156-915.77 | A Review Of Practical 156-915.77 Free Demo

Proper study guides for Replace CheckPoint Check Point Certified Security Expert Update Blade certified begins with CheckPoint 156-915.77 preparation products which designed to deliver the Certified 156-915.77 questions by making you pass the 156-915.77 test at your first time. Try the free 156-915.77 demo right now.

Online CheckPoint 156-915.77 free dumps demo Below:

NEW QUESTION 1

To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

  • A. Source
  • B. Track
  • C. User
  • D. Action

Answer: A

NEW QUESTION 2

Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources’ servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?

  • A. A Rule Base is always installed on all possible target
  • B. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.
  • C. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.
  • D. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets.
  • E. A Rule Base can always be installed on any Check Point Firewall objec
  • F. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.

Answer: C

NEW QUESTION 3

Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the___.

  • A. Identity Awareness Agent
  • B. Full Endpoint Client
  • C. ICA Certificate
  • D. SecureClient

Answer: A

NEW QUESTION 4

Which Check Point tool allows you to open a debug file and see the VPN packet exchange details.

  • A. PacketDebug.exe
  • B. VPNDebugger.exe
  • C. IkeView.exe
  • D. IPSECDebug.exe

Answer: C

NEW QUESTION 5
Configure the new interface via sysconfig from the "non-member" Gateway.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 6

Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti- spoofing settings. What is causing this?

  • A. Manual NAT rules are not configured correctly.
  • B. Allow bi-directional NAT is not checked in Global Properties.
  • C. Routing is not configured correctly.
  • D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.

Answer: D

NEW QUESTION 7

If you need strong protection for the encryption of user data, what option would be the BEST choice?

  • A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mod
  • B. Choose SHA in Quick Mode and encrypt with AE
  • C. Use AH protoco
  • D. Switch to Aggressive Mode.
  • E. When you need strong encryption, IPsec is not the best choic
  • F. SSL VPN’s are a better choice.
  • G. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
  • H. Disable Diffie-Hellman by using stronger certificate based key-derivatio
  • I. Use AES-256 bit on all encrypted channels and add PFS to QuickMod
  • J. Use double encryption by implementing AH and ESP as protocols.

Answer: C

NEW QUESTION 8

Access Role objects define users, machines, and network locations as:

  • A. Credentialed objects
  • B. Linked objects
  • C. One object
  • D. Separate objects

Answer: C

NEW QUESTION 9

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

  • A. Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).
  • B. Create a new logical-server object to represent your partner’s CA.
  • C. Manually import your partner’s Access Control List.
  • D. Manually import your partner’s Certificate Revocation List.

Answer: A

NEW QUESTION 10

You have a diskless appliance platform. How do you keep swap file wear to a minimum?

  • A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
  • B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
  • C. Use PRAM flash devices, eliminating the longevity.
  • D. A RAM drive reduces the swap file thrashing which causes fast wear on the device.

Answer: D

NEW QUESTION 11

You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?

  • A. No action is needed because cpshell has a timeout of one hour by default.
  • B. Log in as the default user expert and start cpinfo.
  • C. Log in as admin, switch to expert mode, set the timeout to one hour with the command,idle 60, then start cpinfo.
  • D. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.

Answer: D

NEW QUESTION 12

Your primary Security Gateway runs on GAiA. What is the easiest way to back up your
Security Gateway R77 configuration, including routing and network configuration files?

  • A. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
  • B. Using the native GAiA backup utility from command line or in the Web based user interface.
  • C. Using the command upgrade_export.
  • D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.

Answer: B

NEW QUESTION 13
CORRECT TEXT
156-915.77 dumps exhibitFill in the blank. To verify that a VPN Tunnel is properly established, use the command


Solution:
vpn tunnelutil

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 14

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

  • A. Automatic ARP must be unchecked in the Global Properties.
  • B. Nothing else must be configured.
  • C. A static route must be added on the Security Gateway to the internal host.
  • D. A static route for the NAT IP must be added to the Gateway’s upstream router.

Answer: C

NEW QUESTION 15

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.
156-915.77 dumps exhibit
What is TRUE about the new package’s NAT rules?

  • A. Rules 1, 2, 3 will appear in the new package.
  • B. Only rule 1 will appear in the new package.
  • C. NAT rules will be empty in the new package.
  • D. Rules 4 and 5 will appear in the new package.

Answer: A

NEW QUESTION 16
CORRECT TEXT
Fill in the blank. You can set Acceleration to ON or OFF using command syntax ____ .


Solution:
fwaccel off/on

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 17
Update the new topology in the cluster object from SmartDashboard.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 18
CORRECT TEXT
Fill in the blank.
156-915.77 dumps exhibit
In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108. Review the exhibit and type the IP address of the member serving as the pivot machine in the space below.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 19

What type of traffic can be re-directed to the Captive Portal?

  • A. SMTP
  • B. HTTP
  • C. All of the above
  • D. FTP

Answer: B

NEW QUESTION 20

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?

  • A. Check Point Password
  • B. WMI object
  • C. Domain Admin username
  • D. Windows logon password

Answer: A

NEW QUESTION 21
......

Recommend!! Get the Full 156-915.77 dumps in VCE and PDF From Dumps-files.com, Welcome to Download: https://www.dumps-files.com/files/156-915.77/ (New 203 Q&As Version)