A Review Of Approved 156-915.77 Preparation Labs

NEW QUESTION 1

You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other. How would you accomplish this?

• A. Define the two port-scan detections as an exception.
• B. You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.
• C. Select the two port-scan detections as a sub-event.
• D. Select the two port-scan detections as a new event.

Answer: A

NEW QUESTION 2

Which CLI tool helps on verifying proper ClusterXL sync?

• A. fw stat
• B. fw ctl sync
• C. fw ctl pstat
• D. cphaprob stat

Answer: C

NEW QUESTION 3
4.8.1

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4

A ClusterXL configuration is limited to members.

• A. There is no limit.
• B. 16
• C. 6
• D. 2

Answer: C

NEW QUESTION 5

A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?

• A. Reboot the system and call the start men
• B. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local fil
• C. Then, provide the correct file name.
• D. As expert user, type the command snapshot -r MySnapshot.tgz.
• E. As expert user, type the command revert --file MySnapshot.tgz.
• F. As expert user, type the command snapshot - R to restore from a local fil
• G. Then, provide the correct file name.

Answer: C

NEW QUESTION 6

Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:

Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

• A. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP addres
• B. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
• C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range objec
• D. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
• E. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT pag
• F. Enter 200.200.200.5 as the hiding IP addres
• G. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
• H. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group objec
• I. Create a manual NAT rule like the following: Original source - group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original.

Answer: B

NEW QUESTION 7

Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?

• A. fw cpinfo
• B. cpinfo -o date.cpinfo.txt
• C. diag
• D. cpstat - date.cpstat.txt

Answer: B

NEW QUESTION 8

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original ||
Translated Destination: web_private_IP || Service: Original
“web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason?

• A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
• B. There is no ARP table entry for the protected Web server’s public IP address.
• C. There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address.
• D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Answer: D

NEW QUESTION 9
CORRECT TEXT
Type the full fw command and syntax that will show full synchronization status.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10
CORRECT TEXT
Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 11

MultiCorp is running Smartcenter R71 on an IPSO platform and wants to upgrade to a new Appliance with R77. Which migration tool is recommended?

• A. Download Migration Tool R77 for IPSO and Splat/Linux from Check Point website.
• B. Use already installed Migration Tool.
• C. Use Migration Tool from CD/ISO
• D. Fetch Migration Tool R71 for IPSO and Migration Tool R77 for Splat/Linux from CheckPoint website

Answer: A

NEW QUESTION 12

Your primary Security Gateway runs on GAiA. What is the easiest way to back up your
Security Gateway R77 configuration, including routing and network configuration files?

• A. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
• B. Using the native GAiA backup utility from command line or in the Web based user interface.
• C. Using the command upgrade_export.
• D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.

Answer: B

NEW QUESTION 13

The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?

• A. Type fwm unlock_admin from the Security Management Server command line.
• B. Type fwm unlock_admin -u from the Security Gateway command line.
• C. Type fwm lock_admin -u <account name> from the Security Management Server command line.
• D. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.

Answer: C

NEW QUESTION 14

Peter is your new Security Administrator. On his first working day, he is very nervous and enters the wrong password three times. His account is locked. What can be done to unlock Peter’s account? Give the BEST answer.

• A. You can unlock Peter’s account by using the command fwm lock_admin -u Peter on the Security Management Server.
• B. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Management Server
• C. It is not possible to unlock Peter’s accoun
• D. You have to install the firewall once again or abstain from Peter’s help.
• E. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Gateway.

Answer: A

NEW QUESTION 15

Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed. Which actions should be taken to achieve that?
1) Use same hard drive for database directory, log files, and temporary directory.
2) Use Consolidation Rules.
3) Limit logging to blocked traffic only.
4) Use Multiple Database Tables.

• A. 2, 4
• B. 1, 3, 4
• C. 1, 2, 4
• D. 1, 2

Answer: A

NEW QUESTION 16
Update the topology in the cluster object.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 17

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?

• A. Check Point Password
• B. WMI object
• C. Domain Admin username
• D. Windows logon password

Answer: A

NEW QUESTION 18
Install the Security Policy.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 19
......