How do you add the route entry for the "Enforcement Point Gateway" on the Management Server?
A. Designate this gateway in the VPN community properties.
B. Update file $FWDIR/conf/user.def on each peer with a route entry to the enforcement point gateway.
C. Edit file $FWDIR/conf/vpn_route.conf with a new route entry.
D. Edit peers' WebUI to add a static route to the "designated enforcement point".
How does the "Directional Enforcement" rule manage subsequent packet inspection?
A. "Directional Enforcement" is only applied to the first packet of the connection, including packets in the opposite direction.
B. "Directional Enforcement" is applied to all packets in the connection.
C. "Directional Enforcement" applies only to the first packet of the connection, but does not include the packets in the opposite direction.
D. "Directional Enforcement" is considered trusted traffic and therefore is not inspected.
How do you designate the "enforcement point gateway" for the peers involved in "VPN Directional Enforcement"?
A. From the WebUI's of the peers add a static route to the "designated enforcement point".
B. In the file $FWDIR/conf/user.def on each peer with a route entry to the enforcement point gateway.
C. Designate this gateway in the VPN community properties.
D. Editing file $FWDIR/conf/vpn_route.conf on each peer with a route entry to the enforcement point gateway.
What is the limit to the number of VPN directions that can be configured in a single rule?
A. There is no limit.
B. It is limited to the number of communities that exist in your dashboard.
C. You may only configure one direction per rule.
D. After configuring ten you must use a standard bi-directional condition.
You are trying to set "VPN Directional Match" on the VPN column but the "Directional Match Condition" option is not there. Why is this missing?
A. The peer does not support this feature.
B. This can only be done in Traditional Mode.
C. You must turn this feature on through Global Properties > VPN > Advanced, then select Enable VPN Directional Match in VPN column.
D. This must be enabled on the Gateway in "Advanced Settings".
You are using an IPV6 environment and find that you need additional access control and want to set up some directional VPN rules. How can you restrict access based on destination?
A. This can only be done in Traditional Mode VPN.
B. Directional VPN enforcement feature is not supported for IPv6.
C. Enable Global Properties > Advanced > IPv6 for directional VPN enforcement.
D. Set your rule match to "All_gwtogw" and create a new rule.
Where can you configure Wire mode?
A. In Global properties
B. In the gateway object on the "IPSec VPN" > "VPN Advanced" page
C. In sysconfig
D. In CLISH
When you have your directional VPN enforcement rule set to "Internal_Clear" , what does this represent?
A. All interfaces are designated "External"
B. VOIP traffic
C. Do not perform directional VPN enforcements on this traffic
D. All interfaces are designated as "Internal"
You are having issues with dynamic routing after a failover. The traffic is now coming from the backup and is being dropped as out of state. What is the BEST configuration to avoid stateful inspection dropping your dynamic routing traffic?
A. Implement Wire mode.
B. In Global Properties select Accept other IP protocols stateful replies for unknown services.
C. Enable Visitor mode.
D. Create additional explicit rules.
Where can you configure Wire mode?
A. In the gateway object in "Stateful Inspection"
B. In the VPN community in "Advanced Settings"
C. In cpconfig
D. In Global Properties
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.