Up To Date 156-915.77 Actual Exam For Check Point Certified Security Expert Update Blade Certification

Want to know Pass4sure 156-915.77 Exam practice test features? Want to lear more about CheckPoint Check Point Certified Security Expert Update Blade certification experience? Study Practical CheckPoint 156-915.77 answers to Most recent 156-915.77 questions at Pass4sure. Gat a success with an absolute guarantee to pass CheckPoint 156-915.77 (Check Point Certified Security Expert Update Blade) test on your first attempt.

Check 156-915.77 free dumps before getting the full version:

NEW QUESTION 1

You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.

  • A. /etc/sysconfig/netconf.C
  • B. /etc/conf/route.C
  • C. /etc/sysconfig/network-scripts/ifcfg-ethx
  • D. /etc/sysconfig/network

Answer: A

NEW QUESTION 2
CORRECT TEXT
Fill in the blank.
156-915.77 dumps exhibit
In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108. Review the exhibit and type the IP address of the member serving as the pivot machine in the space below.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 3

Where do you verify that UserDirectory is enabled?

  • A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
  • B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
  • C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
  • D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

Answer: D

NEW QUESTION 4

Which of the following CLISH commands would you use to set the admin user's shell to bash?

  • A. set user admin shell bash
  • B. set user admin shell /bin/bash
  • C. set user admin shell = /bin/bash
  • D. set user admin /bin/bash

Answer: B

NEW QUESTION 5

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

  • A. Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).
  • B. Create a new logical-server object to represent your partner’s CA.
  • C. Manually import your partner’s Access Control List.
  • D. Manually import your partner’s Certificate Revocation List.

Answer: A

NEW QUESTION 6

Study the Rule base and Client Authentication Action properties screen -
156-915.77 dumps exhibit
After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:

  • A. user is prompted for authentication by the Security Gateway again.
  • B. FTP data connection is dropped after the user is authenticated successfully.
  • C. user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication.
  • D. FTP connection is dropped by Rule 2.

Answer: C

NEW QUESTION 7

In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:

  • A. It is not necessary to add a static route to the Gateway’s routing table.
  • B. It is necessary to add a static route to the Gateway’s routing table.
  • C. The Security Gateway’s ARP file must be modified.
  • D. VLAN tagging cannot be defined for any hosts protected by the Gateway.

Answer: A

NEW QUESTION 8

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?

  • A. Login Distinguished Name and password
  • B. Windows logon password
  • C. Check Point Password
  • D. WMI object

Answer: A

NEW QUESTION 9
Install the Security Policy.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 10
CORRECT TEXT
Fill in the blanks. To view the number of concurrent connections going through your
firewall, you would use the command and syntax_______


Solution:
fw tab –t connections –s

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 11

Which command will erase all CRL’s?

  • A. vpn crladmin
  • B. cpstop/cpstart
  • C. vpn crl_zap
  • D. vpn flush

Answer: C

NEW QUESTION 12

You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?

  • A. Domain VPN takes precedence over the route-based VT
  • B. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
  • C. Domain VPN takes precedence over the route-based VT
  • D. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain
  • E. Route-based VTI takes precedence over the Domain VP
  • F. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
  • G. Route-based VTI takes precedence over the Domain VP
  • H. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.

Answer: B

NEW QUESTION 13
CORRECT TEXT
Fill in the blank. To verify SecureXL statistics, you would use the command .


Solution:
fwaccel stats

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 14

If you need strong protection for the encryption of user data, what option would be the BEST choice?

  • A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mod
  • B. Choose SHA in Quick Mode and encrypt with AE
  • C. Use AH protoco
  • D. Switch to Aggressive Mode.
  • E. When you need strong encryption, IPsec is not the best choic
  • F. SSL VPN’s are a better choice.
  • G. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
  • H. Disable Diffie-Hellman by using stronger certificate based key-derivatio
  • I. Use AES-256 bit on all encrypted channels and add PFS to QuickMod
  • J. Use double encryption by implementing AH and ESP as protocols.

Answer: C

NEW QUESTION 15

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able
to connect to the HR Web server. What is the next BEST troubleshooting step?

  • A. Investigate this as a network connectivity issue
  • B. Install the Identity Awareness Agent
  • C. Set static IP to DHCP
  • D. After enabling Identity Awareness, reboot the gateway

Answer: C

NEW QUESTION 16

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.
To make this scenario work, the IT administrator must:
1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network
destinations. Select accept as the Action.
Ms. McHanry tries to access the resource but is unable. What should she do?

  • A. Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal”
  • B. Have the security administrator reboot the firewall
  • C. Have the security administrator select Any for the Machines tab in the appropriate Access Role
  • D. Install the Identity Awareness agent on her iPad

Answer: A

NEW QUESTION 17

MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R77 installation. You must propose a plan that meets the following required and desired objectives:
Required: Security Policy repository must be backed up no less frequently than every 24 hours.
Desired: Back up R77 components enforcing the Security Policies at least once a week. Desired: Back up R77 logs at least once a week.
You develop a disaster recovery plan proposing the following:
* Use the utility cron to run the command upgrade_export each night on the Security Management Servers.
* Configure the organization's routine backup software to back up files created by the command upgrade_export.
* Configure GAiA back up utility to back up Security Gateways every Saturday night.
* Use the utility cron to run the command upgrade_export each Saturday night on the log servers.
* Configure an automatic, nightly logswitch.
* Configure the organization's routine back up software to back up the switched logs every night.
The corporate IT change review committee decides your plan:

  • A. meets the required objective and only one desired objective.
  • B. meets the required objective and both desired objectives.
  • C. meets the rquired objective but does not meet either deisred objective.
  • D. does not meet the required objective.

Answer: B

NEW QUESTION 18
......

Recommend!! Get the Full 156-915.77 dumps in VCE and PDF From Thedumpscentre.com, Welcome to Download: https://www.thedumpscentre.com/156-915.77-dumps/ (New 203 Q&As Version)