Checkpoint.Selftestengine.156-215.77.v2015-04 … · Checkpoint 156-215.77 Exam. C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address

Selftestengine..156-215.77.273 questions

Number: 156-215.77Passing Score: 800Time Limit: 120 minFile Version: 7.2

http://www.gratisexam.com/

Checkpoint 156-215.77

Check Point Certified Security Administrator

Make yourself wise and talented with studies and look out for the video lectures foryour exam because they are perfect to train you for the exam and its modules.

It gets you study tools online for it, and thus it manages to save your time and moneyas well.

Start your career with this assistance and you will never regret investing in itsamazing study tools that are for you and your training in any kind of certification exampreparation.

It offers easy understanding exam guide so that anyone can pass exam without anyhesitation. This was good opportunity for me to grab exam certification with ease and forguide I did not have to go any further away it was just like that it was at my door step.

Its magic did work on me as I passed exam with superb score. It has verymesmerizing patterned guidance.

Exam A

QUESTION 1You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas.Management wants a report detailing the current software level of each Enterprise class Security Gateway.You plan to take the opportunity to create a proposal outline, listing the most cost- effective way to upgradeyour Gateways. Which two SmartConsole applications will you use to create this report and outline?

A. SmartView Tracker and SmartView MonitorB. SmartLSM and SmartUpdateC. SmartDashboard and SmartView TrackerD. SmartView Monitor and SmartUpdate

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Explanation:

QUESTION 2The customer has a small Check Point installation, which includes one GAiA server working as theSmartConsole, and a second server running Windows 2008 as both Security Management Server andSecurity Gateway. This is an example of a(n):

A. Distributed InstallationB. Hybrid InstallationC. Unsupported configurationD. Stand-Alone Installation

Correct Answer: CSection: (none)Explanation


QUESTION 3The customer has a small Check Point installation which includes one Windows 2008 server as theSmartConsole and a second server running GAiA as both Security Management Server and the SecurityGateway. This is an example of a(n):

A. Distributed InstallationB. Unsupported configurationC. Hybrid InstallationD. Stand-Alone Installation



QUESTION 4The customer has a small Check Point installation which includes one Windows 2008 server asSmartConsole and Security Management Server with a second server running GAiA as Security Gateway.This is an example of a(n):

A. Stand-Alone Installation.

B. Distributed Installation.C. Unsupported configuration.D. Hybrid Installation.

Correct Answer: BSection: (none)Explanation


QUESTION 5Which command allows Security Policy name and install date verification on a Security Gateway?

A. fw show policyB. fw stat -lC. fw ctl pstat -policyD. fw ver -p



QUESTION 6You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 forthis configuration. You then delete two existing users and add a new user group. You modify one rule andadd two new rules to the Rule Base. You save the Security Policy and create database version 2. Afterawhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database.How can you do this?


A. Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import theusers.

B. Run fwm_dbexport to export the user database. Select restore the entire database in the DatabaseRevision screen. Then, run fwm_dbimport.

C. Restore the entire database, except the user database, and then create the new user and user group.D. Restore the entire database, except the user database.



Real 7Checkpoint 156-215.77 Exam

QUESTION 7Peter is your new Security Administrator. On his first working day, he is very nervous and enters the wrong

password three times. His account is locked. What can be done to unlock Peter's account? Give the BESTanswer.

A. You can unlock Peter's account by using the command fwm lock_admin -u Peter on the SecurityManagement Server.

B. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the SecurityManagement Server

C. It is not possible to unlock Peter's account. You have to install the firewall once again or abstain fromPeter's help.

D. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the SecurityGateway.

Correct Answer: ASection: (none)Explanation


QUESTION 8Many companies have defined more than one administrator. To increase security, only one administratorshould be able to install a Rule Base on a specific Firewall. How do you configure this?

A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all otherfirewalls by placing them in the Policy Targets field. Then, an administrator with this permission profilecannot install a policy on any Firewall not listed here.

B. Put the one administrator in an Administrator group and configure this group in the specific Firewallobject in Advanced > Permission to Install.

C. In the object General Properties representing the specific Firewall, go to the Software Blades product listand select Firewall. Right-click in the menu, select Administrator to Install to define only thisadministrator.

D. Right-click on the object representing the specific administrator, and select that Firewall in PolicyTargets.


Explanation/Reference:correct answer.

QUESTION 9Which of these Security Policy changes optimize Security Gateway performance?

A. Using groups within groups in the manual NAT Rule Base.B. Use Automatic NAT rules instead of Manual NAT rules whenever possible.C. Using domain objects in rules when possible.D. Putting the least-used rule at the top of the Rule Base.



QUESTION 10Real 21Checkpoint 156-215.77 ExamYou enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. Youbrowse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows

10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?

A. Two, one for outbound, one for inboundB. Only one, outboundC. Two, both outbound, one for the real IP connection and one for the NAT IP connectionD. Only one, inbound



QUESTION 11Which of the following statements BEST describes Check Point's Hide Network Address Translationmethod?

A. Translates many destination IP addresses into one destination IP addressB. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and

Destination IP address translationC. Translates many source IP addresses into one source IP addressD. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and

Destination IP address translation



QUESTION 12Which Check Point address translation method is necessary if you want to connect from a host on theInternet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

A. Dynamic Source Address TranslationB. Hide Address TranslationC. Port Address TranslationD. Static Destination Address Translation



QUESTION 13You want to implement Static Destination NAT in order to provide external, Internet users access to aninternal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address onthe network between your Security Gateway and ISP router. You control the router that sits between thefirewall external interface and the Internet.

What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.


C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.D. Place a static host route on the firewall for the valid IP address to the internal Web server.



QUESTION 14You just installed a new Web server in the DMZ that must be reachable from the Internet. You create amanual Static NAT rule as follows:

Real 32Checkpoint 156-215.77 ExamSourcE. Any || Destination: web_public_IP || ServicE. Any || Translated SourcE. original || TranslatedDestination: web_private_IP || ServicE. Original

"web_public_IP? is the node object that represents the new Web server's public IP address."web_private_IP? is the node object that represents the new Web site's private IP address. You enable allsettings from Global Properties > NAT.

When you try to browse the Web server from the Internet you see the error "page cannot be displayed?.Which of the following is NOT a possible reason?

A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.B. There is no ARP table entry for the protected Web server's public IP address.C. There is no route defined on the Security Gateway for the public IP address to the Web server's private

IP address.D. There is no NAT rule translating the source IP address of packets coming from the protected Web

server.



QUESTION 15You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NATrules to match a connection. Is it possible? Give the BEST answer.

A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receivesa packet belonging to a connection, it compares it against the first rule in the Rule Base, then thesecond rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.

B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT(bidirectional NAT).

C. Yes, there are always as many active NAT rules as there are connections.D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT

(bidirectional NAT).



QUESTION 16

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy

Real 33Checkpoint 156-215.77 Exampackage with security and address translation rules for a second Gateway. What is TRUE about the newpackage's NAT rules?

Exhibit:

A. Rules 1, 2, 3 will appear in the new package.B. Only rule 1 will appear in the new package.C. NAT rules will be empty in the new package.D. Rules 4 and 5 will appear in the new package.



QUESTION 17What is the default setting when you use NAT?

A. Destination Translated on Server sideB. Destination Translated on Client sideC. Source Translated on both sidesD. Source Translated on Client side



QUESTION 18Select the TRUE statements about the Rule Base shown?

Exhibit:


1) HTTP traffic from webrome to websingapore will be encrypted.

2) HTTP traffic from websingapore to webrome will be encrypted.

3) HTTP traffic from webrome to websingapore will be authenticated.

4) HTTP traffic from websingapore to webrome will be blocked.

A. 1, 2, and 3B. 3 onlyC. 2 and 3D. 3 and 4



QUESTION 19Which rule is responsible for the client authentication failure?

Exhibit:


A. Rule 4B. Rule 6C. Rule 3D. Rule 5



QUESTION 20You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour ofinactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:

Unknown established connection

How do you resolve this problem without causing other security issues? Choose the BEST answer.

A. Increase the service-based session timeout of the default Telnet service to 24-hours.B. Ask the mainframe users to reconnect every time this error occurs.C. Increase the TCP session timeout under Global Properties > Stateful Inspection.D. Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session

timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to themainframe.


Explanation/Reference:valid answer.

QUESTION 21Which SmartConsole tool would you use to see the last policy pushed in the audit log?

A. SmartView TrackerB. None, SmartConsole applications only communicate with the Security Management Server.C. SmartView StatusD. SmartView Server




QUESTION 22SmartView Tracker logs the following Security Administrator activities, EXCEPT:

A. Object creation, deletion, and editingB. Tracking SLA complianceC. Administrator login and logoutD. Rule Base changes



QUESTION 23What happens when you select File > Export from the SmartView Tracker menu?

A. Current logs are exported to a new *.log file.B. Exported log entries are not viewable in SmartView Tracker.C. Logs in fw.log are exported to a file that can be opened by Microsoft Excel.D. Exported log entries are deleted from fw.log.



