Down To Date 156-915.77 Exam Question For Check Point Certified Security Expert Update Blade Certification

NEW QUESTION 1

Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?

• A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets fiel
• B. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.
• C. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install.
• D. In the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewal
• E. Right-click in the menu, select Administrator to Install to define only this administrator.
• F. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.

Answer: B

NEW QUESTION 2

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

• A. o=outbound kernel, before the virtual machine
• B. I=inbound kernel, after the virtual machine
• C. O=outbound kernel, after the virtual machine
• D. i=inbound kernel, before the virtual machine

Answer: B

NEW QUESTION 3

You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer.

• A. The Administrator decides the rule order by shifting the corresponding rules up and down.
• B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.
• C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.
• D. The rule position depends on the time of their creatio
• E. The rules created first are placed at the top; rules created later are placed successively below the others.

Answer: B

NEW QUESTION 4

Your expanding network currently includes ClusterXL running Multicast mode on two members, as shown in this topology:
Exhibit:

You need to add interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for these interfaces is 10.10.10.3/24. Both cluster gateways have a Quad card with an available eth3 interface. What is the correct procedure to add these interfaces?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

• A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.
• B. Configure Automatic Static NAT on network 10.10.20.0/24.
• C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
• D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.

Answer: C

NEW QUESTION 6

How many pre-defined exclusions are included by default in SmartEvent R77 as part of the product installation?

• A. 5
• B. 10
• C. 3

Answer: D

NEW QUESTION 7

Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the___.

• A. Identity Awareness Agent
• B. Full Endpoint Client
• C. ICA Certificate
• D. SecureClient

Answer: A

NEW QUESTION 8

When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

• A. SIC Certificates
• B. Licenses
• C. Route tables
• D. Global properties

Answer: C

NEW QUESTION 9

You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
- Allow bi-directional NAT
- Translate destination on client side
Do the above settings limit the partner’s access?

• A. Ye
• B. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.
• C. N
• D. The first setting is not applicabl
• E. The second setting will reduce performance.
• F. Ye
• G. Both of these settings are only applicable to automatic NAT rules.
• H. N
• I. The first setting is only applicable to automatic NAT rule
• J. The second setting will force translation by the kernel on the interface nearest to the client.

Answer: D

NEW QUESTION 10

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?

• A. John should lock and unlock his computer
• B. Investigate this as a network connectivity issue
• C. The access should be changed to authenticate the user instead of the PC
• D. John should install the Identity Awareness Agent

Answer: C

NEW QUESTION 11
Perform the same steps on the other Gateway.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12

You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?

• A. internal_clear > All_communities
• B. Internal_clear > External_Clear
• C. Communities > Communities
• D. internal_clear > All_GwToGw

Answer: A

NEW QUESTION 13
Define virtual IP in the Dashboard

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14

The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

• A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
• B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
• C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
• D. You can limit the authentication attempts in the User Properties’ Authentication tab.

Answer: B

NEW QUESTION 15

Review the rules.

Assume domain UDP is enabled in the impled rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

• A. can connect to the Internet successfully after being authenticated.
• B. is prompted three times before connecting to the Internet successfully.
• C. can go to the Internet after Telnetting to the client authentication daemon port 259.
• D. can go to the Internet, without being prompted for authentication.

Answer: D

NEW QUESTION 16

When do modifications to the Event Policy take effect?

• A. As soon as the Policy Tab window is closed.
• B. When saved on the SmartEvent Server and installed to the Correlation Units.
• C. When saved on the Correlation Units, and pushed as a policy.
• D. When saved on the SmartEvent Client, and installed on the SmartEvent Server.

Answer: B

NEW QUESTION 17

How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?

• A. Change the gateway settings to allow Captive Portal access via an external interface.
• B. No action is necessar
• C. This access is available by default.
• D. Change the Identity Awareness settings under Global Properties to allow Captive Portal access on all interfaces.
• E. Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an external interface.

Answer: A

NEW QUESTION 18

SmartReporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT:

• A. Analyzing traffic patterns against public resources.
• B. Possible worm/malware activity.
• C. Analyzing access attempts via social-engineering.
• D. Tracking attempted port scans.

Answer: C

NEW QUESTION 19
......