Check Point 156-215.77 Exam Questions 2021

NEW QUESTION 1
What is also referred to as Dynamic NAT?

• A. Automatic NAT
• B. Static NAT
• C. Manual NAT
• D. Hide NAT

Answer: D

NEW QUESTION 2
You are running a R77 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?

• A. manual backup
• B. upgrade_export
• C. backup
• D. snapshot

Answer: D

NEW QUESTION 3
Identify the ports to which the Client Authentication daemon listens by default.

• A. 259, 900
• B. 256, 600
• C. 80, 256
• D. 8080, 529

Answer: A

NEW QUESTION 4
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

• A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
• B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.
• C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
• D. Place a static host route on the firewall for the valid IP address to the internal Web server.

Answer: B

NEW QUESTION 5
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

• A. You checked the cache password on desktop option in Global Properties.
• B. Another rule that accepts HTTP without authentication exists in the Rule Base.
• C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
• D. Users must use the SecuRemote Client, to use the User Authentication Rule.

Answer: B

NEW QUESTION 6
Which of the following are authentication methods that Security Gateway R77 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.

• A. Proxied, User, Dynamic, Session
• B. Connection, User, Client
• C. User, Client, Session
• D. User, Proxied, Session

Answer: C

NEW QUESTION 7
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways.
Which two SmartConsole applications will you use to create this report and outline?

• A. SmartView Tracker and SmartView Monitor
• B. SmartLSM and SmartUpdate
• C. SmartDashboard and SmartView Tracker
• D. SmartView Monitor and SmartUpdate

Answer: D

NEW QUESTION 8
A digital signature:

• A. Guarantees the authenticity and integrity of a message.
• B. Automatically exchanges shared keys.
• C. Decrypts data to its original form.
• D. Provides a secure key exchange mechanism over the Internet.

Answer: A

NEW QUESTION 9
You are working with three other Security Administrators.
Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?

• A. Eventia Tracker
• B. SmartView Monitor
• C. Eventia Monitor
• D. SmartView Tracker

Answer: D

NEW QUESTION 10
Which of the following statements accurately describes the command snapshot?

• A. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.
• B. snapshot creates a Security Management Server full system-level backup on any OS.
• C. snapshot stores only the system-configuration settings on the Gateway.
• D. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.

Answer: A

NEW QUESTION 11
How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?

• A. Change the gateway settings to allow Captive Portal access via an external interface.
• B. No action is necessar
• C. This access is available by default.
• D. Change the Identity Awareness settings under Global Properties to allow Captive Portal access on all interfaces.
• E. Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an external interface.

Answer: A

NEW QUESTION 12
How are locally cached usernames and passwords cleared from the memory of a R77 Security Gateway?

• A. By using the Clear User Cache button in SmartDashboard.
• B. Usernames and passwords only clear from memory after they time out.
• C. By retrieving LDAP user information using the command fw fetchldap.
• D. By installing a Security Policy.

Answer: D

NEW QUESTION 13
Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?

• A. cpstat fwd
• B. fw ver
• C. fw stat
• D. fw ctl pstat

Answer: C

NEW QUESTION 14
A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway.
Which SmartConsole application should you use to check these objects and rules?

• A. SmartView Tracker
• B. SmartView Monitor
• C. SmartView Status
• D. SmartDashboard

Answer: D

NEW QUESTION 15
One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?

• A. The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
• B. The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway's Certificate.
• C. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
• D. There is no connection between the Security Management Server and the remote Gatewa
• E. Rules or routing may block the connection.

Answer: D

NEW QUESTION 16
Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?

• A. SmartUpdate will start a new installation process if the machine is rebooted.
• B. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.
• C. It contains your security configuration, which could be exploited.
• D. It will conflict with any future upgrades when using SmartUpdate.

Answer: C

NEW QUESTION 17
Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server.
What is the correct procedure for rebuilding the Gateway quickly?

• A. Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP serve
• B. Revert to the stored snapshot image, and install the Security Policy.
• C. Run the command revert to restore the snapshot, establish SIC, and install the Policy.
• D. Run the command revert to restore the snapsho
• E. Reinstall any necessary Check Point product
• F. Establish SIC and install the Policy.
• G. Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway can communicate with the TFTP serve
• H. Reinstall any necessary Check Point products and previously applied hotfixe
• I. Revert to the stored snapshot image, and install the Policy.

Answer: A