Sample Questions:
What type(s) of VTI interfaces do Edge gateways support?
Both numbered and unnumbered
Unnumbered interfaces
Numbered interfaces
Neither numbered and unnumbered
What does the command vpn shell interface add numbered 192.168.0.1 192.168.0.2 Gateway_A to_B accomplish?
Between Security Gateways A and B, 192.168.0.1 is assigned as the endpoint IP address to Gateway A. 192.168.0.2 is assigned to Gateway B. Between Security Gateways A and B 192.168.0.2 is assigned as the endpoint IP address to Gateway A. 192.168.0.1 is assigned to Gateway B. shell is not a valid option for the command vpn.
This command can be used to create a VPN tunnel from the command line without having any VPN configuration in Smart Dashboard (although “IPSec VPN†must still be enabled on the gateway).
You are configuring a VTI in a clustered environment. Which of the following must be TRUE?
Every interface on each member requires a unique IP address.
Each member must have the same source IP address.
You do not need to have cluster IP addresses.
You cannot set up a VTI in a clustered environment.
You are configuring VTIs in a clustered environment. On Peer A the VTI name is VT_Cluster_GWA and on Peer B the VTI name is VT_Cluster_GWB. You find that the route based tunnel is not coming up. What could be the cause?
The names for your peers have been reversed
You have not issued the command vpn write config command.
You have not licensed your gateways for VTIs.
All VTIs going to the same remote peer must have the same name.
What are the common Best Practices for configuring QoS over a route-based VPN?
IKE traffic must have a minimum Guarantee of 50% of the external interface throughput.
QoS is not supported
Ensure the VTI is numbered
Ensure the VTI is unnumbered
You want to enable OSPF on Secure Platform, but you notice that the required gated daemon is not running. How can you enable this?
Enter cpconfig, type Y to enable OSPF, type Y to restart Check Point services
Enter cpconfig, type Y to enable Advanced Routing, type Y to restart Check Point services
At the command prompt enter tellpm gated.
Add an OSPF rule to your Rule Base
You are configuring OSPF on your Secure Platform firewall. You are in expert mode and run the commands: interface vt-Gateway_C IP ospf 1 area 0.0.0.0 exit When you run show running-config you do not see your OSPF configuration listed Why?
You did not run command save running config before you exited.
You should not have moved to expert mode to make these configurations.
You did not run command save configuration before you exited.
You did not run command enable before you exited.
