156-915.77 | Top Tips Of Most Recent 156-915.77 Sample Question

Master the 156-915.77 Check Point Certified Security Expert Update Blade content and be ready for exam day success quickly with this Examcollection 156-915.77 latest exam. We guarantee it!We make it a reality and give you real 156-915.77 questions in our CheckPoint 156-915.77 braindumps.Latest 100% VALID CheckPoint 156-915.77 Exam Questions Dumps at below page. You can use our CheckPoint 156-915.77 braindumps and pass your exam.

Online 156-915.77 free questions and answers of New Version:

NEW QUESTION 1

ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

  • A. Export setup
  • B. DHCP Server configuration
  • C. Time & Date
  • D. GUI Clients

Answer: D

NEW QUESTION 2

How could you compare the Fingerprint shown to the Fingerprint on the server? Exhibit:
156-915.77 dumps exhibit

  • A. Run cpconfig, select the Certificate's Fingerprint option and view the fingerprint
  • B. Run cpconfig, select the GUI Clients option and view the fingerprint
  • C. Run cpconfig, select the Certificate Authority option and view the fingerprint
  • D. Run sysconfig, select the Server Fingerprint option and view the fingerprint

Answer: A

NEW QUESTION 3
CORRECT TEXT
Fill in the blank. The command that typically generates the firewall application, operating system, and hardware specific drivers is .


Solution:
snapshot

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 4

The connection to the ClusterXL member ‘A’ breaks. The ClusterXL member ‘A’ status is now ‘down’. Afterwards the switch admin set a port to ClusterXL member ‘B’ to ‘down’. What will happen?

  • A. ClusterXL member ‘B’ also left the cluster.
  • B. ClusterXL member ‘B’ stays active as last member.
  • C. Both ClusterXL members share load equally.
  • D. ClusterXL member ‘A’ is asked to come back to cluster.

Answer: B

NEW QUESTION 5

Select the command set best used to verify proper failover function of a new ClusterXL configuration.

  • A. reboot
  • B. cphaprob -d failDevice -s problem -t 0 register / cphaprob -d failDevice unregister
  • C. clusterXL_admin down / clusterXL_admin up
  • D. cpstop/cpstart

Answer: C

NEW QUESTION 6

Which file defines the fields for each object used in the file objects.C (color, num/string, default value…)?

  • A. $FWDIR/conf/classes.C
  • B. $FWDIR/conf/scheam.C
  • C. $FWDIR/conf/fields.C
  • D. $FWDIR/conf/table.C

Answer: A

NEW QUESTION 7

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

  • A. Check Point Password
  • B. TACACS
  • C. LDAP
  • D. Windows password

Answer: C

NEW QUESTION 8

Which three of the following are ClusterXL member requirements?
1) same operating systems
2) same Check Point version
3) same appliance model
4) same policy

  • A. 1, 3, and 4
  • B. 1, 2, and 4
  • C. 2, 3, and 4
  • D. 1, 2, and 3

Answer: B

NEW QUESTION 9

Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?

  • A. The restore is not possible because the backup file does not have the same build number (version).
  • B. The restore is done by selecting Snapshot Management from the boot menu of GAiA.
  • C. The restore can be done easily by the command restore and copying netconf.C from the production environment.
  • D. A backup cannot be restored, because the binary files are missing.

Answer: C

NEW QUESTION 10

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original ||
Translated Destination: web_private_IP || Service: Original
“web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason?

  • A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
  • B. There is no ARP table entry for the protected Web server’s public IP address.
  • C. There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address.
  • D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Answer: D

NEW QUESTION 11

You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window.
156-915.77 dumps exhibit
What must you enable to see the Directional Match?

  • A. directional_match(true) in the objects_5_0.C file on Security Management Server
  • B. VPN Directional Match on the Gateway object’s VPN tab
  • C. VPN Directional Match on the VPN advanced window, in Global Properties
  • D. Advanced Routing on each Security Gateway

Answer: C

NEW QUESTION 12

The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?

  • A. Type fwm unlock_admin from the Security Management Server command line.
  • B. Type fwm unlock_admin -u from the Security Gateway command line.
  • C. Type fwm lock_admin -u <account name> from the Security Management Server command line.
  • D. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.

Answer: C

NEW QUESTION 13

You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
- Allow bi-directional NAT
- Translate destination on client side
Do the above settings limit the partner’s access?

  • A. Ye
  • B. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.
  • C. N
  • D. The first setting is not applicabl
  • E. The second setting will reduce performance.
  • F. Ye
  • G. Both of these settings are only applicable to automatic NAT rules.
  • H. N
  • I. The first setting is only applicable to automatic NAT rule
  • J. The second setting will force translation by the kernel on the interface nearest to the client.

Answer: D

NEW QUESTION 14
Update the topology in the cluster object for the cluster and both members.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 15
Re-enable "Cluster membership" on the Gateway.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 16

How could you compare the Fingerprint shown to the Fingerprint on the server? Run cpconfig and select:
Exhibit:
156-915.77 dumps exhibit

  • A. the Certificate Authority option and view the fingerprint.
  • B. the GUI Clients option and view the fingerprint.
  • C. the Certificate's Fingerprint option and view the fingerprint.
  • D. the Server Fingerprint option and view the fingerprint.

Answer: C

NEW QUESTION 17

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

  • A. Dynamic Source Address Translation
  • B. Hide Address Translation
  • C. Port Address Translation
  • D. Static Destination Address Translation

Answer: D

NEW QUESTION 18

When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

  • A. SIC Certificates
  • B. Licenses
  • C. Route tables
  • D. Global properties

Answer: C

NEW QUESTION 19

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

  • A. No extra configuration is needed.
  • B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
  • C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
  • D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Answer: D

NEW QUESTION 20

You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean?

  • A. The cluster link is down.
  • B. The physical interface is administratively set to DOWN.
  • C. The physical interface is down.
  • D. CCP pakets couldn't be sent to or didn't arrive from neighbor member.

Answer: D

NEW QUESTION 21
......

Thanks for reading the newest 156-915.77 exam dumps! We recommend you to try the PREMIUM Dumps-hub.com 156-915.77 dumps in VCE and PDF here: https://www.dumps-hub.com/156-915.77-dumps.html (203 Q&As Dumps)