CheckPoint CCSA 156-215.75 Questions & Answers

• Question 121:

  Which of the following actions do NOT take place in IKE Phase 1?

  A. Each side generates a session key from its private key and peer's public key

  B. Peers agree on integrity method

  C. Diffie-Hillman key is combined with the key material to produce the symmetrical IPsec key.

  D. Peers agree on encryption method

  Correct Answer: C

• Question 122:

  You are evaluating the configuration of a mesh VPN Community used to create a site-to-site VPN. This graphic displays the VPN properties in this mesh Community.

  

  Which of the following would be the most valid conclusion?

  A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key Security Gateway R75 supports.

  B. Changing the setting Perform IPsec data encryption with from AES-128 to 3DES will increase the encryption overhead.

  C. Changing the setting Perform key exchange encryption with 3DES to DES will enhance the VPN Community's security, and reduce encryption overhead.

  D. Change the data-integrity settings for this VPN CommunitybecauseMD5 is incompatible with AES.

  Correct Answer: B

• Question 123:

  What is a possible reason for the IKE failure shown in this screenshot?

  

  A. Mismatch in VPN Domains.

  B. Mismatch in Diffie-Hellman group.

  C. Mismatch in encryption schemes.

  D. Mismatch in preshared secrets.

  Correct Answer: D

• Question 124:

  How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Rule as the first explicit rule?

  A. You can access the Revocation list by means of a browser using the URL: http://IPFW:18264/ICA CRL1.crl1 provided the implied rules are activated per default.

  B. The CRL is encrypted, so it is useless to attempt to access it.

  C. You cannot access the CRL, since the Stealth Rule will drop the packets

  D. You can only access the CRI via the Security Management Server as the internal CA is located on that server

  Correct Answer: A

• Question 125:

  Which could be an appropriate solution for assigning a unique Office Mode IP address to Endpoint Connect users?

  A. Configure a DHCP server with IP reservation using the information gathered by the utility vpn macutil.

  B. Edit $ PWDIA/conf/SCM_ assignment. conf on the management server with the correct user name and office mode ip address

  C. Create a DHCP resource with the fixed IP address to use name mapping.

  D. Fixed office mode IP can be configured as a user property in smart dash board

  Correct Answer: A

• Question 126:

  There are three options available for configuring a firewall policy on the SecureClient Mobile device. Which of the following is NOT an option?

  A. Configured on endpoint client

  B. No

  C. Configured on server

  D. yes

  Correct Answer: C

• Question 127:

  When attempting to connect with SecureClient Mobile the following error message is received. The

  certificate provided is invalid. Please provide the username and password.

  What is the probable cause of the error?

  A. The certificate provided is invalid.

  B. The user's credentials are invalid.

  C. The user attempting to connect is not configured to have an office mode IP address so the connection failed.

  D. There is no connection to the server, and the client disconnected.

  Correct Answer: A

• Question 128:

  Which operating system is NOT supported by Endpoint Connect R75?

  A. MacOS X

  B. Windows XP SP2 O C.

  C. Windows Vista 64-bit SP1

  D. Windows 2000 SP1

  Correct Answer: A

• Question 129:

  Using the output below, what type of VPN Community is configured for fw-stlouis?

  

  A. Traditional

  B. Domain-Based

  C. Meshed

  D. Star

  Correct Answer: C

• Question 130:

  Which of the following is NOT supported with office mode?

  A. Transparent mode

  B. L2TP

  C. Secure Client

  D. SSL Network Extender

  Correct Answer: A