QUESTION 24By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:

A. Saves the current log file, names the log file by date and time, and starts a new log file.B. Purges the current log file, and starts a new log file.C. Prompts you to enter a filename, and then saves the log file.D. Purges the current log file, and prompts you for the new log's mode.


Explanation/Reference:

Explanation:

QUESTION 25Real 37Checkpoint 156-215.77 ExamYou are working with three other Security Administrators. Which SmartConsole component can be used tomonitor changes to rules or object properties made by the other administrators?

A. Eventia TrackerB. SmartView MonitorC. Eventia MonitorD. SmartView Tracker



QUESTION 26Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief ExecutiveOfficer (CEO) of a company?

A. This is not a SmartView Tracker feature.B. Display Capture ActionC. Network and Endpoint TabD. Display Payload View


Explanation/Reference:accurate answer.

QUESTION 27You can include External commands in SmartView Tracker by the menu Tools > Custom Commands.

The Security Management Server is running under GAiA, and the GUI is on a system running MicrosoftWindows. How do you run the command traceroute on an IP address?

A. There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup.B. Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the

list.C. Use the program GUIdbedit to add the command traceroute to the Security Management Server

properties.D. Go to the menu, Tools > Custom Commands and configure the Linux command traceroute to the list.


Explanation/Reference:Real 38Checkpoint 156-215.77 Exam

Explanation:

QUESTION 28Where is the easiest and BEST place to find information about connections between two machines?

A. All options are valid.B. On a Security Gateway using the command fw log.C. On a Security Management Server, using SmartView Tracker.D. On a Security Gateway Console interface; it gives you detailed access to log files and state table

information.



QUESTION 29Which of the following can be found in cpinfo from an enforcement point?

A. Everything NOT contained in the file r2infoB. VPN keys for all established connections to all enforcement pointsC. The complete file objects_5_0.cD. Policy file information specific to this enforcement point



QUESTION 30Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a SecurityGateway?

A. SmartView TrackerB. None, SmartConsole applications only communicate with the Security Management Server.C. SmartView ServerD. SmartUpdate




QUESTION 31You have detected a possible intruder listed in SmartView Tracker's active pane. What is the fastestmethod to block this intruder from accessing your network indefinitely?

A. Modify the Rule Base to drop these connections from the network.B. In SmartView Tracker, select Tools > Block Intruder.C. In SmartView Monitor, select Tools > Suspicious Activity Rules.D. In SmartDashboard, select IPS > Network Security > Denial of Service.


Explanation/Reference:obvious answer.

QUESTION 32Where can an administrator specify the notification action to be taken by the firewall in the event thatavailable disk space drops below 15%?

A. SmartView Monitor > Gateway Status > Threshold SettingsB. SmartView Tracker > Audit Tab > Gateway CountersC. SmartView Monitor > Gateway Status > System Information > ThresholdsD. This can only be monitored by a user-defined script.



QUESTION 33Where can an administrator configure the notification action in the event of a policy install time change?

A. SmartView Monitor > Gateways > Thresholds SettingsB. SmartView Monitor > Gateway Status > System Information > ThresholdsC. SmartDashboard > Policy Package ManagerD. SmartDashboard > Security Gateway Object > Advanced Properties Tab Real 40

Checkpoint 156-215.77 Exam



QUESTION 34Where are custom queries stored in R77 SmartView Tracker?

A. On the SmartView Tracker PC local file system under the user's profile.B. On the Security Management Server tied to the GUI client IP.C. On the Security Management Server tied to the Administrator User Database login name.D. On the SmartView Tracker PC local file system shared by all users of that local PC.



QUESTION 35How do you view a Security Administrator's activities with SmartConsole?

A. Eventia SuiteB. SmartView Monitor using the Administrator Activity filterC. SmartView Tracker in the Management tabD. SmartView Tracker in the Network and Endpoint tabs


Explanation/Reference:fine answer.

QUESTION 36Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking alltraffic from the corporate network?

A. Management tabB. Custom filterC. Network and Endpoint tabD. Active tab



Explanation:

QUESTION 37You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How doyou view Security Administrator activity?

A. SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on theSecurity Management Server's Operating System.

B. SmartView Tracker in Network and Endpoint ModeC. SmartView Tracker in Active ModeD. SmartView Tracker in Management Mode



QUESTION 38Which of the following R77 SmartView Tracker views will display a popup warning about performanceimplications on the Security Gateway?

A. All Records QueryB. Account QueryC. Active TabD. Audit Tab



QUESTION 39

While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be anintrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is thecorrect order of steps needed to set up the block?

1) Select Active Mode tab in SmartView Tracker.

2) Select Tools > Block Intruder.

Real 42Checkpoint 156-215.77 Exam3) Select Log Viewing tab in SmartView Tracker.

4) Set Blocking Timeout value to 60 minutes.

5) Highlight connection that should be blocked.

A. 1, 2, 5, 4B. 3, 2, 5, 4C. 1, 5, 2, 4D. 3, 5, 2, 4


Explanation/Reference:best answer.

QUESTION 40SmartView Tracker R77 consists of three different modes. They are:

A. Log, Active, and AuditB. Log, Active, and ManagementC. Network and Endpoint, Active, and ManagementD. Log, Track, and Management



Topic 2, Volume B

QUESTION 41You are troubleshooting NAT entries in SmartView Tracker. Which column do you check to view the newsource IP?

Exhibit:



A. XlateDPortB. XlateDstC. XlateSPortD. XlateSrc



Explanation:

QUESTION 42You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view theNAT'd source port if you are using Source NAT?



A. XlateDst

B. XlateSPortC. XlateDPortD. XlateSrc



QUESTION 43When you change an implicit rule's order from Last to First in Global Properties, how do you make thechange take effect?

A. Run fw fetch from the Security Gateway.B. Select Install Database from the Policy menu.C. Select Save from the File menu.D. Reinstall the Security Policy.



QUESTION 44How does the button Get Address, found on the Host Node Object > General Properties page retrieve theaddress?

A. Route TableB. SNMP GetC. Address resolution (ARP, RARP)D. Name resolution (hosts file, DNS, cache)



QUESTION 45Anti-Spoofing is typically set up on which object type?


A. Security GatewayB. HostC. Security Management objectD. Network



QUESTION 46Spoofing is a method of:

A. Making packets appear as if they come from an authorized IP address.B. Detecting people using false or wrong authentication logins.C. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.D. Hiding your firewall from unauthorized users.



QUESTION 47How can you activate the SNMP daemon on a Check Point Security Management Server?

A. Using the command line, enter snmp_install.B. From cpconfig, select SNMP extension.C. Any of these options will work.D. In SmartDashboard, right-click a Check Point object and select Activate SNMP.



QUESTION 48Which of the following describes the default behavior of an R77 Security Gateway?

A. Traffic not explicitly permitted is dropped.Real 48Checkpoint 156-215.77 Exam

B. Traffic is filtered using controlled port scanning.C. All traffic is expressly permitted via explicit rules.D. IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.


Explanation/Reference:absolute answer.

QUESTION 49When you use the Global Properties' default settings on R77, which type of traffic will be dropped if NOexplicit rule allows the traffic?

A. SmartUpdate connectionsB. Outgoing traffic originating from the Security GatewayC. Firewall logging and ICA key-exchange informationD. RIP traffic

Correct Answer: DSection: (none)

Explanation


QUESTION 50A client has created a new Gateway object that will be managed at a remote location. When the clientattempts to install the Security Policy to the new Gateway object, the object does not appear in the InstallOn check box. What should you look for?

A. Secure Internal Communications (SIC) not configured for the object.B. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the

Network Objects dialog box.C. Anti-spoofing not configured on the interfaces on the Gateway object.D. A Gateway object created using the Check Point > Security Gateway option in the network Real 54

Checkpoint 156-215.77 Examobjects, dialog box, but still needs to configure the interfaces for the Security Gateway object.




QUESTION 51A Security Policy installed by another Security Administrator has blocked all SmartDashboard connectionsto the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnectwith SmartDashboard and view all changes. Which of the following change is the most likely cause of theblock?

A. The Allow Control Connections setting in Policy > Global Properties has been unchecked.B. A Stealth Rule has been configured for the R77 Gateway.C. The Security Policy installed to the Gateway had no rules in it.D. The Gateway Object representing your Gateway was configured as an Externally Managed VPN

Gateway.



QUESTION 52When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT avalid R77 topology configuration?

A. ExternalB. AnyC. SpecificD. Not Defined



QUESTION 53You are conducting a security audit. While reviewing configuration files and logs, you notice logs acceptingPOP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is themost likely cause?


A. The POP3 rule is disabled.B. POP3 is accepted in Global Properties.C. The POP3 rule is hidden.D. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.



QUESTION 54Which rule is responsible for the installation failure?

Exhibit:

A. Rule 3B. Rule 4

C. Rule 6D. Rule 5



QUESTION 55Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure.

Real 56Checkpoint 156-215.77 ExamExhibit:

Exhibit:




QUESTION 56Which rule is responsible for the installation failure?

