Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the center of the Community and its branches as satellites. The mesh Community includes only New York and London Gateways.
B. One star Community with the option to "mesh" the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite window.
C. Two mesh and one star Community One mesh Community is set up for each of the headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite.
D. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one f;or London and New York headquarters.
You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communication. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a(n):
A. diffie-Helman verification
B. digital signature
C. private key
D. AES flag
Your manager requires you to setup a new corporate VPN between all your branch offices. He requires you to choose the strongest and most secure available algorithms for the headquarters to the Research and Development branch office. In addition, you must use high performance algorithms for all sales offices with shorter key length for the VPN keys. How would you configure this scenario?
A. This can not be achieved at all as all algorithms need to be the very same for all VPNs.
B. This can only be done in traditional mode VPNs while not using simplified VPN settings.
C. This can be done either in traditional mode or simplified VPN using 2 different communities and the headquarters as the center for both communities.
D. This can be done in a single community, but the encrypt action in the security Rule Base needs to be configured for exceptions.
Whitfield Diffie and martin Hellman gave their names to what standard?
A. An encryption scheme that makes pre-shared keys obsolete
B. An algorithm that is used in IPsec QuickMode and as an additional option in IPsec QuickMode (PFS)
C. A Key Exchange Protocol for the advanced Encryption Standard
D. A Key Agreement / Derivation Protocol that constructs secure keys over an insecure channel.
If you need strong protection for the encryption of user data, what option would be the BEST choice?
A. When you need strong encryption, IPsec is not the best choice. SSL VPNs are a better choice.
B. Disable Diffie Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.
C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
D. Use Diffie Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.
What is used to validate a digital certificate?
A. IPsec
B. CRL
C. S/MIME
D. PKCS
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder's access after the next Phase 2 exchange occurs?
A. Perfect Forward Secrecy
B. SHA1 Hash Completion
C. Phase 3 Key Revocation
D. M05 Hash Completion
For information to pass securely between a Security Management Server and another Check Point component, what would NOT be required?
A. The communication must be authenticated
B. The communication must use two-factor or biometric authentication.
C. The communication must be encrypted
D. The component must be time-and-date synchronized with the security management server.
What is the bit size of a DES key?
A. 112
B. 168
C. 56
D. 64
What is the size of a hash produced by SHA-1?
A. 128
B. 56
C. 40
D. 160
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.75 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.