Your organization has many Edge Gateways at various branch offices allowing users to access company resources. For security reasons, your organization's Security Policy requires all Internet traffic initiated behind the Edge Gateways first be inspected by your headquarters' R75 Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To Internet and other targets only
B. To center or through the center to other satellites, to Internet and other VPN targets
C. To center and other satellites, through center
D. To center only
Of the following VPN Community options, which is most likely to provide a balance between IKE compatibility to VPN-capable devices (Check Point and non-Check Point) and preserving resources on the R75 Gateway? VPN tunnel sharing per:
A. pair of hosts, no permanent tunnels, Diffie-Hellman Group 1 for Phase 1.
B. subnet, no permanent tunnels, Diffie-Hellman Group 2 for Phase 1.
C. subnet, permanent tunnels, Diffie-Hellman Group 1 for Phase 1.
D. pair of hosts, permanent tunnels, Diffie-Hellman Group 2 for Phase 1.
Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?
A. fw ipsec tu
B. vpn ipsec
C. vpn debug ipsec
D. vpn tu
In which IKE phase are IKE SA's negotiated?
A. Phase 4
B. Phase 1
C. Phase 3
D. Phase 2
In which IKE phase are IPsec SA's negotiated?
A. Phase 3
B. Phase 1
C. Phase 2
D. Phase 4
You wish to configure an IKE VPN between two R75 Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer's Gateway. Which type of address translation should you use to ensure the two networks access each other through the VPN tunnel?
A. Hide NAT
B. Static NAT
C. Manual NAT
D. None
Which operating system is not supported by SecureClient?
A. MacOS X
B. Windows XP SP2
C. Windows Vista
D. IPSO 3.9
Which of the following SSL Network Extender server-side prerequisites is NOT correct?
A. The Gateway must be configured to work with Visitor Mode.
B. There are distinctly separate access rules required for SecureClient users vs. SSL Network Extender users.
C. To use Integrity Clientless Security (ICS), you must install the IC3 server or configuration tool.
D. The specific Security Gateway must be configured as a member of the Remote Access Community
Which of the following is NOT supported with Office Mode?
A. SecuRemote
B. SSL Network Extender
C. SecureClient
D. Endpoint Connect
With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted
domain. But when your mobile users move outside of your company, they often cannot use SecureClient
because they have to register first (i.e. in Hotel or Conference rooms).
How do you solve this problem?
A. Allow your users to turn off SecureClient
B. Allow for unencrypted traffic
C. Allow traffic outside the encrypted domain
D. Enable Hot Spot/Hotel Registration
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.75 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.