156-215.77 | A Review Of Realistic 156-215.77 Free Draindumps

NEW QUESTION 1
Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

• A. Users being authenticated by Client Authentication have to re-authenticate.
• B. All connections are reset, so a policy install is recommended during announced downtime only.
• C. All FTP downloads are reset; users have to start their downloads again.
• D. Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.

Answer: A

NEW QUESTION 2
Which command enables IP forwarding on IPSO?

• A. ipsofwd on admin
• B. echo 0 > /proc/sys/net/ipv4/ip_forward
• C. clish -c set routing active enable
• D. echo 1 > /proc/sys/net/ipv4/ip_forward

Answer: A

NEW QUESTION 3
What is the difference between Standard and Specific Sign On methods?

• A. Standard Sign On allows the user to be automatically authorized for all services that the rule allow
• B. Specific Sign On requires that the user re-authenticate for each service specifically defined in the window Specific Action Properties.
• C. Standard Sign On allows the user to be automatically authorized for all services that the rule allows, but re-authenticate for each host to which he is trying to connec
• D. Specific Sign On requires that the user re-authenticate for each service.
• E. Standard Sign On allows the user to be automatically authorized for all services that the rule allow
• F. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect.
• G. Standard Sign On requires the user to re-authenticate for each service and each host to which he is trying to connec
• H. Specific Sign On allows the user to sign on only to a specific IP address.

Answer: C

NEW QUESTION 4
What is the purpose of a Stealth Rule?

• A. To prevent users from connecting directly to the gateway.
• B. To permit management traffic.
• C. To drop all traffic to the management server that is not explicitly permitted.
• D. To permit implied rules.

Answer: A

NEW QUESTION 5
Choose the correct statement regarding Implied Rules:

• A. To edit Implied rules you go to: Launch Button > Policy > Global Properties > Firewall.
• B. Implied rules are fixed rules that you cannot change.
• C. You can directly edit the Implied rules by double-clicking on a specific Implicit rule.
• D. You can edit the Implied rules but only if requested by Check Point support personnel.

Answer: A

NEW QUESTION 6
Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?

• A. fw ctl get string active_secpol
• B. fw stat
• C. cpstat fw -f policy
• D. Check the Security Policy name of the appropriate Gateway in SmartView Monitor.

Answer: A

NEW QUESTION 7
Which of these Security Policy changes optimize Security Gateway performance?

• A. Using groups within groups in the manual NAT Rule Base.
• B. Use Automatic NAT rules instead of Manual NAT rules whenever possible.
• C. Using domain objects in rules when possible.
• D. Putting the least-used rule at the top of the Rule Base.

Answer: B

NEW QUESTION 8
Which of the following describes the default behavior of an R77 Security Gateway?

• A. Traffic not explicitly permitted is dropped.
• B. Traffic is filtered using controlled port scanning.
• C. All traffic is expressly permitted via explicit rules.
• D. IP protocol types listed as secure are allowed by default, i.
• E. ICMP, TCP, UDP sessions are inspected.

Answer: A

NEW QUESTION 9
Which type of R77 Security Server does not provide User Authentication?

• A. SMTP Security Server
• B. HTTP Security Server
• C. FTP Security Server
• D. HTTPS Security Server

Answer: A

NEW QUESTION 10
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

• A. Action
• B. Source
• C. User
• D. Track

Answer: B

NEW QUESTION 11
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the .

• A. destination on server side
• B. source on server side
• C. source on client side
• D. destination on client side

Answer: D

NEW QUESTION 12
You are troubleshooting NAT entries in SmartView Tracker. Which column do you check to view the new source IP?
Exhibit:

• A. XlateDPort
• B. XlateDst
• C. XlateSPort
• D. XlateSrc

Answer: D

NEW QUESTION 13
The fw monitor utility is used to troubleshoot which of the following problems?

• A. Phase two key negotiation
• B. Address translation
• C. Log Consolidation Engine
• D. User data base corruption

Answer: B

NEW QUESTION 14
When you hide a rule in a Rule Base, how can you then disable the rule?

• A. Hidden rules are already effectively disabled from Security Gateway enforcement.
• B. Right-click on the hidden rule place-holder bar and select Disable Rule(s).
• C. Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.
• D. Use the search utility in SmartDashboard to view all hidden rule
• E. Select the relevant rule and click Disable Rule(s).

Answer: C

NEW QUESTION 15
Which rule position in the Rule Base should hold the Cleanup Rule? Why?

• A. Firs
• B. It explicitly accepts otherwise dropped traffic.
• C. Las
• D. It explicitly drops otherwise accepted traffic.
• E. Las
• F. It serves a logging function before the implicit drop.
• G. Before last followed by the Stealth Rule.

Answer: C

NEW QUESTION 16
The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?

• A. When accuracy in detecting identity is crucial
• B. Leveraging identity for Data Center protection
• C. Protecting highly sensitive servers
• D. Identity based enforcement for non-AD users (non-Windows and guest users)

Answer: D

NEW QUESTION 17
The customer has a small Check Point installation which includes one Windows 2008 server as the SmartConsole and a second server running GAiA as both Security Management Server and the Security Gateway. This is an example of a(n):

• A. Distributed Installation
• B. Unsupported configuration
• C. Hybrid Installation
• D. Stand-Alone Installation

Answer: D

NEW QUESTION 18
In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?

• A. Do nothin
• B. Old logs are deleted, until free space is restored.
• C. Use the command fwm logexport to export the old log files to another location.
• D. Configure a script to run fw logswitch and SCP the output file to a separate file server.
• E. Do nothin
• F. The Security Management Server automatically copies old logs to a backup server before purging.

Answer: C

NEW QUESTION 19
Which R77 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations?

• A. upgrade_export/upgrade_import
• B. fwm dbexport/fwm dbimport
• C. Database Revision Control
• D. Policy Package management

Answer: C

NEW QUESTION 20
......