EnsurepassQuestion 261 Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic? A. Domain-based VPN B. Route-based VPN C. Subnet-based VPN D. Host-based VPN   Answer: B     Question 262 You have installed SecurePlatform R76 as Security Gateway operating system. As company requirements changed, you need the VTI features of R76. What should you do? A. Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokia appliances. B. In SmartDashboard Read more [...]
EnsurepassQuestion 251 Which of the following statements is TRUE concerning MEP VPN's? A. State synchronization between Secruity Gateways is required. B. MEP VPN's are not restricted to the location of the gateways. C. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first connection fail. D. MEP Security Gateways cannot be managed by separate Management Servers.   Answer: B     Question 252 Which of the following statements is TRUE Read more [...]
EnsurepassQuestion 241 Which of the following statements is FALSE regarding OSPF configuration on SecurePlatform Pro? A. router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all Gateways. B. router ospf 1 creates the Router ID for the Security Gateway and should be different for all Gateways. C. router ospf 1 creates an OSPF routing instance and this process ID should be different for each Security Gateway. D. router ospf 1 creates an OSPF routing instance and Read more [...]
EnsurepassQuestion 231 Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)? A. Local IP addresses are not configured, remote IP addresses are configured B. VTI specific additional local and remote IP addresses are not configured C. VTIs are only supported on SecurePlatform D. VTIs cannot be assigned a proxy interface   Answer: B     Question 232 Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)? A. VTIs are assigned only Read more [...]
EnsurepassQuestion 221 After Travis added new processing cores on his server, CoreXL did not use them.  What would be the most plausible reason why? Travis did not: A. Edit the Gateway Properties and increase the kernel instances. B. Run cpconfig to increase the number of CPU cores. C. Edit the Gateway Properties and increase the number of CPU cores. D. Run cpconfig to increase the kernel instances.   Answer: D     Question 222 Steve tries to configure Directional VPN Rule Match Read more [...]
EnsurepassQuestion 211 If the number of kernel instances for CoreXL shown is 6, how many cores are in the physical machine? A. 6 B. 8 C. 4 D. 12   Answer: B     Question 212 Which of the following is NOT accelerated by SecureXL? A. Telnet B. FTP C. SSH D. HTTPS   Answer: B     Question 213 To verify SecureXL statistics you would use the command ? A. fwaccel stats B. fw ctl pstat C. fwaccel top D. cphaprob stat   Answer: A     Question 214 How can you Read more [...]
EnsurepassQuestion 201 Review the Rule Base displayed. For which rules will the connection templates be generated in SecureXL? A. Rule nos. 2 and 5 B. Rule no. 2 only C. All rules except rule no. 3 D. Rule nos. 2 to 5   Answer: B     Question 202 Your customer asks you about the Performance Pack. You explain to him that a Performance Pack is a software acceleration product which improves the performance of the Security Gateway. You may enable or disable this acceleration by either: Read more [...]
EnsurepassQuestion 191 You are establishing a ClusterXL environment, with the following topology: External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream router connects to the same VLAN switch. Internal interfaces 172.16.10.1 and 172.16.10.2 connect to a hub. 10.10.10.0 is the synchronization network. The Security Management Server is located on the internal network with IP 172.16.10.3.  What is the problem with this configuration? A. Cluster members cannot Read more [...]
EnsurepassQuestion 181 You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76 installed in a distributed deployment. Can they be members of a Gateway Cluster? A. No, because the Security Gateways must be installed in a stand-alone installation. B. No, because IP does not have a cluster option. C. Yes, as long as they have the same IPSO and Check Point versions. D. No, because the appliances must be of the same model (both should be IP565 or IP395).   Answer: Read more [...]
EnsurepassQuestion 171 When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information? A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces B. Load Sharing based on SPIs C. Load Sharing based on ports, VTI, and IP addresses D. Load Sharing based on IP addresses, ports, and security parameter indexes   Answer: D     Question 172 By default, the Cluster Control Protocol (CCP) Read more [...]
EnsurepassQuestion 161 You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R76. cphaprob stat shows: Which of the following is not a possible cause of this? A. You have a different number of cores defined for CoreXL between the two members B. Member 1 has CoreXL disabled and member 2 does not C. Member 1 is at a lower version than member 2 D. You have not run cpconfig on member 2 yet.   Answer: D     Question 162 In Management High Availability, Read more [...]