Exhibit:




Explanation:

QUESTION 57As a Security Administrator, you must refresh the Client Authentication authorization time-out every time anew user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

A. in the user object's Authentication screen.B. in the Gateway object's Authentication screen.C. in the Limit tab of the Client Authentication Action Properties screen.D. in the Global Properties Authentication screen.



QUESTION 58The technical-support department has a requirement to access an intranet server. When configuring a UserAuthentication rule to achieve this, which of the following should you remember?

A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.

B. The Security Gateway first checks if there is any rule that does not require authentication for this type ofconnection before invoking the Authentication Security Server.

C. Once a user is first authenticated, the user will not be prompted for authentication again until loggingout.

D. You can limit the authentication attempts in the User Properties' Authentication tab.



QUESTION 59Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.

A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and Real 58Checkpoint 156-215.77 Examcreate an LDAP resource object.

B. Configure a workstation object for the LDAP server, configure a server object for the LDAP AccountUnit, and enable LDAP in Global Properties.

C. Enable User Directory in Global Properties, configure a host-node object for the LDAP server, andconfigure a server object for the LDAP Account Unit.

D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.



QUESTION 60You cannot use SmartDashboard's User Directory features to connect to the LDAP server. What shouldyou investigate?

1) Verify you have read-only permissions as administrator for the operating system.

2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAPserver.

3) Check that the login Distinguished Name configured has root permission (or at least write permissionAdministrative access) in the LDAP Server's access control configuration.


A. 1, 2, and 3B. 2 and 3C. 1 and 2D. 1 and 3

Correct Answer: BSection: (none)

Explanation


QUESTION 61Identify the ports to which the Client Authentication daemon listens by default.

A. 259, 900B. 256, 600C. 80, 256D. 8080, 529




QUESTION 62What is the Manual Client Authentication TELNET port?

A. 23B. 264C. 900D. 259


Explanation/Reference:right answer.

QUESTION 63Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can useany services. The Gateway does not allow the Telnet service to itself from any location. How would youconfigure authentication on the Gateway? With a:

A. Client Authentication rule using the manual sign-on method, using HTTP on port 900B. Client Authentication rule, using partially automatic sign onC. Client Authentication for fully automatic sign onD. Session Authentication rule



QUESTION 64Which authentication type permits five different sign-on methods in the authentication properties window?

A. Client AuthenticationB. Manual AuthenticationC. User Authentication

D. Session AuthenticationReal 60Checkpoint 156-215.77 Exam



QUESTION 65Which Client Authentication sign-on method requires the user to first authenticate via the UserAuthentication mechanism, when logging in to a remote server with Telnet?

A. Manual Sign OnB. Agent Automatic Sign OnC. Partially Automatic Sign OnD. Standard Sign On



QUESTION 66Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out torefresh, each time a new user is authenticated? The:

A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.B. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.C. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.



QUESTION 67All R77 Security Servers can perform authentication with the exception of one. Which of the SecurityServers can NOT perform authentication?

A. FTPB. SMTP


C. HTTPD. RLOGIN



QUESTION 68Which of the following are authentication methods that Security Gateway R77 uses to validate connectionattempts? Select the response below that includes the MOST complete list of valid authentication methods.

A. Proxied, User, Dynamic, SessionB. Connection, User, ClientC. User, Client, SessionD. User, Proxied, Session


Explanation/Reference:correctly sorted answer.

QUESTION 69Security Gateway R77 supports User Authentication for which of the following services? Select theresponse below that contains the MOST correct list of supported services.

A. SMTP, FTP, TELNETB. SMTP, FTP, HTTP, TELNETC. FTP, HTTP, TELNETD. FTP, TELNET



QUESTION 70With the User Directory Software Blade, you can create R77 user definitions on a(n) _________ Server.


A. LDAPB. RadiusC. SecureIDD. NT Domain



QUESTION 71The User Directory Software Blade is used to integrate which of the following with Security Gateway R77?

A. RADIUS serverB. Account Management Client serverC. UserAuthority serverD. LDAP server



QUESTION 72If you are experiencing LDAP issues, which of the following should you check?

A. Connectivity between the R77 Gateway and LDAP serverB. Secure Internal Communications (SIC)C. Overlapping VPN DomainsD. Domain name resolution



QUESTION 73Which type of R77 Security Server does not provide User Authentication?

A. SMTP Security ServerReal 63Checkpoint 156-215.77 Exam

B. HTTP Security ServerC. FTP Security ServerD. HTTPS Security Server



QUESTION 74You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are tobe defined via SmartDashboard?

A. A group with generic userB. All usersC. LDAP Account Unit GroupD. Internal user Group


Explanation/Reference:definite answer.

QUESTION 75For which service is it NOT possible to configure user authentication?

A. TelnetB. SSH

C. FTPD. HTTPS



QUESTION 76Your company has two headquarters, one in London, and one in New York. Each office includes severalbranch offices. The branch offices need to communicate with the headquarters in their country, not witheach other, and only the headquarters need to communicate directly. What is the BEST configuration forestablishing VPN Communities for this company? VPN Communities comprised of:

A. One star Community with the option to mesh the center of the star: New York and London Gatewaysadded to the center of the star with the mesh center Gateways option checked; all London branchoffices defined in one satellite window, but, all New York branch offices defined in another satellitewindow.

B. Two mesh and one star Community: One mesh Community is set up for each of the headquarters andits branch offices. The star Community is configured with London as the center Real 74Checkpoint 156-215.77 Examof the Community and New York is the satellite.

C. Two star and one mesh Community: One star Community is set up for each site, with headquarters asthe Community center, and its branches as satellites. The mesh Community includes only New Yorkand London Gateways.

D. Three mesh Communities: One for London headquarters and its branches, one for New Yorkheadquarters and its branches, and one for London and New York headquarters.



QUESTION 77Your company has two headquarters, one in London, one in New York. Each of the headquarters includesseveral branch offices. The branch offices only need to communicate with the headquarters in their country,not with each other, and the headquarters need to communicate directly. What is the BEST configurationfor establishing VPN Communities among the branch offices and their headquarters, and between the twoheadquarters? VPN Communities comprisedof:

A. Three mesh Communities: one for London headquarters and its branches; one for New Yorkheadquarters and its branches; and one for London and New York headquarters.

B. Two mesh and one star Community: Each mesh Community is set up for each site betweenheadquarters their branches. The star Community has New York as the center and London as itssatellite.

C. Two star communities and one mesh: A star community for each city with headquarters as center, andbranches as satellites. Then one mesh community for the two headquarters.

D. One star Community with the option to mesh the center of the star: New York and London Gatewaysadded to the center of the star with the "mesh center Gateways? option checked; all London branchoffices defined in one satellite window; but, all New York branch offices defined in another satellitewindow.



QUESTION 78Match the terms with their definitions:

Exhibit:


A. A-3, B-2, C-4, D-1B. A-2, B-3, C-4, D-1C. A-3, B-2, C-1, D-4D. A-3, B-4, C-1, D-2



QUESTION 79Which of these attributes would be critical for a site-to-site VPN?

A. Scalability to accommodate user groupsB. Centralized managementC. Strong authenticationD. Strong data encryption


Explanation/Reference:this answer is updated.

QUESTION 80Which of the following is NOT true for Clientless VPN?

A. The Gateway can enforce the use of strong encryption.B. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN.C. Secure communication is provided between clients and servers that support HTTP.D. User Authentication is supported.




QUESTION 81You want to establish a VPN, using certificates. Your VPN will exchange certificates with an externalpartner. Which of the following activities should you do first?

A. Create a new logical-server object to represent your partner's CA.B. Exchange exported CA keys and use them to create a new server object to represent your partner's

Certificate Authority (CA).C. Manually import your partner's Certificate Revocation List.D. Manually import your partner's Access Control List.



QUESTION 82Your company is still using traditional mode VPN configuration on all Gateways and policies. Your managernow requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to bedone with no downtime due to critical applications which must run constantly.How would you start such a migration?

A. This cannot be done without downtime as a VPN between a traditional mode Gateway and a simplifiedmode Gateway does not work.

B. This can not be done as it requires a SIC- reset on the Gateways first forcing an outage.C. You first need to completely rewrite all policies in simplified mode and then push this new policy to all

Gateways at the same time.D. Convert the required Gateway policies using the simplified VPN wizard, check their logic and then

migrate Gateway per Gateway.



QUESTION 83Your manager requires you to setup a VPN to a new business partner site. The administrator from thepartner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256for IKE phase 2. Why is this a problematic setup?


A. The two algorithms do not have the same key length and so don't work together. You will get the error.... No proposal chosen....

B. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length forhigher performance for setting up the tunnel.

C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length inphase 2 only costs performance and does not add security due to a shorter key in phase 1.

D. All is fine and can be used as is.



QUESTION 84Why are certificates preferred over pre-shared keys in an IPsec VPN?

A. Weak performancE. PSK takes more time to encrypt than Diffie-Hellman.B. Weak Security: PSK are static and can be brute-forced.C. Weak security: PSKs can only have 112 bit length.D. Weak scalability: PSKs need to be set on each and every Gateway.


