Shortcuts To 156-915.77(11 to 20)

Proper study guides for Update Check Point Check Point Certified Security Expert Update Blade certified begins with Check Point 156-915.77 preparation products which designed to deliver the Precise 156-915.77 questions by making you pass the 156-915.77 test at your first time. Try the free 156-915.77 demo right now.

Q11. - (Topic 10) 

Which of the following items should be configured for the Security Management Server to authenticate via LDAP? 

A. Check Point Password 

B. Active Directory Server object 

C. Windows logon password 

D. WMI object 

Answer:


Q12. - (Topic 15) 

You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information. 

You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels. 

What is the problem and how do you make the VPN use the VTI tunnels? 

A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community 

B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain 

C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes 

D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP. 

Answer:


Q13. CORRECT TEXT - (Topic 14) 

To stop acceleration on a GAiA Security Gateway, enter command: 

Answer: fwaccel off 


Q14. - (Topic 16) 

When migrating the SmartEvent data base from one server to another, the first step is to back up the files on the original server. Which of the following commands should you run to back up the SmartEvent data base? 

A. migrate export 

B. eva_db_backup 

C. snapshot 

D. backup 

Answer:


Q15. CORRECT TEXT - (Topic 14) 

Fill in the blank. 

In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 

10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member’s IP address? 

Answer: 10.4.8.2 


Q16. - (Topic 6) 

Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77? 

A. External-user group 

B. LDAP group 

C. A group with a generic user 

D. All Users 

Answer:


Q17. - (Topic 1) 

Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration. 

An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing? 

A. The restore is not possible because the backup file does not have the same build number (version). 

B. The restore is done by selecting Snapshot Management from the boot menu of GAiA. 

C. The restore can be done easily by the command restore and copying netconf.C from the production environment. 

D. A backup cannot be restored, because the binary files are missing. 

Answer:


Q18. - (Topic 2) 

Where can you find the Check Point’s SNMP MIB file? 

A. $CPDIR/lib/snmp/chkpt.mib 

B. $FWDIR/conf/snmp.mib 

C. It is obtained only by request from the TAC. 

D. There is no specific MIB file for Check Point products. 

Answer:

20. - (Topic 2) 

Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources’ servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished? 

A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On. 

B. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target. 

C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets. 

D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target. 

Answer:


Q19. - (Topic 1) 

Which of the following statements accurately describes the command upgrade_export? 

A. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server. 

B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version. 

C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting. 

D. This command is no longer supported in GAiA. 

Answer:


Q20. - (Topic 1) 

Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module? 

A. cpstat fwd 

B. fw ver 

C. fw stat 

D. fw ctl pstat 

Answer: