156-215.71 Dumps | CheckPoint

Latest 156-215.71 Real Exam Download 421-430

November 6, 2013

Ensurepass
Latest 156-215.71 Real Exam Download 421-430

 

QUESTION 421
How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Rule as the first explicit rule?

A. You can access the Revocation list by means of a browser using the URL: http://IP-FW:18264/ICA CRL1.crl1 provided the implied rules are activated per default.
B. The CRL is encrypted, so it is useless to attempt to access it.
C. You cannot access the CRL, since the Stealth Rule will drop the packets
D. You can only access the CRI via the Security Management Server as the internal CA is located on that server

Answer: A

 

QUESTION 422
Which could be an appropriate solution for assigning a unique Office Mode IP address to Endpoint Connect users?

A. Configure a DHCP server with IP reservation using the information gathered by the utility vpn macutil.
B. Edit $ PWDIA/conf/SCM_ assignment. conf on the management server with the correct user name and office mode ip address
C. Create a DHCP resource with the fixed IP address to use name mapping.
D. Fixed office mode IP can be configured as a user property in smart dash board

Answer: A

 

QUESTION 423
In the SmartView Tracker you receive the error, peer send invalid ID informationxA6 while trying to establish an IKE VPN tunnel. Where does this error normally result from and how can you solve it? This error normally results from:

A. a mismatch in the authentication algorithms used in IKE phase one and can be corrected by changing them to match.
B. an invalid IP address configured on one tunnel endpoint; normally the internal one in the General tab. This can be solved with link selection or by changing this IP to the one facing the other tunnel endpoint.
C. an invalid IP address configured on one tunnel endpoint, normally the internal one in the General tab. This can be resolved by adding the correct IPs to the Topology tab of both Gateways on both sites.
D. a mismatch in the IPs of the VPN tunnel endpoints and can not be resolved.

Answer: B

 

QUESTION 424
How many packets are required for IKE Phase 2?

A. 2
B. 12
C. 6
D. 3

Answer: D

 

QUESTION 425
Which of the following actions do NOT take place in IKE Phase 1?

A. Each side generates a session key from its private key and peers public key
B. Peers agree on integrity method
C. Diffie-Hillman key is combined with the key material to produce the symmetrical IPsec key.
D. Peers agree on encryption method

Answer: C

 

QUESTION 426
When using an encryption algorithm, which is generally considered the best encryption method?

A. DES
B. AES
C. Triple DES
D. CAST cipher

Answer: B

 

QUESTION 427
Fill in the blank: When you want to create a VPN community where all participating gateways are able to connect to each other, you need to set up a ___________ community.

A. Remote Access
B. Meshed
C. SSL VPN
D. Star

Answer: B

 

QUESTION 428
Which do you configure to give remote access VPN users a local IP address?

A. Office mode IP pool
B. NAT pool
C. Encryption domain pool
D. Authentication pool

Answer: A

 

QUESTION 429
When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)?

A. (6) Delete all IPsec SAs for a given User (Client)
B. (7) Delete all IPsec+IKE SAs for a given peer (GW)
C. (8) Delete all IPsec+IKE SAs for a given User (Client)
D. (5) Delete all IPsec SAs for a given peer (GW)

Answer: D

 

QUESTION 430
When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?

A. (6) Delete all IPsec SAs for a given User (Client)
B. (7) Delete all IPsec+IKE SAs for a given peer (GW)
C. (5) Delete all IPsec SAs for a given peer (GW)
D. (8) Delete all IPsec+IKE SAs for a given User (Client)

Answer: B

DownloadLatest Checkpoint 156-215.71 Real Free Tests , help you to pass exam 100%.

hello