High Value Check-Point 156-215.77 Questions Online

NEW QUESTION 1
Which of the following statements accurately describes the command upgrade_export?

• A. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
• B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.
• C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
• D. This command is no longer supported in GAiA.

Answer: B

NEW QUESTION 2
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway’s side with the command cpconfig and put in the same activation key in the Gateway’s object on the Security Management Server. Unfortunately, SIC can not be established. What is a possible reason for the problem?

• A. The installed policy blocks the communication.
• B. The old Gateway object should have been deleted and recreated.
• C. Joe forgot to exit from cpconfig.
• D. Joe forgot to reboot the Gateway.

Answer: C

NEW QUESTION 3
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

• A. Dynamic Source Address Translation
• B. Hide Address Translation
• C. Port Address Translation
• D. Static Destination Address Translation

Answer: D

NEW QUESTION 4
NAT can NOT be configured on which of the following objects?

• A. HTTP Logical Server
• B. Gateway
• C. Address Range
• D. Host

Answer: A

NEW QUESTION 5
Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.
Exhibit:

• A. This is an example of Hide NAT.
• B. There is not enough information provided in the Wireshark capture to determine the NAT settings.
• C. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
• D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Answer: D

NEW QUESTION 6
Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

• A. Users being authenticated by Client Authentication have to re-authenticate.
• B. All connections are reset, so a policy install is recommended during announced downtime only.
• C. All FTP downloads are reset; users have to start their downloads again.
• D. Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.

Answer: A

NEW QUESTION 7
Access Role objects define users, machines, and network locations as:

• A. Credentialed objects
• B. Linked objects
• C. One object
• D. Separate objects

Answer: C

NEW QUESTION 8
_____ is an R77 component that displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time.

• A. SmartEvent
• B. SmartView Status
• C. SmartUpdate
• D. SmartView Monitor

Answer: D

NEW QUESTION 9
Which of the following is NOT true for Clientless VPN?

• A. The Gateway can enforce the use of strong encryption.
• B. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN.
• C. Secure communication is provided between clients and servers that support HTTP.
• D. User Authentication is supported.

Answer: C

NEW QUESTION 10
What is the Manual Client Authentication TELNET port?

• A. 23
• B. 264
• C. 900
• D. 259

Answer: D

NEW QUESTION 11
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

• A. No extra configuration is needed.
• B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
• C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
• D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Answer: D

NEW QUESTION 12
What is the primary benefit of using the command upgrade_export over either backup or snapshot?

• A. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
• B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
• C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
• D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.

Answer: A

NEW QUESTION 13
Where do you verify that UserDirectory is enabled?

• A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
• B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
• C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > UseUserDirectory (LDAP) for Security Gateways is checked
• D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

Answer: D

NEW QUESTION 14
How do you use SmartView Monitor to compile traffic statistics for your company’s Internet Web activity during production hours?

• A. Select Tunnels view, and generate a report on the statistics.
• B. Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway.
• C. Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day.
• D. View total packets passed through the Security Gateway.

Answer: C

NEW QUESTION 15
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

• A. Create a new logical-server object to represent your partner’s CA.
• B. Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).
• C. Manually import your partner’s Certificate Revocation List.
• D. Manually import your partner’s Access Control List.

Answer: B

NEW QUESTION 16
Which of the following is NOT defined by an Access Role object?

• A. Source Network
• B. Source Machine
• C. Source User
• D. Source Server

Answer: D

NEW QUESTION 17
How are locally cached usernames and passwords cleared from the memory of a R77 Security Gateway?

• A. By using the Clear User Cache button in SmartDashboard.
• B. Usernames and passwords only clear from memory after they time out.
• C. By retrieving LDAP user information using the command fw fetchldap.
• D. By installing a Security Policy.

Answer: D

NEW QUESTION 18
Which command allows you to view the contents of an R77 table?

• A. fw tab -a <tablename>
• B. fw tab -t <tablename>
• C. fw tab -s <tablename>
• D. fw tab -x <tablename>

Answer: B

NEW QUESTION 19
When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

• A. SIC Certificates
• B. Licenses
• C. Route tables
• D. Global properties

Answer: C

NEW QUESTION 20
......