Check Point Certified Security Administrator Set 9

Question - 15 Maximum mark : - 29

Home
All Exams
Check Point Certified Security Administrator Online Practice Exams
Check Point Certified Security Administrator Set 9

Your organization maintains several IKE VPNs. Executives in your organization want to know which mechanism Security Gateway R75 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?

Key-exchange protocols ✘ Digital signatures ✘ Certificate Revocation Lists ✘ Application Intelligence ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Which of the following provides confidentiality services for data and messages in a Check Point VPN?

Cryptographic checksums ✘ Digital signatures ✘ Asymmetric Encryption ✘ Symmetric Encryption ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:

Two star and one mesh Community: One star Community is set up for each site, with headquarters as
the center of the Community and its branches as satellites. The mesh Community includes only New York and London Gateways. ✘ One star Community with the option to mesh the center of the star: New York and London Gatewaysadded to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite
window. ✘ Two mesh and one star Community One mesh Community is set up for each of the headquarters andits branch offices The star Community is configured with London as the center of the Community and
New York is the satellite. ✘ Three mesh Communities: One for London headquarters and its branches, one for New Yorkheadquarters and its branches, and one f;or London and New York headquarters. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Which of these attributes would be critical for a site-to-site VPN?

Strong authentication ✘ Centralized management ✘ Strong data encryption ✘ Scalability to accommodate user groups ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Which of the following is NOT true for Clientless VPN?

The Gateway accepts any encryption method that is proposed by the client and supported in the VPN ✘ Secure communication is provided between clients and servers that support HTTP ✘ User Authentication is supported ✘ The Gateway can enforce the use of strong encryption ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

Manually import your partner's Certificate Revocation List. ✘ Exchange exported CA keys and use them to create a new server object to represent your partner'sCertificate Authority (CA). ✘ Create a new logical-server object to represent your partner's CA ✘ Manually import your partner's Control List. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration?

This cannot be done without downtime as a VPN between a traditional mode Gateway and a simplified mode Gateway does not work. ✘ You first need to completely rewrite all policies in simplified mode and then push this new policy to allGateways at the same time. ✘ This can not be done as it requires a SIC- reset on the Gateways first forcing an outage. ✘ Convert the required Gateway policies using the simplified VPN wizard, check their logic and thenmigrate Gateway per Gateway. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for
higher performance for setting up the tunnel. ✘ All is fine and can be used as is. ✘ Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length inphase 2 only costs performance and does not add security due to a shorter key in phase 1. ✘ The 2 algorithms do not have the same key length and so dont work together. You will get the error ....No proposal chosen.... ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Why are certificates preferred over pre-shared keys in an IPsec VPN?

Weak scalability: PSKs need to be set on each and every Gateway ✘ Weak performance: PSK takes more time to encrypt than Drffie-Hellman ✘ Weak security: PSKs can only have 112 bit length. ✘ Weak Security: PSK are static and can be brute-forced. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

10.

Multi-Corp must comply with industry regulations in implementing VPN solutions among multiple sites. The corporate Information Assurance policy defines the following requirements:
What is the most appropriate setting to comply with these requirements?
Portability Standard
Key management Automatic, external PKI
Session keys changed at configured times during a connections lifetime
Key length No less than 128-bit
Data integrity Secure against inversion and brute-force attacks
What is the most appropriate setting to comply with theses requirements?

IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for phase 2, AES hash ✘ IKE VPNs: DES encryption for IKE phase 1, and 3DES encryption for phase 2, MD 5 hash ✘ IKE VPNs: CAST encryption for IKE Phase 1, and SHA 1 encryption for phase 2, DES hash ✘ IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Prev Next

Congratulations

you have successfully completed the test

Back to Question View Result

Detail Form

We will send your result on your email id and phone no. please fill detail

Name

Email ID Note: Report will be send to the above Email ID

Phone No

Check Point Certified Security Administrator Set 9

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner