156-215.77 | Refined 156-215.77 Dumps 2021

NEW QUESTION 1
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?

• A. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
• B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
• C. Use automatic Static NAT for network 10.1.1.0/24.
• D. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.

Answer: A

NEW QUESTION 2
What action CANNOT be run from SmartUpdate R77?

• A. Fetch sync status
• B. Reboot Gateway
• C. Preinstall verifier
• D. Get all Gateway Data

Answer: A

NEW QUESTION 3
Which of the following options is available with the GAiA cpconfig utility on a Management Server?

• A. Export setup
• B. DHCP Server configuration
• C. GUI Clients
• D. Time & Date

Answer: C

NEW QUESTION 4
When configuring LDAP authentication, which of the following items should be configured for the Security Management Server?

• A. Login Distinguished Name and password
• B. Windows logon password
• C. Check Point Password
• D. WMI object

Answer: A

NEW QUESTION 5
Which answer below best describes the Administrator Auditing options available in SmartView Tracker?

• A. Compliance information compiled from network activity is recorded in logs
• B. Administrator network activity observed and logged by gateways
• C. Accounting information gathered on network activity as recorded in logs
• D. Administrator login and logout, object manipulation, and rule base changes

Answer: D

NEW QUESTION 6
Where can you find the Check Point’s SNMP MIB file?

• A. $CPDIR/lib/snmp/chkpt.mib
• B. $FWDIR/conf/snmp.mib
• C. It is obtained only by request from the TAC.
• D. There is no specific MIB file for Check Point products.

Answer: A

NEW QUESTION 7
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?

• A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
• B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
• C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
• D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ’s interface.

Answer: B

NEW QUESTION 8
ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

• A. Export setup
• B. DHCP Server configuration
• C. Time & Date
• D. GUI Clients

Answer: D

NEW QUESTION 9
Which of the following statements is TRUE about management plug-ins?

• A. A management plug-in interacts with a Security Management Server to provide new features and support for new products.
• B. Installing a management plug-in is just like an upgrade process.
• C. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
• D. The plug-in is a package installed on the Security Gateway.

Answer: A

NEW QUESTION 10
Lily has completed the initial setup of her Management Server with an IP address of 192.168.12.12. She must now run the First Time Configuration Wizard via the Gaia Portal to finish the setup. Lily knows she must use a browser to access the device, but it unsure of the correct URL to enter; which one below will she need to use?

• A. http://192.168.12.12
• B. https://192.168.12.12:4433
• C. https://192.168.12.12
• D. http://192.168.12.12:8080

Answer: C

NEW QUESTION 11
Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed.
Can the administrator use a restore to fix the errors in static routing?

• A. The restore is not possible because the backup file does not have the same buildnumber (version).
• B. The restore is done by selecting Snapshot Management from the boot menu of GAiA.
• C. The restore can be done easily by the command restore and copying netconf.C from the production environment.
• D. A backup cannot be restored, because the binary files are missing.

Answer: C

NEW QUESTION 12
Which of the following statements accurately describes the command snapshot?

• A. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.
• B. snapshot creates a Security Management Server full system-level backup on any OS.
• C. snapshot stores only the system-configuration settings on the Gateway.
• D. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.

Answer: A

NEW QUESTION 13
You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:
Unknown established connection
How do you resolve this problem without causing other security issues? Choose the BEST answer.

• A. Increase the service-based session timeout of the default Telnet service to 24-hours.
• B. Ask the mainframe users to reconnect every time this error occurs.
• C. Increase the TCP session timeout under Global Properties > Stateful Inspection.
• D. Create a new TCP service object on port 23 called Telnet-mainfram
• E. Define a service- based session timeout of 24-hour
• F. Use this new object only in the rule that allows the Telnet connections to the mainframe.

Answer: D

NEW QUESTION 14
You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?

• A. database revision
• B. snapshot
• C. upgrade_export
• D. backup

Answer: D

NEW QUESTION 15
An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key and the IP
address of the Security Gateway. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?

• A. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway applianc
• B. Resolve by running the command fw unloadlocal on the local Security Gateway.
• C. You first need to run the command fw unloadlocal on the R77 Security Gateway appliance in order to remove the restrictive default policy.
• D. You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway’s topology.
• E. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Serve
• F. You must initialize SIC on the Security Management Server.

Answer: C

NEW QUESTION 16
Which of the following objects is a valid source in an authentication rule?

• A. Host@Any
• B. User@Network
• C. User_group@Network
• D. User@Any

Answer: C

NEW QUESTION 17
Katie has been asked to setup a rule to allow the new webserver in the DMZ to be accessible from the internet on port 443. The IP address of the Web Server, Apothos, is 192.168.126.3 and the external address should be 10.4.2.3. This needs to be the only server associated with this External IP address.
Which answer below will accomplish the steps needed to complete this task?

• A. Katie will create a host node object with an IP address of 10.4.2.3 and will configure a static NAT of 192.168.126.3. She will add a new rule in the DMZ section of the policy for the Apothos serve
• B. The rule will have an “Any Source, Destination of Apothos Host Object andservice of HTTPS”.
• C. Katie will create a host node object with an IP address of 192.168.126.3 and will configure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos serve
• D. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.
• E. Katie will create a Network object with an IP address of 192.168.126.3 and will configure a Hide NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos serve
• F. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.
• G. Katie will create a host node object with an IP address of 192.168.126.3 and willconfigure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos serve
• H. The rule will have an “Apothos Host Object Source, Destination of Any andservice of HTTPS”.

Answer: A