156-215.13

Latest Real 156-215.13 Tests Dumps and VCE Exam Questions 331-340

April 24, 2014

Ensurepass

Question 331

If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange?

A. 9

B. 6

C. 3

D. 2

 

Answer: B

 

 

Question 332

How many packets does the IKE exchange use for Phase 1 Main Mode?

A. 6

B. 12

C. 1

D. 3

 

Answer: A

 

 

Question 333

How many packets does the IKE exchange use for Phase 1 Aggressive Mode?

A. 1

B. 12

C. 6

D. 3

 

Answer: D

 

 

Question 334

Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?

A. Peers authenticate using certificates or preshared secrets.

B. The DH public keys are exchanged.

C. Each Security Gateway generates a private Diffie-Hellman (DH) key from random pools.

D. Symmetric IPsec keys are generated.

 

Answer: D

 

 

Question 335

Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

A. vpn tu

B. vpn ipsec

C. vpn debug ipsec

D. fw ipsec tu

 

Answer: A

 

 

Question 336

How many packets are required for IKE Phase 2?

A. 12

B. 2

C. 6

D. 3

 

Answer: D

 

 

Question 337

Which of the following actions do NOT take place in IKE Phase 1?

A. Each side generates a session key from its private key and the peer’s public key.

B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.

C. Peers agree on integrity method.

D. Peers agree on encryption method.

 

Answer: B

 

 

Question 338

When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)?

A. (8) Delete all IPsec+IKE SAs for a given User (Client)

B. (5) Delete all IPsec SAs for a given peer (GW)

C. (6) Delete all IPsec SAs for a given User (Client)

D. (7) Delete all IPsec+IKE SAs for a given peer (GW)

 

Answer: B

 

 

Question 339

When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?

<!–[if !vml]–>image026<!–[endif]–>

A. (6) Delete all IPsec SAs for a given User (Client)

B. (7) Delete all IPsec+IKE SAs for a given peer (GW)

C. (8) Delete all IPsec+IKE SAs for a given User (Client)

D. (5) Delete all IPsec SAs for a given peer (GW)

 

Answer: B

 

 

Question 340

Where is the fingerprint generated, based on the output display?

<!–[if !vml]–>image028<!–[endif]–>

A. SmartUpdate

B. Security Management Server

C. SmartConsole

D. SmartDashboard

 

Answer: B