how to use 156 215.77 pdf
Your success in Check Point ccsa 156 215.77 is our sole target and we develop all our ccsa 156 215.77 braindumps in a way that facilitates the attainment of this target. Not only is our 156 215.77 pdf study material the best you can find, it is also the most detailed and the most updated. checkpoint 156 215.77 Practice Exams for Check Point CCSA checkpoint 156 215.77 are written to the highest standards of technical accuracy.
Q1. - (Topic 2)
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?
A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
B. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
C. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ's interface.
Answer: C
Q2. - (Topic 1)
Which of the following tools is used to generate a Security Gateway R77 configuration report?
A. infoCP
B. cpinfo
C. infoview
D. fw cpinfo
Answer: B
Q3. - (Topic 2)
Which answers are TRUE? Automatic Static NAT CANNOT be used when:
1) NAT decision is based on the destination port.
2) Both Source and Destination IP's have to be translated.
3) The NAT rule should only be installed on a dedicated Gateway.
4) NAT should be performed on the server side.
A. 2 and 3
B. 1, 3, and 4
C. 1 and 2
D. 2 and 4
Answer: C
Q4. - (Topic 1)
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?
A. Active-X must be allowed on the client.
B. The SNX client application must be installed on the client.
C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
D. An office mode address must be obtained by the client.
Answer: C
Q5. - (Topic 3)
Reviewing the Rule Base,
you see that ________ is responsible for the installation failure. A. Rule 4
B. Rule 5
C. Rule 7
D. Rule 8
Answer: A
Q6. - (Topic 2)
All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:
A. Exclusion of specific services for reporting purposes.
B. Specific traffic that facilitates functionality, such as logging, management, and key exchange.
C. Acceptance of IKE and RDP traffic for communication and encryption purposes.
D. Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
Answer: A
Q7. - (Topic 2)
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R77 Gateway.
B. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
C. The Security Policy installed to the Gateway had no rules in it.
D. The Allow Control Connections setting in Policy > Global Properties has been unchecked.
Answer: D
Q8. - (Topic 3)
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
B. All is fine and can be used as is.
C. The two algorithms do not have the same key length and so don't work together. You will get the error …. No proposal chosen….
D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
Answer: D
Q9. - (Topic 3)
Which tool CANNOT be launched from SmartUpdate R77?
A. SecurePlatform WebUI
B. cpinfo
C. IP Appliance Voyager
D. snapshot
Answer: D
Q10. - (Topic 1)
An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
A. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
B. You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway's topology.
C. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.
D. You first need to run the command fw unloadlocal on the R75 Security Gateway appliance in order to remove the restrictive default policy.
Answer: B