A Review Of Breathing 156-215.77 Exam Dumps

NEW QUESTION 1
Which of the following can be found in cpinfo from an enforcement point?

• A. Everything NOT contained in the file r2info
• B. VPN keys for all established connections to all enforcement points
• C. The complete file objects_5_0.c
• D. Policy file information specific to this enforcement point

Answer: D

NEW QUESTION 2
The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running GAiA as Security Gateway. This is an example of a(n):

• A. Stand-Alone Installation.
• B. Distributed Installation.
• C. Unsupported configuration.
• D. Hybrid Installation.

Answer: B

NEW QUESTION 3
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

• A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.
• B. Configure Automatic Static NAT on network 10.10.20.0/24.
• C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
• D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.

Answer: C

NEW QUESTION 4
Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

• A. vpn debug ipsec
• B. vpn ipsec
• C. fw ipsec tu
• D. vpn tu

Answer: D

NEW QUESTION 5
Which of the following is a viable consideration when determining Rule Base order?

• A. Grouping IPS rules with dynamic drop rules
• B. Placing more restrictive rules before more permissive rules
• C. Grouping authentication rules with QOS rules
• D. Grouping reject and drop rules after the Cleanup Rule

Answer: B

NEW QUESTION 6
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

• A. Automatic ARP must be unchecked in the Global Properties.
• B. Nothing else must be configured.
• C. A static route must be added on the Security Gateway to the internal host.
• D. A static route for the NAT IP must be added to the Gateway’s upstream router.

Answer: C

NEW QUESTION 7
Choose the SmartLog property that is TRUE.

• A. SmartLog has been an option since release R71.10.
• B. SmartLog is not a Check Point product.
• C. SmartLog and SmartView Tracker are mutually exclusive.
• D. SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.

Answer: D

NEW QUESTION 8
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

• A. Check Point Password
• B. TACACS
• C. LDAP
• D. Windows password

Answer: C

NEW QUESTION 9
Which of the following statements BEST describes Check Point’s Hide Network Address Translation method?

• A. Translates many destination IP addresses into one destination IP address
• B. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
• C. Translates many source IP addresses into one source IP address
• D. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

Answer: C

NEW QUESTION 10
What are you required to do before running the command upgrade_export?

• A. Run a cpstop on the Security Gateway.
• B. Run a cpstop on the Security Management Server.
• C. Close all GUI clients.
• D. Run cpconfig and set yourself up as a GUI client.

Answer: C

NEW QUESTION 11
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?

• A. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging histor
• B. Use your normal log server for standard logging for troubleshooting.
• C. Install the View Implicit Rules package using SmartUpdate.
• D. Define two log servers on the R77 Gateway objec
• E. Enable Log Implied Rules on the first log serve
• F. Enable Log Rule Base on the second log serve
• G. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
• H. Check the Log Implied Rules Globally box on the R77 Gateway object.

Answer: A

NEW QUESTION 12
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

• A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
• B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.
• C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
• D. Place a static host route on the firewall for the valid IP address to the internal Web server.

Answer: B

NEW QUESTION 13
When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?
Exhibit:

• A. (6) Delete all IPsec SAs for a given User (Client)
• B. (5) Delete all IPsec SAs for a given peer (GW)
• C. (8) Delete all IPsec+IKE SAs for a given User (Client)
• D. Delete all IPsec+IKE SAs for a given peer (GW)

Answer: D

NEW QUESTION 14
When you change an implicit rule’s order from Last to First in Global Properties, how do you make the change take effect?

• A. Run fw fetch from the Security Gateway.
• B. Select Install Database from the Policy menu.
• C. Select Save from the File menu.
• D. Reinstall the Security Policy.

Answer: D

NEW QUESTION 15
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the .

• A. destination on server side
• B. source on server side
• C. source on client side
• D. destination on client side

Answer: D

NEW QUESTION 16
You are troubleshooting NAT entries in SmartView Tracker. Which column do you check to view the new source IP?
Exhibit:

• A. XlateDPort
• B. XlateDst
• C. XlateSPort
• D. XlateSrc

Answer: D

NEW QUESTION 17
What happens when you select File > Export from the SmartView Tracker menu?

• A. Current logs are exported to a new *.log file.
• B. Exported log entries are not viewable in SmartView Tracker.
• C. Logs in fw.log are exported to a file that can be opened by Microsoft Excel.
• D. Exported log entries are deleted from fw.log.

Answer: C

NEW QUESTION 18
Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway’s Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?

• A. Logging implied rules
• B. User-defined alert script
• C. SNMP trap
• D. SmartView Monitor Threshold

Answer: B

NEW QUESTION 19
......