Explanation/Reference:chosen answer is correct.

QUESTION 85What is a possible reason for the IKE failure shown in this screenshot?


A. Mismatch in VPN Domains.B. Mismatch in preshared secrets.C. Mismatch in Diffie-Hellman group.D. Mismatch in encryption schemes.



QUESTION 86When using an encryption algorithm, which is generally considered the best encryption method?

A. Triple DESB. AES-256C. CAST cipherD. DES



Explanation:


QUESTION 87Which do you configure to give remote access VPN users a local IP address?

A. Encryption domain poolB. NAT poolC. Office mode IP poolD. Authentication pool



QUESTION 88You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPNproperties, what can you conclude about this community?

Exhibit:


A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key SecurityGateway R77 supports.

B. Changing the setting Perform key exchange encryption with from AES-256 to 3DES will enhance theVPN Community's security , and reduce encryption overhead.

C. Change the data-integrity setting for this VPN Community because MD5 is incompatible with AES.D. Changing the setting Perform IPsec data encryption with from AES-128 to 3Des will increase the

encryption overhead.



QUESTION 89Certificates for Security Gateways are created during a simple initialization from _____________.

A. sysconfigB. The ICA management tool

C. SmartUpdateD. SmartDashboard



QUESTION 90Which of the below is the MOST correct process to reset SIC from SmartDashboard?

A. Run cpconfig, and click Reset.B. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new

activation key.C. Run cpconfig, and select Secure Internal Communication > Change One Time Password.D. Click Communication > Reset on the Gateway object, and type a new activation key.



QUESTION 91Real 81Checkpoint 156-215.77 ExamExhibit:

You installed Security Management Server on a computer using GAiA in the MegaCorp home office. Youuse IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which youplan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SICcertificates to the Gateway before shipping it?

A. 2, 3, 4, 1, 5B. 2, 1, 3, 4, 5C. 1, 3, 2, 4, 5D. 2, 3, 4, 5, 1



QUESTION 92

Although SIC was already established and running, Joe reset SIC between the Security ManagementServer and a remote Gateway. He set a new activation key on the Gateway's side with the commandcpconfig and put in the same activation key in the Gateway's object on the Security Management Server.Unfortunately, SIC can not be established. What is a possible reason for the problem?

A. The installed policy blocks the communication.B. The old Gateway object should have been deleted and recreated.C. Joe forgot to exit from cpconfig.D. Joe forgot to reboot the Gateway.


Explanation/Reference:right answer.

QUESTION 93Real 82Checkpoint 156-215.77 ExamYou want to reset SIC between smberlin and sgosaka.

In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, chooseSecure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC wassuccessfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, insteadof a working connection, you receive this error message:

What is the reason for this behavior?

A. The Gateway was not rebooted, which is necessary to change the SIC key.B. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose

Basic Setup > Initialize).C. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the

activation can not be typed in a matching fashion.Real 83Checkpoint 156-215.77 Exam



QUESTION 94John is the Security Administrator in his company. He installs a new R77 Security Management Server anda new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, hegets the following message in SmartDashboard -

"Trust established?

SIC still does not seem to work because the policy won't install and interface fetching does not work. Whatmight be a reason for this?

A. SIC does not function over the network.B. It always works when the trust is establishedC. The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid.D. This must be a human error.



QUESTION 95The SIC certificate is stored in the directory _______________.

A. $CPDIR/registryB. $CPDIR/confC. $FWDIR/databaseD. $FWDIR/conf



QUESTION 96Real 84Checkpoint 156-215.77 ExamYou run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policythat will be installed is the:

A. Standard policy.B. Initial policy.C. Last policy that was installed.D. Default filter.



QUESTION 97Exhibit:

Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What wouldbe the correct order of steps needed to perform this task?

A. 5, 1, 2, 4B. 5, 1, 4, 2C. 3, 1, 4, 2D. 2, 3, 1, 4


Explanation/Reference:good answer.

QUESTION 98What happens when you open the Gateway object window Trusted Communication and press and confirmReset?

Exhibit:


A. Sic will be reset on the Gateway only.B. The Gateway certificate will be revoked on the Gateway only.C. The Gateway certificate will be revoked on the Security Managment Server only.D. The Gateway certificate will be revoked on the Security Management Server and SIC will be reset on

the Gateway.



QUESTION 99Identity Awareness is implemented to manage access to protected resources based on a user's_____________.

A. Application requirementB. Computer MAC addressC. IdentityD. Time of connection



Real 86


QUESTION 100Which of the following allows administrators to allow or deny traffic to or from a specific network based onthe user's credentials?

A. Access PolicyB. Access RoleC. Access RuleD. Access Certificate



QUESTION 101John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to aset of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, thegateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

He has received a new laptop and wants to access the HR Web Server from anywhere in the organization.The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk.The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptopwith a static IP (10.0.0.19).

He wants to move around the organization and continue to have access to the HR Web Server. To makethis scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installsthe policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Serverfrom any machine and from any location and installs policy.

John plugged in his laptop to the network on a different network segment and was not able to connect tothe HR Web server. What is the next BEST troubleshooting step?

A. Investigate this as a network connectivity issueB. Install the Identity Awareness AgentC. Set static IP to DHCPD. After enabling Identity Awareness, reboot the gateway Real 87




QUESTION 102John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers todesignated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gatewaypolicy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The ITdepartment gave the laptop a static IP address, but that limits him to operating it only from his desk. Thecurrent Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. Hewants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs thepolicy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR WebServer from any machine and from any location.

John plugged in his laptop to the network on a different network segment and he is not able to connect.How does he solve this problem?

A. John should install the Identity Awareness AgentB. The firewall admin should install the Security PolicyC. John should lock and unlock the computerD. Investigate this as a network connectivity issue



QUESTION 103John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers todesignated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gatewaypolicy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

John received a laptop and wants to access the HR Web Server from anywhere in the

Real 88Checkpoint 156-215.77 Examorganization. The IT department gave the laptop a static IP address, but that limits him to operating it onlyfrom his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Serverfrom his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to haveaccess to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs thepolicy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR WebServer from any machine and from any location.

What should John do when he cannot access the web server from a different personal computer?

A. John should lock and unlock his computerB. Investigate this as a network connectivity issueC. The access should be changed to authenticate the user instead of the PCD. John should install the Identity Awareness Agent



QUESTION 104Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to

access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain,she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the CaptivePortal and then get the same access as on her office computer. Her access to resources is based on rulesin the R77 Firewall Rule Base.

To make this scenario work, the IT administrator must:

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.

2) In the Portal Settings window in the User Access section, make sure that Name and password login isselected.

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Selectaccept as the Action.

Ms. McHanry tries to access the resource but is unable. What should she do?

A. Have the security administrator select the Action field of the Firewall Rule "Redirect HTTP connectionsto an authentication (captive) portal?Real 89Checkpoint 156-215.77 Exam

B. Have the security administrator reboot the firewallC. Have the security administrator select Any for the Machines tab in the appropriate Access RoleD. Install the Identity Awareness agent on her iPad



Topic 3, Volume C

QUESTION 105When using LDAP as an authentication method for Identity Awareness, the query:

A. Requires client and server side software.B. Prompts the user to enter credentials.C. Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security

Gateway.D. Is transparent, requiring no client or server side software, or client intervention.


Explanation/Reference:exact answer is chosen.

QUESTION 106Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?

A. BridgeB. Load SharingC. High AvailabilityD. Fail Open



QUESTION 107What happens if the identity of a user is known?

A. If the user credentials do not match an Access Role, the traffic is automatically dropped.Real 90Checkpoint 156-215.77 Exam

B. If the user credentials do not match an Access Role, the system displays a sandbox.C. If the user credentials do not match an Access Role, the gateway moves onto the next rule.D. If the user credentials do not match an Access Role, the system displays the Captive Portal.




QUESTION 108What happens if the identity of a user is known?

A. If the user credentials do not match an Access Role, the system displays the Captive Portal.B. If the user credentials do not match an Access Role, the system displays a sandbox.C. If the user credentials do not match an Access Role, the traffic is automatically dropped.D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped

based on the defined action.



QUESTION 109Which rule position in the Rule Base should hold the Cleanup Rule? Why?

A. First. It explicitly accepts otherwise dropped traffic.B. Last. It explicitly drops otherwise accepted traffic.C. Last. It serves a logging function before the implicit drop.D. Before last followed by the Stealth Rule.



QUESTION 110Which item below in a Security Policy would be enforced first?

A. IP spoofing/IP optionsB. Security Policy First rule


C. Administrator-defined Rule BaseD. Network Address Translation


Explanation/Reference:appropriate answer is selected.

QUESTION 111When you hide a rule in a Rule Base, how can you then disable the rule?

A. Hidden rules are already effectively disabled from Security Gateway enforcement.B. Right-click on the hidden rule place-holder bar and select Disable Rule(s).C. Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable

Rule(s); re-hide the rule.D. Use the search utility in SmartDashboard to view all hidden rules. Select the relevant rule and click

Disable Rule(s).



