Our pass rate is high to 98.9% and the similarity percentage between our 156 215.77 pdf study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Check Point checkpoint 156 215.77 exam in just one try? I am currently studying for the Check Point exam 156 215.77 exam. Latest Check Point 156 215.77 pdf Test exam practice questions and answers, Try Check Point checkpoint 156 215.77 Brain Dumps First.
2017 NEW RECOMMEND
Free VCE & PDF File for Check Point 156-215.77 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q71. – (Topic 1)
When you use the Global Properties' default settings on R77, which type of traffic will be dropped if NO explicit rule allows the traffic?
A. Firewall logging and ICA key-exchange information
B. RIP traffic
C. Outgoing traffic originating from the Security Gateway
D. SmartUpdate connections
Q72. – (Topic 1)
Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
A. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logs and Masters window, to schedule a logswitch.
B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object's Logs and Masters window, enable Schedule log switch, and select the Time object.
C. On a SecurePlatform Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
D. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
Q73. – (Topic 3)
Charles requests a Website while using a computer not in the net_singapore network.
What is TRUE about his location restriction?
A. As location restrictions add up, he would be allowed from net_singapore and net_sydney.
B. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.
C. Source setting in User Properties always takes precedence.
D. Source setting in Source column always takes precedence.
Q74. – (Topic 1)
Which command enables IP forwarding on IPSO?
A. echo 1 > /proc/sys/net/ipv4/ip_forward
B. ipsofwd on admin
C. echo 0 > /proc/sys/net/ipv4/ip_forward
D. clish -c set routing active enable
Q75. – (Topic 3)
Which of the following are authentication methods that Security Gateway R77 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.
A. User, Client, Session
B. Proxied, User, Dynamic, Session
C. Connection, User, Client
D. User, Proxied, Session
Q76. – (Topic 3)
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?
A. John should install the Identity Awareness Agent
B. Investigate this as a network connectivity issue
C. After enabling Identity Awareness, reboot the gateway
D. He should lock and unlock the computer
Q77. – (Topic 3)
Which of the following is NOT true for Clientless VPN?
A. User Authentication is supported.
B. Secure communication is provided between clients and servers that support HTTP.
C. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN.
D. The Gateway can enforce the use of strong encryption.
Q78. – (Topic 3)
When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?
A. (6) Delete all IPsec SAs for a given User (Client)
B. (7) Delete all IPsec+IKE SAs for a given peer (GW)
C. (8) Delete all IPsec+IKE SAs for a given User (Client)
D. (5) Delete all IPsec SAs for a given peer (GW)
Q79. – (Topic 3)
The customer has a small Check Point installation, which includes one GAiA server working as the SmartConsole, and a second server running Windows 2008 as both Security Management Server and Security Gateway. This is an example of a(n):
A. Distributed Installation
B. Hybrid Installation
C. Unsupported configuration
D. Stand-Alone Installation
Q80. – (Topic 3)
When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?
A. Leveraging identity in the application control blade
B. Identity-based enforcement for non-AD users (non-Windows and guest users)
C. Identity-based auditing and logging
D. Basic identity enforcement in the internal network