How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_Ato end point Net_B, through an NGX Security Gateway?
A. Net_A/Net_B/sip/accept
B. Net_A/Net_B/sip and sip_any/accept
C. Net_A/Net_B/VolP_any/accept
D. Net_A/Net_BM3lP/accept
If you check the box "Use Aggressive Mode", in the IKE Properties dialog box:
A. The standardthreepacket IKE Phase 1 exchange is replaced by a six-packet exchange.
B. The standard six-packet IKE Phase 2 exchange is replaced by athreepacket exchange.
C. The standardthreepacket IKE Phase 2 exchange is replaced by a six-packet exchange.
D. The standard six-packet IKE Phase 1 exchange is replaced by athreepacket exchange.
E. The standard six-packet IKE Phase 1 exchange is replaced by atwelvepacket exchange.
Which of the following SSL Network Extender server-side prerequisites are correct? Select all that apply.
A. The VPN1-Gateway must be configured to work with Visitor Mode
B. The specific VPN-1 Security Gateway must be configured as a member of the VPN-1 Remote Access Community.
C. There are distinctly separate access rules required forSecure Clientusers vs. SSL Network Extender users.
D. To use Integrity Clientless Security (ICS), you must install the ICS server or configuration tool.
You have an internal FTP server, and you allow downloading, but not uploading. Assume Network Address Translation is set up correctly, and you want to add an inbound rule with:
Source: Any
Destination: FTP server
Service: FTP resources object.
How do you configure the FTP resource object and the action column in the rule to achieve this goal?
A. Enable only the "Get" method in the FTP Resource Properties, and use this method in the rule, with action accept.
B. Enable only the "Get" method in the FTP Resource Properties and use it in the rule, with action drop.
C. Enable both "Put" and "Get" methods in the FTP Resource Properties and use them in the rule, with action drop.
D. Disable "Get" and "Put" methods in the FTP Resource Properties and use it in the rule, with action accept.
E. Enable only the "Put" method in the FTP Resource Properties and use it in the rule, with action accept.
Which statement is TRUE for route-based VPNs?
A. Route-based VPNs replace domain-based VPNs.
B. Route-based VPNs are a form of partial overlap VPN Domain.
C. IP Pool NAT must be configured on each gateway.
D. Dynamic-routing protocols are not required.
In ClusterXL, which of the following processes are defined by default as critical devices?
A. fwm
B. cphad
C. fwd
D. fwd.proc
Which of the following are valid reasons for beginning with a fresh installation VPN-1 NGX R65, instead of upgrading a previous version to VPN-1 NGX R65? Select all that apply.
A. You see a more logical way to organize your rules and objects
B. You want to keep your Check Point configuration.
C. Your Security Policy includes rules and objects whose purpose you do not know.
D. Objects and rules' naming conventions have changed over time.
Which Check Point QoS feature allows a Security Administrator to define special classes of service for delay-sensitive applications?
A. Guarantees
B. Weighted Fair Queuing
C. Differentiated Services
D. Low Latency Queuing
Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN- 1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization's three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
A. The related end points domain specifies an address range.
B. VoIP Domain SIP objects cannot be placed in simple groups.
C. The installed VoIP gateways specify host objects.
D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
E. The VoIP Domain SIP object's name contains restricted characters.
After installing VPN-1 Pro NGQ R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?
A. The NIC is faulty. Replace it and reinstall.
B. Make sure the driver for you particular NIC is available, and reinstall. You will be prompted for the driver.
C. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the Web UI,
D. Your NIC driver is installed but was not recognized. Apply the latestSecure PlatformR65 Hotfix Accumulator (HFA).
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.