QUESTION 112A Cleanup rule:

A. logs connections that would otherwise be dropped without logging by default.B. drops packets without logging connections that would otherwise be dropped and logged by default.C. logs connections that would otherwise be accepted without logging by default.D. drops packets without logging connections that would otherwise be accepted and logged by default.



QUESTION 113Which statement is TRUE about implicit rules?


A. You create them in SmartDashboard.B. The Gateway enforces implicit rules that enable outgoing packets only.C. Changes to the Security Gateway's default settings do not affect implicit rules.D. They are derived from Global Properties and explicit object properties.



QUESTION 114You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMPRequests implied rule have no effect?

A. LastB. After Stealth RuleC. FirstD. Before Last



QUESTION 115All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:

A. Exclusion of specific services for reporting purposes.B. Acceptance of IKE and RDP traffic for communication and encryption purposes.C. Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.D. Specific traffic that facilitates functionality, such as logging, management, and key exchange.



QUESTION 116In a distributed management environment, the administrator has removed all default check boxes from thePolicy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the SecurityManagement Server, an explicit rule must be created to allow the Security Gateway

Real 93Checkpoint 156-215.77 Examto communicate to the Security Management Server on port ______.

A. 259B. 900C. 256D. 257



QUESTION 117A Security Policy has several database versions. What configuration remains the same no matter whichversion is used?

A. Objects_5_0.CB. Internal Certificate Authority (ICA) certificateC. Rule Bases_5_0.fwsD. fwauth.NDB


Explanation/Reference:reliable answer.

QUESTION 118Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

A. Users being authenticated by Client Authentication have to re-authenticate.B. All connections are reset, so a policy install is recommended during announced downtime only.C. All FTP downloads are reset; users have to start their downloads again.D. Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security

Policy.



QUESTION 119In a distributed management environment, the administrator has removed the default check from AcceptControl Connections under the Policy > Global Properties > FireWall tab. In order for the SecurityManagement Server to install a policy to the Firewall, an explicit rule must be created to allow the server tocommunicate to the Security Gateway on port ______.

A. 259B. 900C. 256D. 80



QUESTION 120What is the purpose of a Stealth Rule?

A. To prevent users from connecting directly to the gateway.B. To permit management traffic.C. To drop all traffic to the management server that is not explicitly permitted.D. To permit implied rules.

Correct Answer: A

Section: (none)Explanation


QUESTION 121You review this Security Policy because Rule 4 is inhibited. Which Rule is responsible?

Exhibit:

A. No rule inhibits Rule 4.B. Rule 1C. Rule 2D. Rule 3




QUESTION 122Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selectingPackages > Distribute Only and choosing the target Gateway, the:

A. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gatewayand the installation IS performed.

B. selected package is copied from the Package Repository on the Security Management Server to theSecurity Gateway and the installation IS performed.

C. SmartUpdate wizard walks the Administrator through a distributed installation.D. selected package is copied from the Package Repository on the Security Management Server to the

Security Gateway but the installation IS NOT performed.

Correct Answer: D



QUESTION 123What physical machine must have access to the User Center public IP address when checking for newpackages with SmartUpdate?

A. A Security Gateway retrieving the new upgrade packageB. SmartUpdate installed Security Management Server PCC. SmartUpdate GUI PCD. SmartUpdate Repository SQL database Server



QUESTION 124What mechanism does a gateway configured with Identity Awareness and LDAP initially use tocommunicate with a Windows 2003 or 2008 server?

A. WMIB. CIFSC. RCPD. LDAP



QUESTION 125Which of the following items should be configured for the Security Management Server to authenticate viaLDAP?

A. Check Point PasswordB. Active Directory Server objectC. Windows logon passwordD. WMI object



QUESTION 126Which of the following items should be configured for the Security Management Server to authenticateusing LDAP?

A. Check Point PasswordB. WMI object

C. Domain Admin usernameD. Windows logon password



QUESTION 127Where does the security administrator activate Identity Awareness within SmartDashboard?

A. Gateway Object > General PropertiesB. Security Management Server > Identity AwarenessC. Policy > Global Properties > Identity AwarenessD. LDAP Server Object > General Properties



QUESTION 128To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

A. ActionB. SourceC. UserD. Track



QUESTION 129What command syntax would you use to see accounts the gateway suspects are service accounts?

A. pdp check_logB. pdp show serviceC. adlog check_accountsD. adlog a service_accounts



QUESTION 130What command syntax would you use to turn on PDP logging in a distributed environment?

A. pdp track=1

B. pdp tracker onC. pdp logging onD. pdp log=1



QUESTION 131Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

A. TACACSB. Captive PortalC. Check Point PasswordD. Windows password




QUESTION 132Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

A. Check Point PasswordB. TACACSC. LDAPD. Windows password



QUESTION 133What gives administrators more flexibility when configuring Captive Portal instead of LDAP query forIdentity Awareness authentication?

A. Captive Portal is more secure than standard LDAPB. Nothing, LDAP query is required when configuring Captive PortalC. Captive Portal works with both configured users and guestsD. Captive Portal is more transparent to the user



QUESTION 134How granular may an administrator filter an Access Role with identity awareness? Per:

A. Specific ICA CertificateB. AD UserC. Radius GroupD. Windows Domain




QUESTION 135Can you use Captive Portal with HTTPS?

A. No, it only works with FTPB. No, it only works with FTP and HTTPC. YesD. No, it only works with HTTP



QUESTION 136Which of the following is NOT defined by an Access Role object?

A. Source NetworkB. Source MachineC. Source UserD. Source Server


Explanation/Reference:genuine answer.

QUESTION 137In which Rule Base can you implement an Access Role?

A. DLPB. Mobile AccessC. IPSD. Firewall




QUESTION 138Access Role objects define users, machines, and network locations as:

A. Credentialed objectsB. Linked objectsC. One objectD. Separate objects



QUESTION 139Where do you verify that UserDirectory is enabled?

A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) forSecurity Gateways is checked

B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways ischecked

C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP)for Security Gateways is checked

D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for SecurityGateways is checked



QUESTION 140Which of the following statements is TRUE about management plug-ins?

A. A management plug-in interacts with a Security Management Server to provide new features andsupport for new products.

B. Installing a management plug-in is just like an upgrade process.C. Using a plug-in offers full central management only if special licensing is applied to specific features of

the plug-in.D. The plug-in is a package installed on the Security Gateway.



Explanation:

QUESTION 141You are installing a Security Management Server. Your security plan calls for three administrators for thisparticular server. How many can you create during installation?

A. OneB. Only one with full access and one with read-only accessC. As many as you wantD. Depends on the license installed on the Security Management Server



QUESTION 142During which step in the installation process is it necessary to note the fingerprint for first-time verification?

A. When configuring the Gateway in the WebUIB. When configuring the Security Management Server using cpconfigC. When establishing SIC between the Security Management Server and the GatewayD. When configuring the Security Gateway object in SmartDashboard



QUESTION 143How can you most quickly reset Secure Internal Communications (SIC) between a Security ManagementServer and Security Gateway?

A. From cpconfig on the Gateway, choose the Secure Internal Communication option and retype theactivation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitializeSecure Internal Communications (SIC).

B. Use SmartUpdate to retype the Security Gateway activation key. This will automatically sync SIC to boththe Security Management Server and Gateway.Real 108Checkpoint 156-215.77 Exam

C. From the Security Management Server's command line, type fw putkey -p <shared key> <IP Address ofSecurity Gateway>.

D. Run the command fwm sic_reset to reinitialize the Security Management Server Internal CertificateAuthority (ICA). Then retype the activation key on the Security Gateway from SmartDashboard.


Explanation/Reference:updated answer.

QUESTION 144How can you recreate the Security Administrator account, which was created during initial ManagementServer installation on GAiA?

A. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and deletethe Administrator Account portion of the file. You will be prompted to create a new account.

B. Type cpm -a, and provide the existing Administrator's account name. Reset the Security Administrator'spassword.

C. Launch cpconfig and delete the Administrator's account. Recreate the account with the same name.D. Launch SmartDashboard in the User Management screen, and delete the cpconfig administrator.



QUESTION 145The London Security Gateway Administrator has just installed the Security Gateway and ManagementServer. He has not changed any default settings. As he tries to configure the Gateway, he is unable toconnect.


Which troubleshooting suggestion will NOT help him?

A. Check if some intermediate network device has a wrong routing table entry, VLAN assignment, duplex-mismatch, or trunk issue.

B. Test the IP address assignment and routing settings of the Security Management Server, Gateway, andconsole client.

C. Verify the SIC initialization.D. Verify that the Rule Base explicitly allows management connections.



QUESTION 146You need to completely reboot the Operating System after making which of the following changes on theSecurity Gateway? (i.e. the command cprestart is not sufficient.)

1. Adding a hot-swappable NIC to the Operating System for the first time.

2. Uninstalling the R77 Power/UTM package.

3. Installing the R77 Power/UTM package.

4. Re-establishing SIC to the Security Management Server.

Real 110Checkpoint 156-215.77 Exam5. Doubling the maximum number of connections accepted by the Security Gateway.

