Latest 156-215.71 Real Exam Download 391-400

Latest 156-215.71 Real Exam Download 391-400


Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard?

A. Mesh
B. Star
C. Routed
D. Remote Access

Answer: B


When a user selects to allow Hot-spot, SecureClient modifies the Desktop Security Policy and/or Hub Mode routing to enable Hot-spot registration. Which of the following is NOT true concerning this modification?

A. IP addresses accessed during registration are recorded.
B. Ports accessed during registration are recorded.
C. The number of IP addresses accessed is unrestricted.
D. The modification is restricted by time.

Answer: C


For VPN routing to succeed, what must be configured?

A. VPN routing is not configured in the Rule Base or Community objects. Only the native-routing mechanism on each Gateway can direct the traffic via its VTI configured interfaces.
B. No rules need to be created; implied rules that cover inbound and outbound traffic on the central (HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections.
C. At least two rules in the Rule Base must be created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway.
D. A single rule in the Rule Base must cover all traffic on the central (HUB) Security Gateway for the VPN domain.

Answer: D


What can NOT be selected for VPN tunnel sharing?

A. One tunnel per subnet pair
B. One tunnel per Gateway pair
C. One tunnel per pair of hosts
D. One tunnel per VPN domain pair

Answer: D


Marc is a Security Administrator configuring a VPN tunnel between his site and a partner site. He just created the partner city’s firewall object and a community. While trying to add the firewalls to the community only his firewall could be chosen. The partner city’s firewall does not appear. What is a possible reason for the problem?

A. IPsec VPN Software Blade on the partner city’s firewall object is not activated.
B. The partner city’s firewall object was created as an interoperable device.
C. The partner city’s Gateway is running VPN-1 NG AI.
D. Only Check Point Gateways could be added to a community.

Answer: A


If Henry wanted to configure Perfect Forward Secrecy for his VPN tunnel, in which phase would he be configuring this?

A. Aggressive Mode
B. Diffie-Hellman
C. Phase 2
D. Phase 1

Answer: C


You install and deploy SecurePlatform with default settings. You allow Visitor Mode in the Remote Access properties of the Gateway object and install policy, but SecureClient refuses to connect. What is the cause of this?

A. Set Visitor Mode in Policy > Global Properties / Remote-Access / VPN – Advanced.
B. Office mode is not configured.
C. The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it’s used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port.
D. You need to start SSL Network Extender first, than use Visitor Mode.

Answer: C


With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?

A. Allow your users to turn off SecureClient
B. Allow for unencrypted traffic
C. Allow traffic outside the encrypted domain
D. Enable Hot Spot/Hotel Registration

Answer: D


What statement is true regarding Visitor Mode?

A. VPN authentication and encrypted traffic are tunneled through port TCP 443.
B. All VPN traffic is tunneled through UDP port 4500.
C. Only Main mode and Quick mode traffic are tunneled on TCP port 443.
D. Only ESP traffic is tunneled through port TCP 443.

Answer: A


Phase 1 uses________.

A. Conditional
B. Sequential
C. Asymmetric
D. Symmetric

Answer: C

DownloadLatest Checkpoint 156-215.71 Real Free Tests , help you to pass exam 100%.