 1,200+ More

Unlimited Lifetime Access Package

  • Access any exam on the entire ActualTests site for life!

  • Our $149.00 Unlimited Access Package buys unlimited access to our library of downloadable PDFs for 1200+ exams.

  • You download the exam you need, and come back and download again when you need more. Your PDF is ready to read or print, and when there is an update, you can download the new version. Download one exam or all the exams - its up to you.


Actual Test Exam Engine

Upgrade your Unlimited Lifetime Access with our interactive Exam Engine! Working with the ActualTests Exam Engine is just like taking the actual tests, except we also give you the correct answers. See More >>

Total Cost: $348.00

Checkpoint 156-315.65 Exam Reviews 156-315.65 Exam Engine Features

Checkpoint 156-315.65 Exam Tips

Secure Client supports desktop policies.

A. True (correct)
B. False

Secure Client allows administrators to enforce desktop security policies on the network, and remotely enforce desktop security policies for remote users. A desktop policy is one security policy for all
Secure Clients within a Policy Server's domain. Any secure Client not using the correct policy can be denied access. See Page 12.2 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

You are the VPN-1/Firewall-1 administrator for a company who’s extranet requires encryption. You must an encryption scheme with the following features:

A. Portability Standard
B. Key Management Automatic, external PKI
C. Session Keys Change at configured times during a connection's life time (correct)
D. Which encryption scheme do you choose?
E. Rj indal
I. Triple DES.
J. Manual IPSec.

Those are features provided by IKE, it provides support for external PKI for the management of certificates and renewal of the session keys through the life of the connection, you can configure the interval, this info can be check at Page 7.17 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

Both, RSA and Diffie-Hellman are asymmetric encryption techniques generating a one-way trust model for encryption and decryption messages.

A. True
B. False (correct)

In checkpoint NG implementation, RSA is used to create and verify digital signatures in conjunction with HASH functions. In contrast to Diffie-Hellman, RSA key pairs are used for signing and verifying certificates.
Diffie-Hellman is used for encrypting and decrypting messages.
See Page 7.6 and 7.9 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

VPN-1/Firewall-1 gateway products (other than the GUI) are supported on Windows NT Workstation.

A. True
B. False (correct)

Checkpoint NG Suite requires a Server based operating system for supporting the various components other than the GUI, for example the enforcement modules and the management module. Also remember, Windows NT workstation is limited to 10 concurrent connections, this is not suitable for any other component other than the GUI.

There are certain general recommendations for improving the performance of Check Point VPN-1/Firewall-1, Choose all that apply.

A. Use Domain objects when possible.
B. User Network instead of Address Ranges.
C. Combine similar rules to reduce the number of rules. (correct)
D. Enable VPN-1/Firewall-1 control connections.
E. Keep Rule Base small and simple.
F. 1, 2, 3.
G. 1, 2, 4.
H. 2, 3, 5.
I. 1, 2, 3, 4, 5.
J. 1, 3, 5.

Since all the answers except C includes the use of Domain objects when possible, the answer C is obviously right. Domain objects are not recommended by checkpoint because they degrade performance with the name resolution and translation process. Of course, keeping the rule base simple and consolidating your similar rules is always a best practice. Also it's better to use Network objects because an address range is not always in continuous fashion.

The AES algorithm (Rjindal) is used with IKE encryption, VPN-1/Firewall-1 supports which version of AES?

A. 256-bit. (correct)
B. 168 and 256-bit.
C. 112-, 168- and 256-bit.
D. 40- and 56-bits.
E. 25- and 112-bit.

The advanced encryption standard (AES) is the new FIPS publication that use US. Government organizations to protect sensitive information. The AES algorithm is 'Rijndael'. A key length of 128 to 256 bits is supported. The more bits that are added, the stronger the encryption is.
See Page 7.10 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1)

The Check Point Secure Client packaging tool enables system administrators:

A. To create customized SecuRemote/Secure Client installation packages to distribute to users.
B. To configure SecuRemote properties for users before installation.
C. To customize the flow of end users' installation processes before SecuRemote/Secure Client installation.
D. A and B.
E. All of the above. (correct)

Secure Client Packaging Tool provides all of these features, you can customize the packages before the installation so the users don't have to configurate everything themselves. It's with this customization that the administrator is allowed to configure the SecuRemote properties before installation and control the flow of end user installation process. For example you can already define the site a user belongs without its intervention upon installation of the package.
See Page 12.41 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1)

Which of the following selections lists the three security components essential to guaranteeing the security of network connections?

A. Encryption, inspection, routing.
B. NAT, traffic control, topology.
C. Static addressing, cryptosystems, spoofing.
D. Encryption, authentication, integrity. (correct)
E. DHCP, quality of service, IP pools.

those 3 are the pillars of network security, with Encryption you can make the information visible only to the parties involved (the ones that have the decryption keys), everyone else will only see garbage, this provides privacy. With authentication you can validate that an entity is really it, authentication can be provided with something you have, something you know, or a combination of both. And with Integrity, you can validate that the information has not changed from source to destination, this could be achieved with the use of Digital Signatures. The best security is achieved with a combination of the 3.

How do you enable connection logging to the Policy Server when using Secure Client?

A. Go to the registry and add key EnableLogging=1. (correct)
B. Create the file st.log in the log directory.
C. Set logging to Alert in the Tracking field of the Rule Base.
D. Enable logging in the Policy server.
E. Select 'Enable Logging' under options in the tool menu of the Secure Client GUI.


to make this feature available you have to make a registry change in the client machine running secure client. The key is 'Enable Logging' and the values are: 1 (Logging enabled) and 0 (Logging disabled). The default is 0 (Disabled).
See 'Windows Registry changes inside the official checkpoint documentation.

Related Certifications Included