156-315.1 Dumps | CheckPoint

Latest 156-315 Real Exam Download 171-180

November 10, 2013

Ensurepass

QUESTION 171

VPN traffic control would fall under which VPN component?

 

A. Performance

B. Management

C. Security

D. QoS

 

Answer: D

 

 

QUESTION 172

Which of the following is an example of the hash function?

 

A. DES and CBC

B. DAC and MAC

C. SHA and 3DES

D. MD5 and SHA-1

 

Answer: D

 

 

QUESTION 173

When configuring site-to-site VPN High Availability (HA) with MEP, which of the following is correct?

 

A. MEP Gateways cannot be geographically separated machines.

B. The decision on which MEP Gateway to use is made on the MEP Gateway’s side of the tunnel.

C. MEP Gateways must be managed by the same SmartCenter Server.

D. If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the next connection.

 

Answer: D

 

 

QUESTION 174

Consider the following actions that VPN-1 NGX can take when it control packets. The Policy Package has been configured for Traditional Mode VPN. Identify the options that includes the available actions. Select four.

 

A. Allow

B. Reject

C. Client auth

D. Decrypt

E. Accept

F. Drop

G. Encrypt

H. Hold

I. Proxy

 

Answer: B,E,F,G

 

 

QUESTION 175

Which of the following is a supported Sticky Decision function of Sticky Connections for Load Sharing?

 

A. Multi-connection support for VPN-1 cluster members

B. Support for SecureClient/SecuRemote/SSL Network Extended encrypted connections.

C. Support for all VPN deployments (except those with third-party VPN peers)

D. Support for Performance Pack acceleration

 

Answer: D

 

 

QUESTION 176

Which of the following does IPSec use during IPSec key negotiation?

 

A. IPSec SA

B. RSA Exchange

C. ISAKMP SA

D. Diffie-Hellman exchange

 

Answer: D

 

 

QUESTION 177

Which of the following SSL Network Extender server-side prerequisites are correct? Select all that apply.

 

A. The VPN1-Gateway must be configured to work with Visitor Mode

B. The specific VPN-1 Security Gateway must be configured as a member of the VPN-1 Remote Access Community.

C. There are distinctly separate access rules required for SecureClient users vs. SSL Network Extender users.

D. To use Integrity Clientless Security (ICS), you must install the ICS server or configuration tool.

 

Answer: A,B,D

 

 

QUESTION 178

After installing VPN-1 Pro NGQ R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?

 

A. The NIC is faulty. Replace it and reinstall.

B. Make sure the driver for you particular NIC is available, and reinstall. You will be prompted for the driver.

C. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the Web UI,

D. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA).

 

Answer: C

 

 

QUESTION 179

Which of the following provides a unique user ID for a digital Certificate?

 

A. Username

B. User-message digest

C. User e-mail

D. User organization

 

Answer: B

 

 

QUESTION 180

For object-based VPN routing to succeed, what must be configured?

 

A. A single rule in the Rule Base must cover traffic in both directions, inbound and outbound on the central (HUB) Security Gateway.

B. No rules need to be created, implied rules that cover inbound and outbound traffic on the central (HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections.

C. At least two rules in the Rule Base must created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway.

D. VPN routing is not configured in the Rule Base or Community objects. Only the native-routing mechanism on each Gateway can direct the traffic via its VTI configured interfaces.

 

Answer: C

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.