Top Quality CheckPoint 156-915.77 Free Exam Questions Online

Exambible offers free demo for 156-915.77 exam. "Check Point Certified Security Expert Update Blade", also known as 156-915.77 exam, is a CheckPoint Certification. This set of posts, Passing the CheckPoint 156-915.77 exam, will help you answer those questions. The 156-915.77 Questions & Answers covers all the knowledge points of the real exam. 100% real CheckPoint 156-915.77 exams and revised by experts!

Free demo questions for CheckPoint 156-915.77 Exam Dumps Below:


What type of traffic can be re-directed to the Captive Portal?

  • A. SMTP
  • B. HTTP
  • C. All of the above
  • D. FTP

Answer: B


The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

  • A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
  • B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
  • C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
  • D. You can limit the authentication attempts in the User Properties’ Authentication tab.

Answer: B


When do modifications to the Event Policy take effect?

  • A. As soon as the Policy Tab window is closed.
  • B. When saved on the SmartEvent Server and installed to the Correlation Units.
  • C. When saved on the Correlation Units, and pushed as a policy.
  • D. When saved on the SmartEvent Client, and installed on the SmartEvent Server.

Answer: B


How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?

  • A. By using the Clear User Cache button in SmartDashboard.
  • B. Usernames and passwords only clear from memory after they time out.
  • C. By retrieving LDAP user information using the command fw fetchldap.
  • D. By installing a Security Policy.

Answer: D


Your main internal network allows all traffic to the Internet using Hide NAT. You also have a small network behind the internal router. You want to configure the kernel to translate the source address only when network tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

  • A. Configure three Manual Static NAT rules for network, one for each service.
  • B. Configure Automatic Static NAT on network
  • C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network
  • D. Configure Automatic Hide NAT on network and then edit the Service column in the NAT Rule Base on the automatic rule.

Answer: C


The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?

  • A. When accuracy in detecting identity is crucial
  • B. Leveraging identity for Data Center protection
  • C. Protecting highly sensitive servers
  • D. Identity based enforcement for non-AD users (non-Windows and guest users)

Answer: D


The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?

  • A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
  • B. Reinstall the Security Management Server and restore using upgrade_import.
  • C. Type fwm lock_admin -ua from the Security Management Server command line.
  • D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.

Answer: C


What happens if the identity of a user is known?

  • A. If the user credentials do not match an Access Role, the system displays the Captive Portal.
  • B. If the user credentials do not match an Access Role, the system displays a sandbox.
  • C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
  • D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.

Answer: D


To run GAiA in 64bit mode, which of the following is true?
1) Run set edition default 64-bit.
2) Install more than 4 GB RAM.
3) Install more than 4 TB of Hard Disk.

  • A. 1 and 3
  • B. 1 and 2
  • C. 2 and 3
  • D. 1, 2, and 3

Answer: B

Type the full cphaprob command and syntax that will show full synchronization status.

cphaprob -i list

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

Type the full fw command and syntax that will show full synchronization status.

fw ctl pstat

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A


Your primary Security Gateway runs on GAiA. What is the easiest way to back up your
Security Gateway R77 configuration, including routing and network configuration files?

  • A. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
  • B. Using the native GAiA backup utility from command line or in the Web based user interface.
  • C. Using the command upgrade_export.
  • D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.

Answer: B

Fill in the blank.
156-915.77 dumps exhibit
In New Mode HA, the internal cluster IP VIP address is The internal interfaces on two members are and Internal host pings, and receives replies. Review the ARP table from the internal Windows host According to the output, which member is the standby machine?


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A


Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?

  • A. Hide
  • B. Static Destination
  • C. Static Source
  • D. Dynamic Destination

Answer: A


You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?

  • A. Domain VPN takes precedence over the route-based VT
  • B. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
  • C. Domain VPN takes precedence over the route-based VT
  • D. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain
  • E. Route-based VTI takes precedence over the Domain VP
  • F. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
  • G. Route-based VTI takes precedence over the Domain VP
  • H. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.

Answer: B


In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why?

  • A. sglondon_1 because it the first configured object with the lowest IP.
  • B. sglondon_2 because sglondon_1 has highest IP.
  • C. sglondon_1, because it is up again, sglondon_2 took over during reboot.
  • D. sglondon_2 because it has highest priority.

Answer: D


Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?
156-915.77 dumps exhibit
156-915.77 dumps exhibit

  • A. The configuration file $FWDIR/conf/fwauthd.conf is incorrect.
  • B. The Security Policy is not correct.
  • C. You can't use any port other than the standard port 900 for Client Authentication via HTTP.
  • D. The service FW_clntauth_http configuration is incorrect.

Answer: A


P.S. 2passeasy now are offering 100% pass ensure 156-915.77 dumps! All 156-915.77 exam questions have been updated with correct answers: (203 New Questions)