How Many Questions Of 156-215.77 Free Exam Questions

NEW QUESTION 1
Charles requests a Website while using a computer not in the net_singapore network.
What is TRUE about his location restriction? Exhibit:

• A. Source setting in Source column always takes precedence.
• B. Source setting in User Properties always takes precedence.
• C. As location restrictions add up, he would be allowed from net_singapore and net_sydney.
• D. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.

Answer: D

NEW QUESTION 2
Which of the following methods will provide the most complete backup of an R77 configuration?

• A. Policy Package Management
• B. Copying the directories $FWDIR\conf and $CPDIR\conf to another server
• C. Execute command upgrade_export
• D. Database Revision Control

Answer: C

NEW QUESTION 3
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

• A. Action
• B. Source
• C. User
• D. Track

Answer: B

NEW QUESTION 4
The Tokyo Security Management Server Administrator cannot connect from his workstation in Osaka.

Which of the following lists the BEST sequence of steps to troubleshoot this issue?

• A. Check for matching OS and product versions of the Security Management Server and the clien
• B. Then, ping the Gateways to verify connectivit
• C. If successful, scan the log filesfor any denied management packets.
• D. Verify basic network connectivity to the local Gateway, service provider, remote Gateway, remote network and target machin
• E. Then, test for firewall rules that deny management access to the targe
• F. If successful, verify that pcosaka is a valid client IP address.
• G. Check the allowed clients and users on the Security Management Serve
• H. If pcosaka and your user account are valid, check for network problem
• I. If there are no network related issues, this is likely to be a problem with the server itsel
• J. Check for any patches and upgrade
• K. If still unsuccessful, open a case with Technical Support.
• L. Call Tokyo to check if they can ping the Security Management Server locall
• M. If so, login to sgtokyo, verify management connectivity and Rule Bas
• N. If this looks okay, ask your provider if they have some firewall rules that filters out your management traffic.

Answer: B

NEW QUESTION 5
Which of the following commands can provide the most complete restoration of a R77 configuration?

• A. upgrade_import
• B. cpinfo -recover
• C. cpconfig
• D. fwm dbimport -p <export file>

Answer: A

NEW QUESTION 6
In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic.
Eric is a member of the LDAP group, MSD_Group.

What happens when Eric tries to connect to a server on the Internet?

• A. None of these things will happen.
• B. Eric will be authenticated and get access to the requested server.
• C. Eric will be blocked because LDAP is not allowed in the Rule Base.
• D. Eric will be dropped by the Stealth Rule.

Answer: B

NEW QUESTION 7
What action CANNOT be run from SmartUpdate R77?

• A. Fetch sync status
• B. Reboot Gateway
• C. Preinstall verifier
• D. Get all Gateway Data

Answer: A

NEW QUESTION 8
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

• A. John should install the Identity Awareness Agent
• B. The firewall admin should install the Security Policy
• C. John should lock and unlock the computer
• D. Investigate this as a network connectivity issue

Answer: B

NEW QUESTION 9
You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:

• A. Standard policy.
• B. Initial policy.
• C. Last policy that was installed.
• D. Default filter.

Answer: B

NEW QUESTION 10
What information is found in the SmartView Tracker Management log?

• A. SIC revoke certificate event
• B. Destination IP address
• C. Most accessed Rule Base rule
• D. Number of concurrent IKE negotiations

Answer: A

NEW QUESTION 11
Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

• A. Users being authenticated by Client Authentication have to re-authenticate.
• B. All connections are reset, so a policy install is recommended during announced downtime only.
• C. All FTP downloads are reset; users have to start their downloads again.
• D. Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.

Answer: A

NEW QUESTION 12
ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

• A. Export setup
• B. DHCP Server configuration
• C. Time & Date
• D. GUI Clients

Answer: D

NEW QUESTION 13
Which set of objects have an Authentication tab?

• A. Templates, Users
• B. Users, Networks
• C. Users, User Groups
• D. Networks, Hosts

Answer: A

NEW QUESTION 14
A rule is used to prevent all traffic going to the R77 Security Gateway.

• A. IPS
• B. Cleanup
• C. Reject
• D. Stealth

Answer: D

NEW QUESTION 15
Identify the ports to which the Client Authentication daemon listens by default.

• A. 259, 900
• B. 256, 600
• C. 80, 256
• D. 8080, 529

Answer: A

NEW QUESTION 16
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?

• A. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
• B. A Rule Base can always be installed on any Check Point firewall objec
• C. It is necessary to select the appropriate target directly after selecting Policy > Install.
• D. In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule.
• E. A Rule Base is always installed on all possible target
• F. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.

Answer: C

NEW QUESTION 17
You plan to create a backup of the rules, objects, policies, and global properties from an R77 Security Management Server. Which of the following backup and restore solutions can you use?

• A. 2, 4, and 5
• B. 1, 2, 3, 4, and 5
• C. 1, 2, and 3
• D. 1, 3, and 4

Answer: C

NEW QUESTION 18
Where does the security administrator activate Identity Awareness within SmartDashboard?

• A. Gateway Object > General Properties
• B. Security Management Server > Identity Awareness
• C. Policy > Global Properties > Identity Awareness
• D. LDAP Server Object > General Properties

Answer: A

NEW QUESTION 19
......