156-915.77 | A Review Of Printable 156-915.77 Free Demo

We provide real 156-915.77 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CheckPoint 156-915.77 Exam quickly & easily. The 156-915.77 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CheckPoint 156-915.77 dumps pdf and vce product and material, you can easily pass the 156-915.77 exam.

Also have 156-915.77 free dumps questions for you:

NEW QUESTION 1
CORRECT TEXT
To bind a NIC to a single processor when using CoreXL on GAiA, you would use the command


Solution:
sim affinity

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 2
CORRECT TEXT
The command useful for debugging by capturing packet information, including verifying LDAP authentication on all Check Point platforms is


Solution:
fw monitor

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 3

What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?

  • A. WMI
  • B. CIFS
  • C. RCP
  • D. LDAP

Answer: A

NEW QUESTION 4

Which of the following are authentication methods that Security Gateway R77 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.

  • A. Proxied, User, Dynamic, Session
  • B. Connection, User, Client
  • C. User, Client, Session
  • D. User, Proxied, Session

Answer: C

NEW QUESTION 5
CORRECT TEXT
Type the command and syntax you would use to verify that your Check Point cluster is functioning correctly.


Solution:
cphaprob state

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 6

Your company’s Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:

  • A. Client Authentication rule using the manual sign-on method, using HTTP on port 900
  • B. Client Authentication rule, using partially automatic sign on
  • C. Client Authentication for fully automatic sign on
  • D. Session Authentication rule

Answer: A

NEW QUESTION 7

Your company is running Security Management Server R77 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?

  • A. Using SmartDashboard, under Users, select Add New Administrator
  • B. Using SmartDashboard or cpconfig
  • C. Using the Web console on GAiA under Product configuration, select Administrators
  • D. Using cpconfig on the Security Management Server, choose Administrators

Answer: A

NEW QUESTION 8

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?

  • A. Two, one for outbound, one for inbound
  • B. Only one, outbound
  • C. Two, both outbound, one for the real IP connection and one for the NAT IP connection
  • D. Only one, inbound

Answer: B

NEW QUESTION 9
10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.
156-915.77 dumps exhibit
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?

  • A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
  • B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
  • C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
  • D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ’s interface.

Answer: B

NEW QUESTION 10
CORRECT TEXT
Fill in the blank. To save your OSPF configuration in GAiA, enter the command _____.


Solution:
save config

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 11
Install the Security Policy.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 12
CORRECT TEXT
Type the command and syntax to configure the Cluster Control Protocol (CCP) to use Broadcast.


Solution:
cphaconf set_ccp broadcast

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 13

Which two processes are responsible on handling Identity Awareness?

  • A. pdp and lad
  • B. pdp and pdp-11
  • C. pep and lad
  • D. pdp and pep

Answer: D

NEW QUESTION 14

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of .

  • A. client side NAT
  • B. source NAT
  • C. destination NAT
  • D. None of these

Answer: B

NEW QUESTION 15
CORRECT TEXT
156-915.77 dumps exhibitFill in the blank. To verify that a VPN Tunnel is properly established, use the command


Solution:
vpn tunnelutil

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 16

As a Security Administrator, you must refresh the Client Authentication authorization time- out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

  • A. in the user object's Authentication screen.
  • B. in the Gateway object's Authentication screen.
  • C. in the Limit tab of the Client Authentication Action Properties screen.
  • D. in the Global Properties Authentication screen.

Answer: C

NEW QUESTION 17

If you need strong protection for the encryption of user data, what option would be the BEST choice?

  • A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mod
  • B. Choose SHA in Quick Mode and encrypt with AE
  • C. Use AH protoco
  • D. Switch to Aggressive Mode.
  • E. When you need strong encryption, IPsec is not the best choic
  • F. SSL VPN’s are a better choice.
  • G. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
  • H. Disable Diffie-Hellman by using stronger certificate based key-derivatio
  • I. Use AES-256 bit on all encrypted channels and add PFS to QuickMod
  • J. Use double encryption by implementing AH and ESP as protocols.

Answer: C

NEW QUESTION 18

SmartReporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT:

  • A. Analyzing traffic patterns against public resources.
  • B. Possible worm/malware activity.
  • C. Analyzing access attempts via social-engineering.
  • D. Tracking attempted port scans.

Answer: C

NEW QUESTION 19
CORRECT TEXT
Fill in the blank. To enter the router shell, use command .


Solution:
cligated

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 20
CORRECT TEXT
Type the full cphaprob command and syntax that will show full synchronization status.


Solution:
cphaprob -i list

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 21
......

P.S. Allfreedumps.com now are offering 100% pass ensure 156-915.77 dumps! All 156-915.77 exam questions have been updated with correct answers: https://www.allfreedumps.com/156-915.77-dumps.html (203 New Questions)