31 October, 2024

The Rebirth Guide To 156-915.77 Preparation

It is impossible to pass CheckPoint 156-915.77 exam without any help in the short term. Come to Pass4sure soon and find the most advanced, correct and guaranteed CheckPoint 156-915.77 practice questions. You will get a surprising result by our Updated Check Point Certified Security Expert Update Blade practice guides.

Page: 1 / 16

Total 203 questions Full Exam Access

Question 1

- (Topic 1)
Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.

Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows

Check Point GAiA and SecurePlatform, and Microsoft Windows

Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO

Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows

Question 2

- (Topic 4)
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

No extra configuration is needed.

A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.

The NAT IP address must be added to the external Gateway interface anti-spoofing group.

A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Question 3

- (Topic 9)
Access Role objects define users, machines, and network locations as:

Credentialed objects

Linked objects

One object

Separate objects

Question 4

- (Topic 4)
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

Automatic ARP must be unchecked in the Global Properties.

Nothing else must be configured.

A static route must be added on the Security Gateway to the internal host.

A static route for the NAT IP must be added to the Gateway’s upstream router.

Question 5

- (Topic 2)
Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?

On a GAiA Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.

Create a time object, and add 48 hours as the interva

Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object.

Create a time object, and add 48 hours as the interva

Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.

Create a time object, and add 48 hours as the interva

Select that time object’s Global Properties > Logs and Masters window, to schedule a logswitch.

Question 6

- (Topic 14)
Match the ClusterXL modes with their configurations. Exhibit:
156-915.77 dumps exhibit

A-2, B-3, C-4, D-1

A-2, B-3, C-1, D-5

A-3, B-5, C-1, D-4

A-5, B-2, C-4, D-1

Question 7

- (Topic 10)
What command with appropriate switches would you use to test Identity Awareness connectivity?

test_ldap

test_ad_connectivity

test_ldap_connectivity

test_ad

Question 8

- (Topic 15)
You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?

Domain VPN takes precedence over the route-based VT

To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community

Domain VPN takes precedence over the route-based VT

To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain

Route-based VTI takes precedence over the Domain VP

To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes

Route-based VTI takes precedence over the Domain VP

Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.

Question 9

- (Topic 16)
When do modifications to the Event Policy take effect?

As soon as the Policy Tab window is closed.

When saved on the SmartEvent Server and installed to the Correlation Units.

When saved on the Correlation Units, and pushed as a policy.

When saved on the SmartEvent Client, and installed on the SmartEvent Server.

Question 10

- (Topic 1)
You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?

Manual copies of the directory $FWDIR/conf

GAiA back up utilities

upgrade_export and upgrade_import commands

Database Revision Control

Question 11

- (Topic 6)
Study the Rule base and Client Authentication Action properties screen -
156-915.77 dumps exhibit

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:

user is prompted for authentication by the Security Gateway again.

FTP data connection is dropped after the user is authenticated successfully.

user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication.

FTP connection is dropped by Rule 2.

Question 12

- (Topic 15)
Your organization maintains several IKE VPN’s. Executives in your organization want to know which mechanism Security Gateway R77 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?

Certificate Revocation Lists

Application Intelligence

Key-exchange protocols

Digital signatures

Question 13

CORRECT TEXT - (Topic 13)
Fill in the blank with a numeric value. The default port number for standard TCP connections with the LDAP server is
Solution:
389

Does this meet the goal?

Yes

Question 14

- (Topic 5)
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

FTP

SMTP

HTTP

RLOGIN

Question 15

- (Topic 14)
John is configuring a new R77 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.
156-915.77 dumps exhibit

What’s happening?

ClusterXL needs to be unselected to permit third party clustering configuration.

Third Party Clustering is not available for R77 Security Gateways.

John has an invalid ClusterXL license.

John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.

Question 16

CORRECT TEXT - (Topic 14)
Type the command and syntax that you would use to view the virtual cluster interfaces of a ClusterXL environment.
Solution:
cphaprob -a if

Does this meet the goal?

Yes

Question 17

- (Topic 2)
Your company is running Security Management Server R77 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?

Using SmartDashboard, under Users, select Add New Administrator

Using SmartDashboard or cpconfig

Using the Web console on GAiA under Product configuration, select Administrators

Using cpconfig on the Security Management Server, choose Administrators

Question 18

- (Topic 2)
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.

/etc/sysconfig/netconf.C

/etc/conf/route.C

/etc/sysconfig/network-scripts/ifcfg-ethx

/etc/sysconfig/network

Question 19

- (Topic 8)
When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?

Leveraging identity in the application control blade

Basic identity enforcement in the internal network

Identity-based auditing and logging

Identity-based enforcement for non-AD users (non-Windows and guest users)

Question 20

CORRECT TEXT - (Topic 14)
Write the full fw command and syntax that you would use to troubleshoot ClusterXL sync issues.
Solution:
fw tab -s -t connections

Does this meet the goal?

Yes

Page: 1 / 16

Total 203 questions Full Exam Access