A. 3 onlyB. 1, 2, 3, 4, and 5C. 2, 3 onlyD. 3, 4, and 5 only



QUESTION 147The Security Gateway is installed on GAiA R77 The default port for the Web User Interface is _______.

A. TCP 18211B. TCP 443C. TCP 4433D. TCP 257


Explanation/Reference:right choice of answer.

QUESTION 148Over the weekend, an Administrator without access to SmartDashboard installed a new R77 SecurityGateway using GAiA. You want to confirm communication between the Gateway and the ManagementServer by installing the Security Policy. What might prevent you from installing the Policy?

A. You have not established Secure Internal Communications (SIC) between the Security Gateway andManagement Server. You must initialize SIC on both the Security Gateway and the ManagementServer.

B. You first need to run the command fw unloadlocal on the new Security Gateway.C. You first need to initialize SIC in SmartUpdate.D. You have not established Secure Internal Communications (SIC) between the Security Gateway and

Management Server. You must initialize SIC on the Security Management Server.



Explanation:


QUESTION 149An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gatewayover the weekend. He e-mailed you the SIC activation key. You want to confirm communication betweenthe Security Gateway and the Management Server by installing the Policy. What might prevent you frominstalling the Policy?

A. An intermediate local Security Gateway does not allow a policy install through it to the remote newSecurity Gateway appliance. Resolve by running the command fw unloadlocal on the local SecurityGateway.

B. You first need to run the command fw unloadlocal on the R77 Security Gateway appliance in order toremove the restrictive default policy.

C. You first need to create a new Gateway object in SmartDashboard, establish SIC via theCommunication button, and define the Gateway's topology.

D. You have not established Secure Internal Communications (SIC) between the Security Gateway andManagement Server. You must initialize SIC on the Security Management Server.



QUESTION 150How can you reset the Security Administrator password that was created during initial SecurityManagement Server installation on GAiA?

A. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.B. As expert user Type fwm -a, and provide the existing administrator's account name. Reset the Security

Administrator's password.C. Type cpm -a, and provide the existing administrator's account name. Reset the Security Administrator's

password.D. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete

the Password portion of the file. Then log in to the account without a password. You will be prompted toassign a new password.




QUESTION 151You have configured SNX on the Security Gateway. The client connects to the Security Gateway and theuser enters the authentication credentials. What must happen after authentication that allows the client toconnect to the Security Gateway's VPN domain?

A. SNX modifies the routing table to forward VPN traffic to the Security Gateway.B. An office mode address must be obtained by the client.C. The SNX client application must be installed on the client.D. Active-X must be allowed on the client.



QUESTION 152The Tokyo Security Management Server Administrator cannot connect from his workstation in Osaka.

Which of the following lists the BEST sequence of steps to troubleshoot this issue?

A. Check for matching OS and product versions of the Security Management Server and the client. Then,ping the Gateways to verify connectivity. If successful, scan the log files for any denied managementpackets.

B. Verify basic network connectivity to the local Gateway, service provider, remote Gateway, remotenetwork and target machine. Then, test for firewall rules that deny management access to the target. Ifsuccessful, verify that pcosaka is a valid client IP address.

C. Check the allowed clients and users on the Security Management Server. If pcosaka and your useraccount are valid, check for network problems. If there are no network related issues, this is Real 113Checkpoint 156-215.77 Examlikely to be a problem with the server itself. Check for any patches and upgrades. If still unsuccessful,open a case with Technical Support.

D. Call Tokyo to check if they can ping the Security Management Server locally. If so, login to sgtokyo,verify management connectivity and Rule Base. If this looks okay, ask your provider if they have somefirewall rules that filters out your management traffic.



QUESTION 153Where is the fingerprint generated, based on the output display?

Exhibit:

A. SmartConsoleB. SmartUpdate


C. Security Management ServerD. SmartDashboard



QUESTION 154Match the following commands to their correct function. Each command has one function only listed.

Exhibit:

A. C1>F6; C2>F4; C3>F2; C4>F5B. C1>F2; C2>F1; C3>F6; C4>F4C. C1>F2; C2>F4; C3>F1; C4>F5D. C1>F4; C2>F6; C3>F3; C4>F2



QUESTION 155Which command displays the installed Security Gateway version?

A. fw printverB. fw verC. fw statD. cpstat -gw




QUESTION 156Which command line interface utility allows the administrator to verify the Security Policy name andtimestamp currently installed on a firewall module?

A. cpstat fwdB. fw verC. fw statD. fw ctl pstat



Explanation:

QUESTION 157Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot filestored to a TFTP server and backups of your Security Management Server. What is the correct procedurefor rebuilding the Gateway quickly?

A. Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gatewaycan communicate with the TFTP server. Revert to the stored snapshot image, and install the SecurityPolicy.

B. Run the command revert to restore the snapshot, establish SIC, and install the Policy.C. Run the command revert to restore the snapshot. Reinstall any necessary Check Point products.

Establish SIC and install the Policy.D. Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway

can communicate with the TFTP server. Reinstall any necessary Check Point products and previouslyapplied hotfixes. Revert to the stored snapshot image, and install the Policy.



QUESTION 158Which of the following statements accurately describes the command upgrade_export?


A. upgrade_export stores network-configuration data, objects, global properties, and the databaserevisions prior to upgrading the Security Management Server.

B. Used primarily when upgrading the Security Management Server, upgrade_export stores all objectdatabases and the /conf directories for importing to a newer Security Gateway version.

C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included orexcluded before exporting.

D. This command is no longer supported in GAiA.



QUESTION 159What are you required to do before running the command upgrade_export?

A. Run a cpstop on the Security Gateway.B. Run a cpstop on the Security Management Server.C. Close all GUI clients.D. Run cpconfig and set yourself up as a GUI client.



QUESTION 160

A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in/var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?

A. Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expertpassword and select [L] for a restore from a local file. Then, provide the correct file name.

B. As expert user, type the command snapshot -r MySnapshot.tgz.C. As expert user, type the command revert --file MySnapshot.tgz.D. As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file

name.




QUESTION 161What is the primary benefit of using the command upgrade_export over either backup or snapshot?

A. upgrade_export is operating system independent and can be used when backup or snapshot is notavailable.

B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backupand snapshot will not.

C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take amuch shorter amount of time.

D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup andsnapshot will not.



QUESTION 162What is the syntax for uninstalling a package using newpkg?

A. -u <pathname of package>B. -i <full pathname of package>C. -S <pathname of package>D. newpkg CANNOT be used to uninstall a package



QUESTION 163Your primary Security Gateway runs on GAiA. What is the easiest way to back up your Security GatewayR77 configuration, including routing and network configuration files?

A. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.B. Using the native GAiA backup utility from command line or in the Web based user interface.

C. Using the command upgrade_export.D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.



Explanation:

QUESTION 164You need to back up the routing, interface, and DNS configuration information from your R77 GAiA SecurityGateway. Which backup-and-restore solution do you use?

A. Manual copies of the directory $FWDIR/confB. GAiA back up utilitiesC. upgrade_export and upgrade_import commandsD. Database Revision Control



QUESTION 165You are running a R77 Security Gateway on GAiA. In case of a hardware failure, you have a server with theexact same hardware and firewall version installed. What back up method could be used to quickly put thesecondary firewall into production?

A. manual backupB. upgrade_exportC. backupD. snapshot


Explanation/Reference:best answer.

QUESTION 166Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administratorsuse the command backup. This creates a backup of the Check Point configuration as well as the systemconfiguration.

An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backupfile. There is a mistake in the very complex static routing configuration. The Check Point configuration hasnot been changed. Can the administrator use a restore to fix the errors in static routing?


A. The restore is not possible because the backup file does not have the same build number (version).B. The restore is done by selecting Snapshot Management from the boot menu of GAiA.

C. The restore can be done easily by the command restore and copying netconf.C from the productionenvironment.

D. A backup cannot be restored, because the binary files are missing.



QUESTION 167Which operating systems are supported by a Check Point Security Gateway on an open server? SelectMOST complete list.

A. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft WindowsB. Check Point GAiA and SecurePlatform, and Microsoft WindowsC. Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSOD. Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows



QUESTION 168You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back upthe Gateway should there be any problems with the upgrade. Which of the following allows for the Gatewayconfiguration to be completely backed up into a manageable size in the least amount of time?

A. database revisionB. snapshotC. upgrade_exportD. backup




QUESTION 169An advantage of using central instead of local licensing is:

A. A license can be taken from one Security Management Server and given to another SecurityManagement Server.

B. Only one IP address is used for all licenses.C. The license must be renewed when changing the IP address of a Security Gateway. Each module's

license has a unique IP address.D. Licenses are automatically attached to their respective Security Gateways.



QUESTION 170You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT dowith the upgrade tool?

A. Perform the actual license-upgrade processB. Simulate the license-upgrade processC. View the licenses in the SmartUpdate License RepositoryD. View the status of currently installed licenses



QUESTION 171If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?

