156-915.77 | The Secret Of CheckPoint 156-915.77 Brain Dumps

NEW QUESTION 1

When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered?
1) Each member must have a unique source IP address.
2) Every interface on each member requires a unique IP address.
3) All VTI's going to the same remote peer must have the same name.
4) Cluster IP addresses are required.

• A. 1, 2, and 4
• B. 2 and 3
• C. 1, 2, 3 and 4
• D. 1, 3, and 4

Answer: C

NEW QUESTION 2

The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

• A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
• B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
• C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
• D. You can limit the authentication attempts in the User Properties’ Authentication tab.

Answer: B

NEW QUESTION 3

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.

What is TRUE about the new package’s NAT rules?

• A. Rules 1, 2, 3 will appear in the new package.
• B. Only rule 1 will appear in the new package.
• C. NAT rules will be empty in the new package.
• D. Rules 4 and 5 will appear in the new package.

Answer: A

NEW QUESTION 4

Your expanding network currently includes ClusterXL running Multicast mode on two members, as shown in this topology:
Exhibit:

You need to add interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for these interfaces is 10.10.10.3/24. Both cluster gateways have a Quad card with an available eth3 interface. What is the correct procedure to add these interfaces?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group.

What happens when Eric tries to connect to a server on the Internet?

• A. None of these things will happen.
• B. Eric will be authenticated and get access to the requested server.
• C. Eric will be blocked because LDAP is not allowed in the Rule Base.
• D. Eric will be dropped by the Stealth Rule.

Answer: D

NEW QUESTION 6

What command with appropriate switches would you use to test Identity Awareness connectivity?

• A. test_ldap
• B. test_ad_connectivity
• C. test_ldap_connectivity
• D. test_ad

Answer: B

NEW QUESTION 7

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

• A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
• B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.
• C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
• D. Place a static host route on the firewall for the valid IP address to the internal Web server.

Answer: B

NEW QUESTION 8

Match the following commands to their correct function.

Each command has one function only listed.

• A. C1>F6; C2>F4; C3>F2; C4>F5
• B. C1>F2; C2>F1; C3>F6; C4>F4
• C. C1>F2; C2>F4; C3>F1; C4>F5
• D. C1>F4; C2>F6; C3>F3; C4>F2

Answer: A

NEW QUESTION 9

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

• A. Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).
• B. Create a new logical-server object to represent your partner’s CA.
• C. Manually import your partner’s Access Control List.
• D. Manually import your partner’s Certificate Revocation List.

Answer: A

NEW QUESTION 10

You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window.

What must you enable to see the Directional Match?

• A. directional_match(true) in the objects_5_0.C file on Security Management Server
• B. VPN Directional Match on the Gateway object’s VPN tab
• C. VPN Directional Match on the VPN advanced window, in Global Properties
• D. Advanced Routing on each Security Gateway

Answer: C

NEW QUESTION 11
Update the topology in the cluster object.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12

Charles requests a Website while using a computer not in the net_singapore network.

What is TRUE about his location restriction?

• A. Source setting in Source column always takes precedence.
• B. Source setting in User Properties always takes precedence.
• C. As location restrictions add up, he would be allowed from net_singapore and net_sydney.
• D. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.

Answer: D

NEW QUESTION 13

You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

• A. You checked the cache password on desktop option in Global Properties.
• B. Another rule that accepts HTTP without authentication exists in the Rule Base.
• C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
• D. Users must use the SecuRemote Client, to use the User Authentication Rule.

Answer: B

NEW QUESTION 14

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user’s credentials?

• A. Access Policy
• B. Access Role
• C. Access Rule
• D. Access Certificate

Answer: B

NEW QUESTION 15
CORRECT TEXT
Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL) connections with the LDAP Server is

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16

Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.

• A. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows
• B. Check Point GAiA and SecurePlatform, and Microsoft Windows
• C. Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO
• D. Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows

Answer: B

NEW QUESTION 17
CORRECT TEXT
Complete this statement. To save interface information before upgrading a Windows Gateway, use command

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 18

You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.

• A. No, it is not possible to have more than one NAT rule matching a connectio
• B. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so o
• C. When it finds a rule that matches, it stops checking and applies that rule.
• D. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).
• E. Yes, there are always as many active NAT rules as there are connections.
• F. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

Answer: D

NEW QUESTION 19

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original ||
Translated Destination: web_private_IP || Service: Original
“web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason?

• A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
• B. There is no ARP table entry for the protected Web server’s public IP address.
• C. There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address.
• D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Answer: D

NEW QUESTION 20

John is configuring a new R77 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.

What’s happening?

• A. ClusterXL needs to be unselected to permit third party clustering configuration.
• B. Third Party Clustering is not available for R77 Security Gateways.
• C. John has an invalid ClusterXL license.
• D. John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.

Answer: A

NEW QUESTION 21
......