Top Quality CheckPoint 156-915.77 Free Exam Questions Online
Exambible offers free demo for 156-915.77 exam. "Check Point Certified Security Expert Update Blade", also known as 156-915.77 exam, is a CheckPoint Certification. This set of posts, Passing the CheckPoint 156-915.77 exam, will help you answer those questions. The 156-915.77 Questions & Answers covers all the knowledge points of the real exam. 100% real CheckPoint 156-915.77 exams and revised by experts!
Free demo questions for CheckPoint 156-915.77 Exam Dumps Below:
NEW QUESTION 1
What type of traffic can be re-directed to the Captive Portal?
- A. SMTP
- B. HTTP
- C. All of the above
- D. FTP
Answer: B
NEW QUESTION 2
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
- A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
- B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
- C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
- D. You can limit the authentication attempts in the User Properties’ Authentication tab.
Answer: B
NEW QUESTION 3
When do modifications to the Event Policy take effect?
- A. As soon as the Policy Tab window is closed.
- B. When saved on the SmartEvent Server and installed to the Correlation Units.
- C. When saved on the Correlation Units, and pushed as a policy.
- D. When saved on the SmartEvent Client, and installed on the SmartEvent Server.
Answer: B
NEW QUESTION 4
How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?
- A. By using the Clear User Cache button in SmartDashboard.
- B. Usernames and passwords only clear from memory after they time out.
- C. By retrieving LDAP user information using the command fw fetchldap.
- D. By installing a Security Policy.
Answer: D
NEW QUESTION 5
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
- A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.
- B. Configure Automatic Static NAT on network 10.10.20.0/24.
- C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
- D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.
Answer: C
NEW QUESTION 6
The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?
- A. When accuracy in detecting identity is crucial
- B. Leveraging identity for Data Center protection
- C. Protecting highly sensitive servers
- D. Identity based enforcement for non-AD users (non-Windows and guest users)
Answer: D
NEW QUESTION 7
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
- A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
- B. Reinstall the Security Management Server and restore using upgrade_import.
- C. Type fwm lock_admin -ua from the Security Management Server command line.
- D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Answer: C
NEW QUESTION 8
What happens if the identity of a user is known?
- A. If the user credentials do not match an Access Role, the system displays the Captive Portal.
- B. If the user credentials do not match an Access Role, the system displays a sandbox.
- C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
- D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.
Answer: D
NEW QUESTION 9
To run GAiA in 64bit mode, which of the following is true?
1) Run set edition default 64-bit.
2) Install more than 4 GB RAM.
3) Install more than 4 TB of Hard Disk.
- A. 1 and 3
- B. 1 and 2
- C. 2 and 3
- D. 1, 2, and 3
Answer: B
NEW QUESTION 10
CORRECT TEXT
Type the full cphaprob command and syntax that will show full synchronization status.
Solution:
cphaprob -i list
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 11
CORRECT TEXT
Type the full fw command and syntax that will show full synchronization status.
Solution:
fw ctl pstat
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 12
Your primary Security Gateway runs on GAiA. What is the easiest way to back up your
Security Gateway R77 configuration, including routing and network configuration files?
- A. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
- B. Using the native GAiA backup utility from command line or in the Web based user interface.
- C. Using the command upgrade_export.
- D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.
Answer: B
NEW QUESTION 13
CORRECT TEXT
Fill in the blank.
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2 Internal host 10.4.8.108 pings 10.4.8.3, and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. According to the output, which member is the standby machine?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 14
Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?
- A. Hide
- B. Static Destination
- C. Static Source
- D. Dynamic Destination
Answer: A
NEW QUESTION 15
You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?
- A. Domain VPN takes precedence over the route-based VT
- B. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
- C. Domain VPN takes precedence over the route-based VT
- D. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain
- E. Route-based VTI takes precedence over the Domain VP
- F. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
- G. Route-based VTI takes precedence over the Domain VP
- H. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.
Answer: B
NEW QUESTION 16
In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why?
- A. sglondon_1 because it the first configured object with the lowest IP.
- B. sglondon_2 because sglondon_1 has highest IP.
- C. sglondon_1, because it is up again, sglondon_2 took over during reboot.
- D. sglondon_2 because it has highest priority.
Answer: D
NEW QUESTION 17
Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?
- A. The configuration file $FWDIR/conf/fwauthd.conf is incorrect.
- B. The Security Policy is not correct.
- C. You can't use any port other than the standard port 900 for Client Authentication via HTTP.
- D. The service FW_clntauth_http configuration is incorrect.
Answer: A
NEW QUESTION 18
......
P.S. 2passeasy now are offering 100% pass ensure 156-915.77 dumps! All 156-915.77 exam questions have been updated with correct answers: https://www.2passeasy.com/dumps/156-915.77/ (203 New Questions)