Latest 156-215.71 Real Exam Download 361-370

Latest 156-215.71 Real Exam Download 361-370


For remote user authentication, which authentication scheme is NOT supported?

A. SecurlD
C. Check Point Password

Answer: B


For information to pass securely between a Security Management Server and another Check Point component, what would NOT be required?

A. The communication must be authenticated
B. The communication must use two-factor or biometric authentication.
C. The communication must be encrypted
D. The component must be time-and-date synchronized with the security management server.

Answer: B


What is the bit size of a DES key?

A. 112
B. 168
C. 56
D. 64

Answer: C


What is the size of a hash produced by SHA-1?

A. 128
B. 56
C. 40
D. 160

Answer: D


Public keys and digital certificates do NOT provide which of the following?

A. Authentication
B. Nonrepudiation
C. Data integrity
D. Availability

Answer: D


If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:

A. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange
B. three-packet IKE Phase 2 exchange is replaced by a two-packet exchange
C. six-packet IKE Phase 1 exchange is replaced by a three-packet exchange
D. three-packet IKE Phase 1 exchange is replaced by a six-packet exchange

Answer: C


You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communication. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a(n):

A. diffie-Helman verification
B. digital signature
C. private key
D. AES flag

Answer: B


Your manager requires you to setup a new corporate VPN between all your branch offices. He requires you to choose the strongest and most secure available algorithms for the headquarters to the Research and Development branch office. In addition, you must use high performance algorithms for all sales offices with shorter key length for the VPN keys. How would you configure this scenario?

A. This can not be achieved at all as all algorithms need to be the very same for all VPNs.
B. This can only be done in traditional mode VPNs while not using simplified VPN settings.
C. This can be done either in traditional mode or simplified VPN using 2 different communities and the headquarters as the center for both communities.
D. This can be done in a single community, but the encrypt action in the security Rule Base needs to be configured for exceptions.

Answer: C


Whitfield Diffie and martin Hellman gave their names to what standard?

A. An encryption scheme that makes pre-shared keys obsolete
B. An algorithm that is used in IPsec QuickMode and as an additional option in IPsec QuickMode (PFS)
C. A Key Exchange Protocol for the advanced Encryption Standard
D. A Key Agreement / Derivation Protocol that constructs secure keys over an insecure channel.

Answer: D


If you need strong protection for the encryption of user data, what option would be the BEST choice?

A. When you need strong encryption, IPsec is not the best choice. SSL VPNs are a better choice.
B. Disable Diffie Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.
C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
D. Use Diffie Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.

Answer: C

DownloadLatest Checkpoint 156-215.71 Real Free Tests , help you to pass exam 100%.