Avant-garde Check Point Certified Security Expert Update Blade 156-915.77 Training

NEW QUESTION 1

Which of the following is the preferred method for adding static routes in GAiA?

• A. In the CLI with the command “route add”
• B. In Web Portal, under Network Management > IPv4 Static Routes
• C. In the CLI via sysconfig
• D. In SmartDashboard under Gateway Properties > Topology

Answer: B

NEW QUESTION 2

Which command will erase all CRL’s?

• A. vpn crladmin
• B. cpstop/cpstart
• C. vpn crl_zap
• D. vpn flush

Answer: C

NEW QUESTION 3

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

• A. Check Point Password
• B. TACACS
• C. LDAP
• D. Windows password

Answer: C

NEW QUESTION 4
Update the topology in the cluster object.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

How can you check whether IP forwarding is enabled on an IP Security Appliance?

• A. clish -c show routing active enable
• B. cat /proc/sys/net/ipv4/ip_forward
• C. echo 1 > /proc/sys/net/ipv4/ip_forward
• D. ipsofwd list

Answer: D

NEW QUESTION 6

When migrating the SmartEvent data base from one server to another, the last step is to save the files on the new server. Which of the following commands should you run to save the SmartEvent data base files on the new server?

• A. cp
• B. restore
• C. migrate import
• D. eva_db_restore

Answer: D

NEW QUESTION 7

What gives administrators more flexibility when configuring Captive Portal instead of LDAP
query for Identity Awareness authentication?

• A. Captive Portal is more secure than standard LDAP
• B. Nothing, LDAP query is required when configuring Captive Portal
• C. Captive Portal works with both configured users and guests
• D. Captive Portal is more transparent to the user

Answer: C

NEW QUESTION 8

If Jack was concerned about the number of log entries he would receive in the SmartReporter system, which policy would he need to modify?

• A. Log Sequence Policy
• B. Report Policy
• C. Log Consolidator Policy
• D. Consolidation Policy

Answer: D

NEW QUESTION 9

Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:

Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

• A. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP addres
• B. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
• C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range objec
• D. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
• E. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT pag
• F. Enter 200.200.200.5 as the hiding IP addres
• G. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
• H. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group objec
• I. Create a manual NAT rule like the following: Original source - group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original.

Answer: B

NEW QUESTION 10

Which CLI tool helps on verifying proper ClusterXL sync?

• A. fw stat
• B. fw ctl sync
• C. fw ctl pstat
• D. cphaprob stat

Answer: C

NEW QUESTION 11
CORRECT TEXT
To stop acceleration on a GAiA Security Gateway, enter command:

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12
Define virtual IP in the Dashboard

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 13

You cannot use SmartDashboard’s User Directory features to connect to the LDAP server. What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.

• A. 1, 2, and 3
• B. 2 and 3
• C. 1 and 2
• D. 1 and 3

Answer: B

NEW QUESTION 14
Install the Security Policy.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15
CORRECT TEXT
In a zero downtime scenario, which command do you run manually after all cluster members are upgraded?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16

Which of the following statements accurately describes the command upgrade_export?

• A. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
• B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.
• C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
• D. This command is no longer supported in GAiA.

Answer: B

NEW QUESTION 17

What happens if the identity of a user is known?

• A. If the user credentials do not match an Access Role, the system displays the Captive Portal.
• B. If the user credentials do not match an Access Role, the system displays a sandbox.
• C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
• D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.

Answer: D

NEW QUESTION 18

If your firewall is performing a lot of IPS inspection and the CPUs assigned to fw_worker_thread are at or near 100%, which of the following could you do to improve performance?

• A. Add more RAM to the system.
• B. Add more Disk Drives.
• C. Assign more CPU cores to CoreXL
• D. Assign more CPU cores to SecureXL.

Answer: C

NEW QUESTION 19
Update the topology in the cluster object.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 20

Which of the following is NOT defined by an Access Role object?

• A. Source Network
• B. Source Machine
• C. Source User
• D. Source Server

Answer: D

NEW QUESTION 21
......