156-215.75 Online Practice Questions and Answers

The Security Gateway is installed on SecurePlatform R75. The default port for the Web User Interface is _______.

A. TCP 18211

B. TCP 257

C. TCP 4433

D. TCP 443

You need to plan the company's new security system. The company needs a very high level of security and also high performance and high throughput for their applications. You need to turn on most of the integrated IPS checks while maintaining high throughput. What would be the BEST solution for this scenario?

A. You need to buy a strong multi-core machine and run R70 or later on SecurePlatform with CoreXL technology enabled.

B. Bad luck, both together can not be achieved.

C. The IPS does not run when CoreXL is enabled.

D. The IPS system does not affect the firewall performance and CoreXL is not needed in this scenario.

Which of the following is NOT a valid selection for tracking and controlling packets in R75?

A. Reject

B. Accept

C. Hold

D. Session Auth

What happens when you select File > Export from the SmartView Tracker menu?

A. Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

B. Exported log entries are not viewable in SmartView Tracker.

C. Current logs are exported to a new *.log file.

D. Exported log entries are deleted from fw.log.

Which of the following can be found in cpinfo from an enforcement point?

A. The complete file objects_5_0. c

B. Policy file information specific to this enforcement point

C. Everything NOT contained in the file r2info

D. VPN keys for all established connections to all enforcement points

What physical machine must have access to the User Center public IP address when checking for new packages with smartUpdate?

A. SmartUpdate GUI PC

B. SmartUpdate Repository SQL database Server

C. A Security Gateway retrieving the new upgrade package

D. SmartUpdate installed Security Management Server PC

After installing Security Gateway R75, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a Get Topology request. What is the most likely cause and solution?

A. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R75 Hotfix Accumulator (HFA).

B. The NIC is faulty. Replace it and reinstall.

C. Make sure the driver for your particular NIC is available, and reinstall. You will be prompted for the driver.

D. If an interface is not configured, it is not recognized. Assign an IP address and subnet mask using the WebUI.

Which authentication type permits five different sign-on methods in the authentication properties window?

A. Manual Authentication

B. Client Authentication

C. Session Authentication

D. User Authentication

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.

B. All is fine and can be used as is.

C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

D. The 2 algorithms do not have the same key length and so don't work together. You will get the error ".... No proposal chosen...."

Why are certificates preferred over pre-shared keys in an IPsec VPN?

A. Weak scalability: PSKs need to be set on each and every Gateway

B. Weak performance: PSK takes more time to encrypt than Drffie-Hellman

C. Weak security: PSKs can only have 112 bit length.

D. Weak Security: PSK are static and can be brute-forced.