New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Note! Checkpoint has retired the 156-915.77 Exam Contact us through Live Chat or email us for more information.

156-915.77 Check Point Certified Security Expert Update Questions and Answers

Questions 4

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?

Options:

A.

Login Distinguished Name and password

B.

Windows logon password

C.

Check Point Password

D.

WMI object

Buy Now
Questions 5

You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.

Options:

A.

No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.

B.

Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).

C.

Yes, there are always as many active NAT rules as there are connections.

D.

Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

Buy Now
Questions 6

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.

What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

Options:

A.

Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.

B.

Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

C.

Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

D.

Place a static host route on the firewall for the valid IP address to the internal Web server.

Buy Now
Questions 7

Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?

Options:

A.

The configuration file $FWDIR/conf/fwauthd.conf is incorrect.

B.

The Security Policy is not correct.

C.

You can't use any port other than the standard port 900 for Client Authentication via HTTP.

D.

The service FW_clntauth_http configuration is incorrect.

Buy Now
Questions 8

Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:

Options:

A.

Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.

B.

IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.

C.

Refreshable Timeout setting, in Client Authentication Action Properties > Limits.

D.

Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.

Buy Now
Questions 9

Which of the following is NOT defined by an Access Role object?

Options:

A.

Source Network

B.

Source Machine

C.

Source User

D.

Source Server

Buy Now
Questions 10

Access Role objects define users, machines, and network locations as:

Options:

A.

Credentialed objects

B.

Linked objects

C.

One object

D.

Separate objects

Buy Now
Questions 11

You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean?

Options:

A.

The cluster link is down.

B.

The physical interface is administratively set to DOWN.

C.

The physical interface is down.

D.

CCP pakets couldn't be sent to or didn't arrive from neighbor member.

Buy Now
Questions 12

Which command will only show the number of entries in the connection table?

Options:

A.

fw tab -t connections -s

B.

fw tab -t connections -u

C.

fw tab -t connections

D.

fw tab

Buy Now
Questions 13

When migrating the SmartEvent data base from one server to another, the last step is to save the files on the new server. Which of the following commands should you run to save the SmartEvent data base files on the new server?

Options:

A.

cp

B.

restore

C.

migrate import

D.

eva_db_restore

Buy Now
Questions 14

Where can you find the Check Point’s SNMP MIB file?

Options:

A.

$CPDIR/lib/snmp/chkpt.mib

B.

$FWDIR/conf/snmp.mib

C.

It is obtained only by request from the TAC.

D.

There is no specific MIB file for Check Point products.

Buy Now
Questions 15

You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other. How would you accomplish this?

Options:

A.

Define the two port-scan detections as an exception.

B.

You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.

C.

Select the two port-scan detections as a sub-event.

D.

Select the two port-scan detections as a new event.

Buy Now
Questions 16

When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

Options:

A.

SIC Certificates

B.

Licenses

C.

Route tables

D.

Global properties

Buy Now
Questions 17

Fill in the blank. To enter the router shell, use command __________ .

Options:

Buy Now
Questions 18

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

Options:

A.

Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).

B.

Create a new logical-server object to represent your partner’s CA.

C.

Manually import your partner’s Access Control List.

D.

Manually import your partner’s Certificate Revocation List.

Buy Now
Questions 19

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

Options:

A.

Are used for securing internal network communications between the SmartDashboard and the Security Management Server.

B.

For R75 Security Gateways are created during the Security Management Server installation.

C.

Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.

D.

Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.

Buy Now
Questions 20

Which of the following options is available with the GAiA cpconfig utility on a Management Server?

Options:

A.

Export setup

B.

DHCP Server configuration

C.

GUI Clients

D.

Time & Date

Buy Now
Questions 21

Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.

An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?

Options:

A.

The restore is not possible because the backup file does not have the same build number (version).

B.

The restore is done by selecting Snapshot Management from the boot menu of GAiA.

C.

The restore can be done easily by the command restore and copying netconf.C from the production environment.

D.

A backup cannot be restored, because the binary files are missing.

Buy Now
Questions 22

You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?

Options:

A.

database revision

B.

snapshot

C.

upgrade_export

D.

backup

Buy Now
Questions 23

Fill in the blank. To verify the SecureXL status, you would enter command _____________ .

Options:

Buy Now
Questions 24

Your expanding network currently includes ClusterXL running Multicast mode on two members, as shown in this topology:

Exhibit:

You need to add interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for these interfaces is 10.10.10.3/24. Both cluster gateways have a Quad card with an available eth3 interface. What is the correct procedure to add these interfaces?

Options:

A.

1. Disable "Cluster membership" from one Gateway via cpconfig.

2. Configure the new interface via sysconfig from the "non-member" Gateway.

3. Re-enable "Cluster membership" on the Gateway.

4. Perform the same steps on the other Gateway.

5. Update the topology in the cluster object.

6. Install the Security Policy.

B.

1. Configure the new interface on both members using WebUI.

2. Update the new topology in the cluster object from SmartDashboard.

3. Define virtual IP in the Dashboard

4. Install the Security Policy.

C.

1. Use WebUI to configure the new interfaces on both member.

2. Update the topology in the cluster object.

3. Reboot both gateways.

4. Install the Security Policy.

D.

1. Use the command ifconfig to configure and enable the new interface on both members.

2. Update the topology in the cluster object for the cluster and both members.

3. Install the Security Policy.

4. Reboot the gateway.

Buy Now
Questions 25

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

Options:

A.

John should install the Identity Awareness Agent

B.

The firewall admin should install the Security Policy

C.

John should lock and unlock the computer

D.

Investigate this as a network connectivity issue

Buy Now
Questions 26

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.

To make this scenario work, the IT administrator must:

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.

2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.

Ms. McHanry tries to access the resource but is unable. What should she do?

Options:

A.

Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal”

B.

Have the security administrator reboot the firewall

C.

Have the security administrator select Any for the Machines tab in the appropriate Access Role

D.

Install the Identity Awareness agent on her iPad

Buy Now
Questions 27

Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________.

Options:

A.

Identity Awareness Agent

B.

Full Endpoint Client

C.

ICA Certificate

D.

SecureClient

Buy Now
Questions 28

The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?

Options:

A.

When accuracy in detecting identity is crucial

B.

Leveraging identity for Data Center protection

C.

Protecting highly sensitive servers

D.

Identity based enforcement for non-AD users (non-Windows and guest users)

Buy Now
Questions 29

Review the rules.

Assume domain UDP is enabled in the impled rules.

What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

Options:

A.

can connect to the Internet successfully after being authenticated.

B.

is prompted three times before connecting to the Internet successfully.

C.

can go to the Internet after Telnetting to the client authentication daemon port 259.

D.

can go to the Internet, without being prompted for authentication.

Buy Now
Questions 30

You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

Options:

A.

You checked the cache password on desktop option in Global Properties.

B.

Another rule that accepts HTTP without authentication exists in the Rule Base.

C.

You have forgotten to place the User Authentication Rule before the Stealth Rule.

D.

Users must use the SecuRemote Client, to use the User Authentication Rule.

Buy Now
Exam Code: 156-915.77
Exam Name: Check Point Certified Security Expert Update
Last Update: Dec 22, 2024
Questions: 203