A. The Administrator can only revert to a previously created snapshot (if there is one) with the commandcprinstall snapshot <object name> <filename>.

B. The Administrator must reinstall the last version via the command cprinstall revert <object name> <filename>.

C. The Administrator must remove the rpm packages manually, and re-attempt the upgrade.D. GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.




QUESTION 172Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?

A. SmartUpdate will start a new installation process if the machine is rebooted.B. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.C. It contains your security configuration, which could be exploited.D. It will conflict with any future upgrades when using SmartUpdate.


Explanation/Reference:sophisticated answer.

QUESTION 173Which of these components does NOT require a Security Gateway R77 license?

A. Security Management ServerB. Check Point Gateway

C. SmartConsoleD. SmartUpdate upgrading/patching



QUESTION 174If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and HeaderRejection, which Check Point license is required in SmartUpdate?

A. IPSB. SSL: VPNC. SmartEvent IntroD. Data Loss Prevention




QUESTION 175Central license management allows a Security Administrator to perform which of the following functions?

1. Check for expired licenses.

2. Sort licenses and view license properties.

3. Attach both R77 Central and Local licesnes to a remote module.

4. Delete both R77 Local Licenses and Central licenses from a remote module.

5. Add or remove a license to or from the license repository.

6. Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).

A. 1, 2, 5, & 6B. 2, 3, 4, & 5C. 2, 5, & 6D. 1, 2, 3, 4, & 5



QUESTION 176Which command gives an overview of your installed licenses?

A. cplicenseB. showlic

C. fw lic printD. cplic print



QUESTION 177Real 123Checkpoint 156-215.77 ExamWhere are SmartEvent licenses installed?

A. SmartEvent serverB. Log ServerC. Security Management ServerD. Security Gateway



QUESTION 178ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

A. Export setupB. DHCP Server configurationC. Time & DateD. GUI Clients



QUESTION 179Which of the following options is available with the GAiA cpconfig utility on a Management Server?

A. Export setupB. DHCP Server configurationC. GUI ClientsD. Time & Date


Explanation/Reference:accurate answer.

QUESTION 180Which command would provide the most comprehensive diagnostic information to Check Point TechnicalSupport?


A. fw cpinfoB. cpinfo -o date.cpinfo.txtC. diagD. cpstat - date.cpstat.txt



QUESTION 181Which of the following statements accurately describes the command snapshot?

A. snapshot creates a full OS-level backup, including network-interface data, Check Point productinformation, and configuration settings during an upgrade of a GAiA Security Gateway.

B. snapshot creates a Security Management Server full system-level backup on any OS.C. snapshot stores only the system-configuration settings on the Gateway.D. A Gateway snapshot includes configuration settings and Check Point product information from the

remote Security Management Server.



QUESTION 182How do you recover communications between your Security Management Server and Security Gateway ifyou lock yourself out through a rule or policy mis-configuration?

A. fw unload policyB. fw unloadlocalC. fw delete all.all@localhostD. fwm unloadlocal



QUESTION 183How can you check whether IP forwarding is enabled on an IP Security Appliance?


A. clish -c show routing active enableB. cat /proc/sys/net/ipv4/ip_forwardC. echo 1 > /proc/sys/net/ipv4/ip_forwardD. ipsofwd list



QUESTION 184Which command allows you to view the contents of an R77 table?

A. fw tab -a <tablename>B. fw tab -t <tablename>C. fw tab -s <tablename>D. fw tab -x <tablename>



QUESTION 185Which of the following tools is used to generate a Security Gateway R77 configuration report?

A. fw cpinfoB. infoCPC. cpinfoD. infoview


Explanation/Reference:best suitable answer.

QUESTION 186Which of the following is a CLI command for Security Gateway R77?

A. fw tab -uB. fw shutdown


C. fw mergeD. fwm policy_print <policyname>



QUESTION 187You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on aplatform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernetinterfaces. Which of the following commands can be used in CLISH to configure the speed and duplexsettings of an Ethernet interface and will survive a reboot? Give the BEST answer.

A. ethtoolB. set interface <options>C. mii_toolD. ifconfig -a



QUESTION 188Which command enables IP forwarding on IPSO?

A. ipsofwd on adminB. echo 0 > /proc/sys/net/ipv4/ip_forwardC. clish -c set routing active enableD. echo 1 > /proc/sys/net/ipv4/ip_forward



QUESTION 189Which of the following objects is a valid source in an authentication rule?


A. Host@AnyB. User@NetworkC. User_group@NetworkD. User@Any



QUESTION 190You find that Users are not prompted for authentication when they access their Web servers, even thoughyou have created an HTTP rule via User Authentication. Choose the BEST reason why.

A. You checked the cache password on desktop option in Global Properties.B. Another rule that accepts HTTP without authentication exists in the Rule Base.C. You have forgotten to place the User Authentication Rule before the Stealth Rule.D. Users must use the SecuRemote Client, to use the User Authentication Rule.



Explanation:

Topic 4, Volume D

QUESTION 191Which authentication type requires specifying a contact agent in the Rule Base?

A. Client Authentication with Partially Automatic Sign OnB. Client Authentication with Manual Sign OnC. User AuthenticationD. Session Authentication


Explanation/Reference:good choice of answer.

QUESTION 192What is the difference between Standard and Specific Sign On methods?


A. Standard Sign On allows the user to be automatically authorized for all services that the rule allows.Specific Sign On requires that the user re-authenticate for each service specifically defined in thewindow Specific Action Properties.

B. Standard Sign On allows the user to be automatically authorized for all services that the rule allows, butre-authenticate for each host to which he is trying to connect. Specific Sign On requires that the user re-authenticate for each service.

C. Standard Sign On allows the user to be automatically authorized for all services that the rule allows.Specific Sign On requires that the user re-authenticate for each service and each host to which he istrying to connect.

D. Standard Sign On requires the user to re-authenticate for each service and each host to which he istrying to connect. Specific Sign On allows the user to sign on only to a specific IP address.



QUESTION 193Which set of objects have an Authentication tab?

A. Templates, UsersB. Users, NetworksC. Users, User GroupsD. Networks, Hosts



QUESTION 194How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?

A. By using the Clear User Cache button in SmartDashboard.B. Usernames and passwords only clear from memory after they time out.C. By retrieving LDAP user information using the command fw fetchldap.D. By installing a Security Policy.




QUESTION 195Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to aClient Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?

A. External-user groupB. LDAP groupC. A group with a generic userD. All Users



QUESTION 196Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to usersfrom Mkting_net to Finance_net. But in the user's properties, connections are only permitted withinMkting_net. What is the BEST way to resolve this conflict?

A. Select Ignore Database in the Action Properties window.B. Permit access to Finance_net.C. Select Intersect with user database in the Action Properties window.D. Select Intersect with user database or Ignore Database in the Action Properties window.



QUESTION 197Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a SecurityGateway?

A. SmartView MonitorB. SmartUpdateC. SmartView StatusD. None, SmartConsole applications only communicate with the Security Management Server.

Correct Answer: A



QUESTION 198Which R77 GUI would you use to see the number of packets accepted since the last policy install?

A. SmartView MonitorB. SmartView TrackerC. SmartDashboardD. SmartView Status



QUESTION 199You are trying to save a custom log query in R77 SmartView Tracker, but getting the following error:

Could not save <query-name> (Error: Database is Read Only)

Real 140Checkpoint 156-215.77 ExamWhich of the following is a likely explanation for this?

A. Another administrator is currently connected to the Security Management Server with read/writepermissions which impacts your ability to save custom log queries to the Security Management Server.

B. You do not have OS write permissions on the local SmartView Tracker PC in order to save the customquery locally.

C. You have read-only rights to the Security Management Server database.D. You do not have the explicit right to save a custom query in your administrator permission profile under

SmartConsole customization.



QUESTION 200The R77 fw monitor utility is used to troubleshoot which of the following problems?

A. Traffic issuesB. Log Consolidation EngineC. User data base corruptionD. Phase two key negotiation



QUESTION 201You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is,you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.

A. In the SmartView Tracker, if you activate the column Matching Rate.B. In SmartReporter, in the section Firewall Blade - Activity > Network Activity with information concerning

Top Matched Logged Rules.C. SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis

with information concerning Top Matched Logged Rules.D. It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track

column. Afterwards, you need to create your own program with an external counter.Real 141Checkpoint 156-215.77 Exam


Explanation/Reference:fine answer.

QUESTION 202A company has disabled logging for some of the most commonly used Policy rules. This was to decreaseload on the Security Management Server and to make tracking dropped connections easier. What actionwould you recommend to get reliable statistics about the network traffic using SmartReporter?

A. SmartReporter analyzes all network traffic, logged or not.B. Network traffic cannot be analyzed when the Security Management Server has a high load.C. Turn the field Track of each rule to LOG.D. Configure Additional Logging on an additional log server.



QUESTION 203What is a Consolidation Policy?

A. The collective name of the Security Policy, Address Translation, and IPS Policies.B. The specific Policy written in SmartDashboard to configure which log data is stored in the

SmartReporter database.C. The collective name of the logs generated by SmartReporter.D. A global Policy used to share a common enforcement policy for multiple Security Gateways.



