Download 156-215.77 Exam Questions 2021

NEW QUESTION 1
With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?

• A. Allow for unencrypted traffic
• B. Allow traffic outside the encrypted domain
• C. Enable Hot Spot/Hotel Registration
• D. Allow your users to turn off SecureClient

Answer: C

NEW QUESTION 2
You have detected a possible intruder listed in SmartView Tracker’s active pane. What is the fastest method to block this intruder from accessing your network indefinitely?

• A. Modify the Rule Base to drop these connections from the network.
• B. In SmartView Tracker, select Tools > Block Intruder.
• C. In SmartView Monitor, select Tools > Suspicious Activity Rules.
• D. In SmartDashboard, select IPS > Network Security > Denial of Service.

Answer: B

NEW QUESTION 3
You would use the Hide Rule feature to:

• A. View only a few rules without the distraction of others.
• B. Hide rules from read-only administrators.
• C. Hide rules from a SYN/ACK attack.
• D. Make rules invisible to incoming packets.

Answer: A

NEW QUESTION 4
Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.

• A. SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
• B. SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
• C. SmartView Tracker, CPINFO, SmartUpdate
• D. Security Policy Editor, Log Viewer, Real Time Monitor GUI

Answer: C

NEW QUESTION 5
Captive Portal is a that allows the gateway to request login information from the user.

• A. Pre-configured and customizable web-based tool
• B. Transparent network inspection tool
• C. LDAP server add-on
• D. Separately licensed feature

Answer: A

NEW QUESTION 6
How do you view a Security Administrator's activities with SmartConsole?

• A. Eventia Suite
• B. SmartView Monitor using the Administrator Activity filter
• C. SmartView Tracker in the Management tab
• D. SmartView Tracker in the Network and Endpoint tabs

Answer: C

NEW QUESTION 7
Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources’ servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall.
How can this be accomplished?

• A. A Rule Base is always installed on all possible target
• B. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.
• C. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.
• D. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets.
• E. A Rule Base can always be installed on any Check Point Firewall objec
• F. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.

Answer: C

NEW QUESTION 8
ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

• A. Export setup
• B. DHCP Server configuration
• C. Time & Date
• D. GUI Clients

Answer: D

NEW QUESTION 9
When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)?
Exhibit:

• A. (5) Delete all IPsec SAs for a given peer (GW)
• B. (7) Delete all IPsec+IKE SAs for a given peer (GW)
• C. (6) Delete all IPsec SAs for a given User (Client)
• D. (8) Delete all IPsec+IKE SAs for a given User (Client)

Answer: A

NEW QUESTION 10
Charles requests a Website while using a computer not in the net_singapore network.
What is TRUE about his location restriction? Exhibit:

• A. Source setting in Source column always takes precedence.
• B. Source setting in User Properties always takes precedence.
• C. As location restrictions add up, he would be allowed from net_singapore and net_sydney.
• D. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.

Answer: D

NEW QUESTION 11
When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

• A. SIC Certificates
• B. Licenses
• C. Route tables
• D. Global properties

Answer: C

NEW QUESTION 12
Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration?

• A. This cannot be done without downtime as a VPN between a traditional mode Gateway and a simplified mode Gateway does not work.
• B. This can not be done as it requires a SIC- reset on the Gateways first forcing an outage.
• C. You first need to completely rewrite all policies in simplified mode and then push this new policy to all Gateways at the same time.
• D. Convert the required Gateway policies using the simplified VPN wizard, check their logic and then migrate Gateway per Gateway.

Answer: D

NEW QUESTION 13
What happens if the identity of a user is known?

• A. If the user credentials do not match an Access Role, the system displays the Captive Portal.
• B. If the user credentials do not match an Access Role, the system displays a sandbox.
• C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
• D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.

Answer: D

NEW QUESTION 14
Which of the following actions do NOT take place in IKE Phase 1?

• A. Peers agree on encryption method.
• B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.
• C. Peers agree on integrity method.
• D. Each side generates a session key from its private key and the peer’s public key.

Answer: B

NEW QUESTION 15
In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port .

• A. 259
• B. 900
• C. 256
• D. 257

Answer: D

NEW QUESTION 16
Which rules are not applied on a first-match basis?

• A. User Authentication
• B. Client Authentication
• C. Session Authentication
• D. Cleanup

Answer: A

NEW QUESTION 17
Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism, when logging in to a remote server with Telnet?

• A. Manual Sign On
• B. Agent Automatic Sign On
• C. Partially Automatic Sign On
• D. Standard Sign On

Answer: C