The Updated Guide To 156-915.77 Exams
It is impossible to pass CheckPoint 156-915.77 exam without any help in the short term. Come to Actualtests soon and find the most advanced, correct and guaranteed CheckPoint 156-915.77 practice questions. You will get a surprising result by our Far out Check Point Certified Security Expert Update Blade practice guides.
Free 156-915.77 Demo Online For CheckPoint Certifitcation:
NEW QUESTION 1
What command with appropriate switches would you use to test Identity Awareness connectivity?
- A. test_ldap
- B. test_ad_connectivity
- C. test_ldap_connectivity
- D. test_ad
NEW QUESTION 2
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti- spoofing settings. What is causing this?
- A. Manual NAT rules are not configured correctly.
- B. Allow bi-directional NAT is not checked in Global Properties.
- C. Routing is not configured correctly.
- D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.
NEW QUESTION 3
Where does the security administrator activate Identity Awareness within SmartDashboard?
- A. Gateway Object > General Properties
- B. Security Management Server > Identity Awareness
- C. Policy > Global Properties > Identity Awareness
- D. LDAP Server Object > General Properties
NEW QUESTION 4
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.
- A. You checked the cache password on desktop option in Global Properties.
- B. Another rule that accepts HTTP without authentication exists in the Rule Base.
- C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
- D. Users must use the SecuRemote Client, to use the User Authentication Rule.
NEW QUESTION 5
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?
- A. The Global Properties setting Translate destination on client side is unchecke
- B. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mas
- C. Check the Global Properties setting Translate destination on client side.
- D. The Global Properties setting Translate destination on client side is unchecke
- E. But the topology on the external interface is set to Others +. Change topology to External.
- F. The Global Properties setting Translate destination on client side is checke
- G. But the topology on the external interface is set to Externa
- H. Change topology to Others +.
- I. The Global Properties setting Translate destination on client side is checke
- J. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mas
- K. Uncheck the Global Properties setting Translate destination on client side.
NEW QUESTION 6
When a packet is flowing through the security gateway, which one of the following is a valid inspection path?
- A. Acceleration Path
- B. Small Path
- C. Firewall Path
- D. Medium Path
NEW QUESTION 7
Your primary Security Gateway runs on GAiA. What is the easiest way to back up your
Security Gateway R77 configuration, including routing and network configuration files?
- A. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
- B. Using the native GAiA backup utility from command line or in the Web based user interface.
- C. Using the command upgrade_export.
- D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.
NEW QUESTION 8
How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?
- A. Change the gateway settings to allow Captive Portal access via an external interface.
- B. No action is necessar
- C. This access is available by default.
- D. Change the Identity Awareness settings under Global Properties to allow Captive Portal access on all interfaces.
- E. Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an external interface.
NEW QUESTION 9
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
- A. Automatic ARP must be unchecked in the Global Properties.
- B. Nothing else must be configured.
- C. A static route must be added on the Security Gateway to the internal host.
- D. A static route for the NAT IP must be added to the Gateway’s upstream router.
NEW QUESTION 10
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
- A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
- B. Reinstall the Security Management Server and restore using upgrade_import.
- C. Type fwm lock_admin -ua from the Security Management Server command line.
- D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
NEW QUESTION 11
An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of .
- A. client side NAT
- B. source NAT
- C. destination NAT
- D. None of these
NEW QUESTION 12
Fill in the blank. The command that typically generates the firewall application, operating system, and hardware specific drivers is .
Does this meet the goal?
- A. Yes
- B. Not Mastered
NEW QUESTION 13
Install the Security Policy.
Does this meet the goal?
- A. Yes
- B. Not Mastered
NEW QUESTION 14
Which is the lowest Gateway version manageable by SmartCenter R77?
- A. R65
- B. S71
- C. R55
- D. R60A
NEW QUESTION 15
Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?
- A. cpstat fwd
- B. fw ver
- C. fw stat
- D. fw ctl pstat
NEW QUESTION 16
You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window.
What must you enable to see the Directional Match?
- A. directional_match(true) in the objects_5_0.C file on Security Management Server
- B. VPN Directional Match on the Gateway object’s VPN tab
- C. VPN Directional Match on the VPN advanced window, in Global Properties
- D. Advanced Routing on each Security Gateway
NEW QUESTION 17
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
- A. John should lock and unlock his computer
- B. Investigate this as a network connectivity issue
- C. The access should be changed to authenticate the user instead of the PC
- D. John should install the Identity Awareness Agent
NEW QUESTION 18
100% Valid and Newest Version 156-915.77 Questions & Answers shared by Surepassexam, Get Full Dumps HERE: https://www.surepassexam.com/156-915.77-exam-dumps.html (New 203 Q&As)