156-215.75 Online Practice Questions and Answers

Which answers are TRUE? Automatic Static NAT CANNOT be used when:

i) NAT decision is based on the destination port ii) Source and Destination IP both have to be translated iii) The NAT rule should only be installed on a dedicated Gateway only iv) NAT should be performed on the server side

A. (i), (ii), and (iii)

B. (i), and (ii)

C. (ii) and (iv)

D. only (i)

Which of the following is NOT a valid selection for tracking and controlling packets in R75?

A. Reject

B. Accept

C. Hold

D. Session Auth

When selecting an authentication scheme for a user, which scheme would you use if you only want the password to be stored locally? (The password is not stored at a third party component.)

A. Check Point Password

B. TACACS

C. SecurID

D. OS Password

Your manager requires you to setup a new corporate VPN between all your branch offices. He requires you to choose the strongest and most secure available algorithms for the headquarters to the Research and Development branch office. In addition, you must use high performance algorithms for all sales offices with shorter key length for the VPN keys. How would you configure this scenario?

A. This can not be achieved at all as all algorithms need to be the very same for all VPNs.

B. This can only be done in traditional mode VPNs while not using simplified VPN settings.

C. This can be done either in traditional mode or simplified VPN using 2 different communities and the headquarters as the center for both communities.

D. This can be done in a single community, but the encrypt action in the security Rule Base needs to be configured for exceptions.

Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?

A. The DH public keys are exchanged.

B. Peers authenticate using certificates or preshared secrets.

C. Symmetric IPsec keys are generated.

D. Each Security Gateway generates a private Diffie-Hellman (DH) key from random pools.

In which IKE phase are IKE SA's negotiated?

A. Phase 4

B. Phase 1

C. Phase 3

D. Phase 2

When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?

A. (6) Delete all IPsec SAs for a given User (Client)

B. (7) Delete all IPsec+IKE SAs for a given peer (GW)

C. (5) Delete all IPsec SAs for a given peer (GW)

D. (8) Delete all IPsec+IKE SAs for a given User (Client)

How can you activate the SNMP daemon on a Check Point Security Gateway?

A. Using the command line, enter snmp_install.

B. Any of these options will work.

C. In SmartDashboard, right-click a Check Point object and select Activate SNMP.

D. From cpconfig, select Activate SNMP extensions..

To qualify as an Identity Awareness enabled rule, which columns may include an Access Role?

A. Track

B. Action

C. Source

D. User

R75's INSPECT engine inserts itself into the kernel between which two OSI model layers?

A. Physical and Data

B. Session and Transport

C. Data and Network

D. Presentation and Application