[Pinpoint] 156-915.77 Check Point rapidshare 101-110 (Oct 2017)

Testking offers free demo for 156-915.77 exam. "Check Point Certified Security Expert Update Blade", also known as 156-915.77 exam, is a Check Point Certification. This set of posts, Passing the Check Point 156-915.77 exam, will help you answer those questions. The 156-915.77 Questions & Answers covers all the knowledge points of the real exam. 100% real Check Point 156-915.77 exams and revised by experts!

Q101. - (Topic 10) 

Where does the security administrator activate Identity Awareness within SmartDashboard? 

A. Gateway Object > General Properties 

B. Security Management Server > Identity Awareness 

C. Policy > Global Properties > Identity Awareness 

D. LDAP Server Object > General Properties 

Answer:

Topic 11, Advanced Firewall 


Q102. - (Topic 11) 

Which of the following CLISH commands would you use to set the admin user's shell to bash? 

A. set user admin shell bash 

B. set user admin shell /bin/bash 

C. set user admin shell = /bin/bash 

D. set user admin /bin/bash 

Answer:


Q103. - (Topic 11) 

What is Check Point's CoreXL? 

A. A way to synchronize connections across cluster members 

B. TCP-18190 

C. Multiple core interfaces on the device to accelerate traffic 

D. Multi Core support for Firewall Inspection 

Answer:


Q104. CORRECT TEXT - (Topic 15) 

Fill in the blanks. To view the number of concurrent connections going through core 0 on the firewall, you would use the command and syntax __ __ _ ___ __ ___________ __ . 

Answer: fw –i 0 tab –t connections –s 


Q105. CORRECT TEXT - (Topic 13) 

Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL) connections with the LDAP Server is 

Answer: 636 


Q106. - (Topic 9) 

How granular may an administrator filter an Access Role with identity awareness? Per: 

A. Specific ICA Certificate 

B. AD User 

C. Radius Group 

D. Windows Domain 

Answer:


Q107. - (Topic 4) 

You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer. 

A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule. 

B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT). 

C. Yes, there are always as many active NAT rules as there are connections. 

D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT). 

Answer:


Q108. - (Topic 4) 

You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer. 

A. The Administrator decides the rule order by shifting the corresponding rules up and down. 

B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range. 

C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range. 

D. The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others. 

Answer: B Topic 5, User Managment and Authentication Obj 1 


Q109. - (Topic 13) 

Which process should you debug if SmartDashboard login fails? 

A. sdm 

B. cpd 

C. fwd 

D. fwm 

Answer:


Q110. - (Topic 4) 

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) 

When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5? 

A. o=outbound kernel, before the virtual machine 

B. I=inbound kernel, after the virtual machine 

C. O=outbound kernel, after the virtual machine 

D. i=inbound kernel, before the virtual machine 

Answer: