All About 156-315.77 exam Feb 2021
Your success in Check Point 156-315.77 is our sole target and we develop all our 156-315.77 braindumps in a way that facilitates the attainment of this target. Not only is our 156-315.77 study material the best you can find, it is also the most detailed and the most updated. 156-315.77 Practice Exams for Check Point 156-315.77 are written to the highest standards of technical accuracy.
Q391. - (Topic 5)
Which statement is TRUE for route-based VPNs?
A. Route-based VPNs replace domain-based VPNs.
B. Route-based VPNs are a form of partial overlap VPN Domain.
C. IP Pool NAT must be configured on each gateway.
D. Dynamic-routing protocols are not required.
Q392. - (Topic 3)
You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?
A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
B. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.
C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
D. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain
Q393. - (Topic 6)
What are theSmart ProvisioningPolicy Status indicators?
A. OK, Down, Up, Synchronized
B. OK, Waiting, Out of Sync, Not Installed, Not communicating
C. OK, Unknown, Not Installed, May be out of date
D. OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date
Q394. - (Topic 6)
You have configured an LDAP account unit and confirmed the Apply & Fetch Branches option works in SSL VPN, but end users still cannot be authenticated. What is the MOST LIKELY cause?
A. The Administrator's login is incorrect.
B. The LDAP server is incorrectly configured.
C. The user is not defined in Active Directory.
D. The LDAP account unit's login Distinguished Name is incorrectly configured.
Q395. - (Topic 4)
You set up a mesh VPN Community, so your internal networks can access your partner's network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All other traffic among your internal and partner networks is sent in clear text. How do you configure the VPN Community?
A. Disable "accept all encrypted traffic", and put FTP and HTTP in the Excluded services in the Community object. Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field.
B. Disable "accept all encrypted traffic" in the Community, and add FTP and HTTP services to the Security Policy, with that Community object in the VPN field.
C. Enable "accept all encrypted traffic", but put FTP and HTTP in the Excluded services in the Community. Add a rule in the Security Policy, with services FTP and http, and the Community object in the VPN field.
D. Put FTP and HTTP in the Excluded services in the Community object. Then add a rule in the Security Policy to allow Any as the service, with the Community object in the VPN field.
Q396. - (Topic 1)
A Zero Downtime Upgrade of a cluster:
A. Upgrades all cluster members except one at the same time.
B. Is only supported in major releases (R70 to R71, R71 toR76).
C. Treats each individual cluster member as an individual gateway.
D. Is not a valid upgrade method inR76.
Q397. - (Topic 3)
Which of the following platforms does NOT support SecureXL?
A. Power-1 Appliance
B. IP Appliance
C. UTM-1 Appliance
Q398. - (Topic 5)
Your current VPN-1 NG with Application Intelligence (Al) R55standalone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with Al R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies.
How do you request a new license for this VPN-1 NGX upgrade?
A. Request a VPN-1 NGX SmartCenter Server license, using the new machine's IP address. Request a new local license for the NGX VPN-1 Pro Gateway.
B. Request a VPN-1 NGX SmartCenter Server license, using the new machine's IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with Al SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
D. Request a VPN-1 NGX SmartCenter Server license, using the NG with Al SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway, licensed for the existing SmartCenter Server IP address.
Q399. - (Topic 6)
Smart Provisioningcan provision the Operating System and network settings on which of the following?
A. IPSO 4.2 Security Gateways
B. Edge firmware 6.x and above
C. R65 HFA 40 Security Gateways arid above
D. NGX Security Appliances
Q400. - (Topic 1)
Jon is explaining how the inspection module works to a colleague. If a new connection passes through the inspection module and the packet matches the rule, what is the next step in the process?
A. Verify if the packet should be moved through the TCP/IP stack.
B. Verify if any logging or alerts are defined.
C. Verify if the packet should be rejected.
D. Verify if another rule exists.