Check Point 156-215.77 Dumps 2021

NEW QUESTION 1
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?

• A. The Global Properties setting Translate destination on client side is unchecke
• B. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mas
• C. Check the Global Properties setting Translate destination on client side.
• D. The Global Properties setting Translate destination on client side is unchecke
• E. But the topology on the external interface is set to Others +. Change topology to External.
• F. The Global Properties setting Translate destination on client side is checke
• G. But the topology on the external interface is set to Externa
• H. Change topology to Others +.
• I. The Global Properties setting Translate destination on client side is checke
• J. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mas
• K. Uncheck the Global Properties setting Translate destination on client side.

Answer: A

NEW QUESTION 2
Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.
Exhibit:

• A. This is an example of Hide NAT.
• B. There is not enough information provided in the Wireshark capture to determine the NAT settings.
• C. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
• D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Answer: D

NEW QUESTION 3
How granular may an administrator filter an Access Role with identity awareness? Per:

• A. Specific ICA Certificate
• B. AD User
• C. Radius Group
• D. Windows Domain

Answer: B

NEW QUESTION 4
What command syntax would you use to see accounts the gateway suspects are service accounts?

• A. pdp check_log
• B. pdp show service
• C. adlog check_accounts
• D. adlog a service_accounts

Answer: D

NEW QUESTION 5
When you change an implicit rule’s order from Last to First in Global Properties, how do you make the change take effect?

• A. Run fw fetch from the Security Gateway.
• B. Select Install Database from the Policy menu.
• C. Select Save from the File menu.
• D. Reinstall the Security Policy.

Answer: D

NEW QUESTION 6
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep- alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.
Which of the following is the BEST explanation for this behavior?

• A. The setting Log does not capture this level of detail for GR
• B. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
• C. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrup
• D. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE session
• E. This is a known issue with GR
• F. Use IPSEC instead of the non- standard GRE protocol for encapsulation.
• G. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracke
• H. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
• I. The Log Server is failing to log GRE traffic properly because it is VPN traffi
• J. Disable all VPN configuration to the partner site to enable proper logging.

Answer: C

NEW QUESTION 7
While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker.
2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.

• A. 1, 2, 5, 4
• B. 3, 2, 5, 4
• C. 1, 5, 2, 4
• D. 3, 5, 2, 4

Answer: C

NEW QUESTION 8
What is the primary benefit of using the command upgrade_export over either backup or snapshot?

• A. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
• B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
• C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
• D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.

Answer: A

NEW QUESTION 9
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:

• A. It is not necessary to add a static route to the Gateway’s routing table.
• B. It is necessary to add a static route to the Gateway’s routing table.
• C. The Security Gateway’s ARP file must be modified.
• D. VLAN tagging cannot be defined for any hosts protected by the Gateway.

Answer: A

NEW QUESTION 10
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

• A. FTP
• B. SMTP
• C. HTTP
• D. RLOGIN

Answer: B

NEW QUESTION 11
Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?

• A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination por
• B. Then, export the corresponding entries to a separate log file for documentation.
• C. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocol
• D. Apply the alert action or customized messaging.
• E. Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.
• F. Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.

Answer: A

NEW QUESTION 12
You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in CLISH to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.

• A. ethtool
• B. set interface <options>
• C. mii_tool
• D. ifconfig -a

Answer: B

NEW QUESTION 13
Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:

• A. IP addresses.
• B. SIC is not NAT-tolerant.
• C. SIC names.
• D. MAC addresses.

Answer: C

NEW QUESTION 14
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

• A. No extra configuration is needed.
• B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
• C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
• D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Answer: D

NEW QUESTION 15
What is the officially accepted diagnostic tool for IP Appliance Support?

• A. ipsoinfo
• B. CST
• C. uag-diag
• D. cpinfo

Answer: D

NEW QUESTION 16
Which command enables IP forwarding on IPSO?

• A. ipsofwd on admin
• B. echo 0 > /proc/sys/net/ipv4/ip_forward
• C. clish -c set routing active enable
• D. echo 1 > /proc/sys/net/ipv4/ip_forward

Answer: A

NEW QUESTION 17
For remote user authentication, which authentication scheme is NOT supported?

• A. Check Point Password
• B. RADIUS
• C. TACACS
• D. SecurID

Answer: C