16 October, 2019

Check Point Certified Security Administrator – GAiA 156-215.77 Braindumps

Want to know ccsa 156 215.77 features? Want to lear more about exam 156 215.77 experience? Study 156 215.77 pdf. Gat a success with an absolute guarantee to pass Check-Point 156-215.77 (Check Point Certified Security Administrator – GAiA) test on your first attempt.

Free demo questions for Check-Point 156-215.77 Exam Dumps Below:

Page: 1 / 32

Total 388 questions Full Exam Access

Question 1

Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism, when logging in to a remote server with Telnet?

Manual Sign On

Agent Automatic Sign On

Partially Automatic Sign On

Standard Sign On

Question 2

Select the TRUE statements about the Rule Base shown? Exhibit:
156-215.77 dumps exhibit

1) HTTP traffic from webrome to websingapore will be encrypted.
2) HTTP traffic from websingapore to webrome will be encrypted.
3) HTTP traffic from webrome to websingapore will be authenticated.
4) HTTP traffic from websingapore to webrome will be blocked.

1, 2, and 3

3 only

2 and 3

3 and 4

Question 3

Which rule position in the Rule Base should hold the Cleanup Rule? Why?

Firs

It explicitly accepts otherwise dropped traffic.

Las

It explicitly drops otherwise accepted traffic.

Las

It serves a logging function before the implicit drop.

Before last followed by the Stealth Rule.

Question 4

You plan to create a backup of the rules, objects, policies, and global properties from an R77 Security Management Server. Which of the following backup and restore solutions can you use?
156-215.77 dumps exhibit

2, 4, and 5

1, 2, 3, 4, and 5

1, 2, and 3

1, 3, and 4

Question 5

Static NAT connections, by default, translate on which firewall kernel inspection point?

Inbound

Outbound

Post-inbound

Eitherbound

Question 6

What happens when you select File

Current logs are exported to a new *.log file.

Exported log entries are not viewable in SmartView Tracker.

Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

Exported log entries are deleted from fw.log.

Question 7

How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?

SNMP trap alert script

Custom scripts cannot be executed through alert scripts.

User-defined alert script

Pop-up alert script

Question 8

Which of these Security Policy changes optimize Security Gateway performance?

Using groups within groups in the manual NAT Rule Base.

Use Automatic NAT rules instead of Manual NAT rules whenever possible.

Using domain objects in rules when possible.

Putting the least-used rule at the top of the Rule Base.

Question 9

Which of the following is true of the Cleanup rule?

The Cleanup rule must be the last rule in a policy

The Cleanup rule is an example of an Implied rule

The Cleanup rule is important for blocking unwanted connections

The Cleanup rule should not be logged

Question 10

What CANNOT be configured for existing connections during a policy install?

Keep all connections

Keep data connections

Re-match connections

Reset all connections

Question 11

Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:
156-215.77 dumps exhibit

Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you
achieve these requirements?

Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP addres

Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range objec

Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT pag

Enter 200.200.200.5 as the hiding IP addres

Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group objec

Create a manual NAT rule like the following: Original source - group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original.

Question 12

Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?

Management tab

Custom filter

Network and Endpoint tab

Active tab

Question 13

Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?

cpstat fwd

fw ver

fw stat

fw ctl pstat

Question 14

A rule is used to prevent all traffic going to the R77 Security Gateway.

IPS

Cleanup

Reject

Stealth

Question 15

What command syntax would you use to turn on PDP logging in a distributed environment?

pdp track=1

pdp tracker on

pdp logging on

pdp log=1

Question 16

SmartView Tracker R77 consists of three different modes. They are:

Log, Active, and Audit

Log, Active, and Management

Network and Endpoint, Active, and Management

Log, Track, and Management

Question 17

What happens if the identity of a user is known?

If the user credentials do not match an Access Role, the traffic is automatically dropped.

If the user credentials do not match an Access Role, the system displays a sandbox.

If the user credentials do not match an Access Role, the gateway moves onto the next rule.

If the user credentials do not match an Access Role, the system displays the Captive Portal.

Question 18

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of .

client side NAT

source NAT

destination NAT

None of these

Question 19

Which of the following is an authentication method used by Identity Awareness?

SSL

Captive Portal

RSA

PKI

Question 20

Which of the following is NOT a valid option when configuring access for Captive Portal?

From the Internet

Through internal interfaces

Through all interfaces

According to the Firewall Policy

Question 21

When configuring LDAP authentication, which of the following items should be configured for the Security Management Server?

Windows logon password

Check Point Password

WMI object

Question 22

Match the following commands to their correct function. Each command has one function only listed.
Exhibit:
156-215.77 dumps exhibit

Question 23

Which SmartConsole component can Administrators use to track changes to the Rule Base?

WebUI

SmartView Tracker

SmartView Monitor

SmartReporter

Question 24

Which command enables IP forwarding on IPSO?

ipsofwd on admin

echo 0

Question 25

Which statement is TRUE about implicit rules?

You create them in SmartDashboard.

The Gateway enforces implicit rules that enable outgoing packets only.

Changes to the Security Gateway’s default settings do not affect implicit rules.

They are derived from Global Properties and explicit object properties.

Question 26

One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?

The remote Gateway\'s IP address has changed, which invalidates the SIC Certificate.

The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway\'s Certificate.

The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.

There is no connection between the Security Management Server and the remote Gatewa

Rules or routing may block the connection.

Question 27

How can you most quickly reset Secure Internal Communications (SIC) between a Security Management Server and Security Gateway?

From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation ke

Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).

Use SmartUpdate to retype the Security Gateway activation ke

This will automatically sync SIC to both the Security Management Server and Gateway.

From the Security Management Server’s command line, type fw putkey -p

Question 28

Which of the following items should be configured for the Security Management Server to authenticate via LDAP?

Check Point Password

Active Directory Server object

Windows logon password

WMI object

Question 29

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

Create a new logical-server object to represent your partner’s CA.

Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).

Manually import your partner’s Certificate Revocation List.

Manually import your partner’s Access Control List.

Page: 1 / 32

Total 388 questions Full Exam Access