How Many Questions Of 156-215.77 Exam

NEW QUESTION 1
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

• A. You checked the cache password on desktop option in Global Properties.
• B. Another rule that accepts HTTP without authentication exists in the Rule Base.
• C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
• D. Users must use the SecuRemote Client, to use the User Authentication Rule.

Answer: B

NEW QUESTION 2
Where is the easiest and BEST place to find information about connections between two machines?

• A. All options are valid.
• B. On a Security Gateway using the command fw log.
• C. On a Security Management Server, using SmartView Tracker.
• D. On a Security Gateway Console interface; it gives you detailed access to log files and state table information.

Answer: C

NEW QUESTION 3
John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard -
“Trust established?”
SIC still does not seem to work because the policy won’t install and interface fetching does not work. What might be a reason for this?

• A. SIC does not function over the network.
• B. It always works when the trust is established
• C. The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.
• D. This must be a human error.

Answer: C

NEW QUESTION 4
Is it possible to see user activity in SmartView Tracker?

• A. Yes, seeing user activity is enabled when using the Identity Awareness blade.
• B. No, a Check Point Gateway can only see IP addresses.
• C. Yes, but you have to enable the option: See user information in SmartView Tracker.
• D. Yes, but you need to use the SPLAT operating system.

Answer: A

NEW QUESTION 5
Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:

• A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.
• B. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.
• C. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.
• D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.

Answer: C

NEW QUESTION 6
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to- site VPN with one of your firm’s business partners.
Which SmartConsole application should you use to confirm your suspicions?

• A. SmartDashboard
• B. SmartUpdate
• C. SmartView Status
• D. SmartView Tracker

Answer: D

NEW QUESTION 7
Match the following commands to their correct function. Each command has one function only listed.
Exhibit:

• A. C1>F6; C2>F4; C3>F2; C4>F5
• B. C1>F2; C2>F1; C3>F6; C4>F4
• C. C1>F2; C2>F4; C3>F1; C4>F5
• D. C1>F4; C2>F6; C3>F3; C4>F2

Answer: A

NEW QUESTION 8
What CANNOT be configured for existing connections during a policy install?

• A. Keep all connections
• B. Keep data connections
• C. Re-match connections
• D. Reset all connections

Answer: D

NEW QUESTION 9
Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:

• A. IP addresses.
• B. SIC is not NAT-tolerant.
• C. SIC names.
• D. MAC addresses.

Answer: C

NEW QUESTION 10
Security Gateway R77 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services.

• A. SMTP, FTP, TELNET
• B. SMTP, FTP, HTTP, TELNET
• C. FTP, HTTP, TELNET
• D. FTP, TELNET

Answer: C

NEW QUESTION 11
You want to reset SIC between smberlin and sgosaka.

In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:

What is the reason for this behavior?

• A. The Gateway was not rebooted, which is necessary to change the SIC key.
• B. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
• C. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
• D. The activation key contains letters that are on different keys on localized keyboard
• E. Therefore, the activation can not be typed in a matching fashion.

Answer: C

NEW QUESTION 12
You review this Security Policy because Rule 4 is inhibited. Which Rule is responsible? Exhibit:

• A. No rule inhibits Rule 4.
• B. Rule 1
• C. Rule 2
• D. Rule 3

Answer: C

NEW QUESTION 13
During which step in the installation process is it necessary to note the fingerprint for first-
time verification?

• A. When configuring the Gateway in the WebUI
• B. When configuring the Security Management Server using cpconfig
• C. When establishing SIC between the Security Management Server and the Gateway
• D. When configuring the Security Gateway object in SmartDashboard

Answer: B

NEW QUESTION 14
If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?

• A. IPS
• B. SSL: VPN
• C. SmartEvent Intro
• D. Data Loss Prevention

Answer: A

NEW QUESTION 15
An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of .

• A. client side NAT
• B. source NAT
• C. destination NAT
• D. None of these

Answer: B

NEW QUESTION 16
The Captive Portal tool:

• A. Acquires identities from unidentified users.
• B. Is only used for guest user authentication.
• C. Allows access to users already identified.
• D. Is deployed from the Identity Awareness page in the Global Properties settings.

Answer: A

NEW QUESTION 17
Is it possible to track the number of connections each rule matches in a Rule Base?

• A. Yes, but you need SPLAT operating system to enable the feature Hits Count in the SmartDashboard client.
• B. Yes, since R75 40 you can use the feature Hits Count in the SmartDashboard client.
• C. Yes, but you need Gala operating system to enable the feature Hits Count in the SmartDashboard client.
• D. No, due to an architecture limitation it is not possible to track the number of connections each rule matches.

Answer: B

NEW QUESTION 18
You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

• A. A group with generic user
• B. All users
• C. LDAP Account Unit Group
• D. Internal user Group

Answer: A

NEW QUESTION 19
......