QUESTION 204Which feature in R77 permits blocking specific IP addresses for a specified time period?

A. Suspicious Activity MonitoringB. HTTP MethodsC. Local Interface Spoofing


D. Block Port Overflow



QUESTION 205You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in realtime and verify it is successfully blocked? Highlight the suspicious connection in SmartView Tracker:

A. Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspiciousconnection does not appear again in this SmartView Tracker view.

B. Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspiciousconnection is listed in this SmartView Tracker view as "dropped?.

C. Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that thesuspicious connection does not appear again in this SmartView Tracker view.

D. Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that thesuspicious connection is listed in this SmartView Tracker view as "dropped?.



QUESTION 206Your Security Gateways are running near performance capacity and will get upgraded hardware next week.Which of the following would be MOST effective for quickly dropping all connections from a specificattacker's IP at a peak time of day?

A. Intrusion Detection System (IDS) Policy installB. Change the Rule Base and install the Policy to all Security GatewaysC. SAM - Block Intruder feature of SmartView TrackerD. SAM - Suspicious Activity Rules feature of SmartView Monitor



QUESTION 207Real 143Checkpoint 156-215.77 ExamYour company enforces a strict change control policy. Which of the following would be MOST effective forquickly dropping an attacker's specific active connection?

A. Change the Rule Base and install the Policy to all Security GatewaysB. Block Intruder feature of SmartView TrackerC. Intrusion Detection System (IDS) Policy installD. SAM - Suspicious Activity Rules feature of SmartView Monitor

Correct Answer: B



QUESTION 208______________ is an R77 component that displays the number of packets accepted, rejected, anddropped on a specific Security Gateway, in real time.

A. SmartEventB. SmartView StatusC. SmartUpdateD. SmartView Monitor


Explanation/Reference:sorted answer is correct.

QUESTION 209You have just installed your Gateway and want to analyze the packet size distribution of your traffic withSmartView Monitor.


Unfortunately, you get the message.

"There are no machines that contain Firewall Blade and SmartView Monitor."


What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.

A. Purchase the SmartView Monitor license for your Security Management Server.B. Enable Monitoring on your Security Management Server.C. Purchase the SmartView Monitor license for your Security Gateway.D. Enable Monitoring on your Security Gateway.



QUESTION 210You want to configure a mail alert for every time the policy is installed to a specific Gateway.Where would you configure this alert?

A. In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard select GlobalProperties > Log and Alerts > Alert Commands.

B. In SmartDashboard, select Global Properties > Log and Alerts > Alert Commands.C. You cannot create a mail alert for Policy installation.


D. In SmartView Monitor, select Gateway > Configure Thresholds.



QUESTION 211Your boss wants you to closely monitor an employee suspected of transferring company secrets to thecompetition. The IT department discovered the suspect installed a WinSCP client in order to use encryptedcommunication. Which of the following methods is BEST to accomplish this task?

A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destinationport. Then, export the corresponding entries to a separate log file for documentation.

B. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those ofpotential targets and suspicious protocols. Apply the alert action or customized messaging.

C. Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Baseand his IP address for inbound and outbound traffic.

D. Send the suspect an email with a keylogging Trojan attached, to get direct information about hiswrongdoings.



QUESTION 212You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's RemoteAccess properties and install policy. What additional steps are required for this to function correctly?

A. You need to start SSL Network Extender first, then use Visitor Mode.B. Set Visitor Mode in Policy > Global Properties > Remote-Access > VPN - Advanced.C. Office mode is not configured.D. The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to

default port 443, because it's used by another program (WebUI). With multi-port no additional changesare necessary.




QUESTION 213With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypteddomain. But when your mobile users move outside of your company, they often cannot use SecureClientbecause they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?

A. Allow for unencrypted trafficB. Allow traffic outside the encrypted domainC. Enable Hot Spot/Hotel RegistrationD. Allow your users to turn off SecureClient


Explanation/Reference:actual answer.

QUESTION 214What statement is true regarding Visitor Mode?

A. VPN authentication and encrypted traffic are tunneled through port TCP 443.B. Only ESP traffic is tunneled through port TCP 443.C. Only Main mode and Quick mode traffic are tunneled on TCP port 443.

D. All VPN traffic is tunneled through UDP port 4500.



QUESTION 215When attempting to connect with SecureClient Mobile you get the following error message:

The certificate provided is invalid. Please provide the username and password.

What is the probable cause of the error?

A. Your user configuration does not have an office mode IP address so the connection failed.B. Your certificate is invalid.C. There is no connection to the server, and the client disconnected.D. Your user credentials are invalid.




QUESTION 216What port is used for communication to the User Center with SmartUpdate?

A. CPMI 200B. TCP 8080C. HTTP 80D. HTTPS 443


Explanation/Reference:proper answer.

QUESTION 217Message digests use which of the following?

A. DES and RC4B. IDEA and RC4C. SSL and MD4D. SHA-1 and MD5



QUESTION 218You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN withone of your firm's business partners. Which SmartConsole application should you use to confirm yoursuspicions?

A. SmartDashboardB. SmartUpdateC. SmartView StatusD. SmartView Tracker



QUESTION 219A digital signature:

A. Guarantees the authenticity and integrity of a message.B. Automatically exchanges shared keys.C. Decrypts data to its original form.D. Provides a secure key exchange mechanism over the Internet.



QUESTION 220For remote user authentication, which authentication scheme is NOT supported?

A. Check Point PasswordB. RADIUSC. TACACSD. SecurID




QUESTION 221Review the rules.

Assume domain UDP is enabled in the impled rules.

What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

A. can connect to the Internet successfully after being authenticated.B. is prompted three times before connecting to the Internet successfully.C. can go to the Internet after Telnetting to the client authentication daemon port 259.D. can go to the Internet, without being prompted for authentication.



QUESTION 222Study the Rule base and Client Authentication Action properties screen -


After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site,the user tries to FTP to another site using the command line. What happens to the user?

A. user is prompted for authentication by the Security Gateway again.B. FTP data connection is dropped after the user is authenticated successfully.C. user is prompted to authenticate from that FTP site only, and does not need to enter his username and

password for Client Authentication.D. FTP connection is dropped by Rule 2.


Explanation/Reference:Explanation: Manual Users must use either telnet to port 259 on the firewall, or use a Web browser toconnect to port 900 on the firewall to authenticate before being granted access.# Partially Automatic If user authentication is configured for the service the user is attempting to access andthey pass this authentication, then no further client authentication is required. For example, if HTTP ispermitted on a client authentication rule, the user will be able to transparently authenticate since FireWall-1has a security server for HTTP.Then, if this setting is chosen, users will not have to manually authenticatefor this connection. Note that this applies to all services for which FireWall-1 has built-in security servers(HTTP, FTP, telnet, and rlogin). # Fully Automatic If the client has the session authentication agentinstalled, then no further client authentication is required (see session authentication below). For HTTP,FTP, telnet, or rlogin, the firewall will authenticate via user authentication, and then session authenticationwill


be used to authenticate all other services.http://www.syngress.comFigure 6.19 Client Authentication Action Properties278 Chapter 6 · Authenticating Users# Agent Automatic Sign On Uses session authentication agent to provide transparent authentication (seesession authentication below). # Single Sign-On System Used in conjunction with UserAuthority servers toprovide enhanced application level security. Discussion of UserAuthority is beyond the scope of this book.

QUESTION 223One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the SecurityPolicy on the Gateway. All other remote Security Gateways are logging normally to the SecurityManagement Server, and Policy installation is not affected. When you click the Test SIC status button in theproblematic Gateway object, you receive an error message. What is the problem?

A. The remote Gateway's IP address has changed, which invalidates the SIC Certificate.B. The time on the Security Management Server's clock has changed, which invalidates the remote

Gateway's Certificate.C. The Internal Certificate Authority for the Security Management Server object has been removed from

objects_5_0.C.D. There is no connection between the Security Management Server and the remote Gateway.

Rules or routing may block the connection.



QUESTION 224A third-shift Security Administrator configured and installed a new Security Policy early this morning. Whenyou arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspectthe Security Gateway virtual memory might be the problem. Which SmartConsole component would you

use to verify this?

A. Eventia AnalyzerB. SmartView TrackerC. SmartView MonitorD. This information can only be viewed with the command fw ctl pstat from the CLI.



QUESTION 225You find a suspicious connection from a problematic host. You decide that you want to block everythingfrom that whole network, not just the problematic host. You want to block this for an hour while youinvestigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?

A. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.Real 138Checkpoint 156-215.77 Exam

B. Select Block intruder from the Tools menu in SmartView Tracker.C. Create a Suspicious Activity Rule in SmartView Monitor.D. Add a temporary rule using SmartDashboard and select hide rule.



QUESTION 226In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. Whatcan you do to keep old log files, when free space falls below 45 MB?

A. Do nothing. Old logs are deleted, until free space is restored.B. Use the command fwm logexport to export the old log files to another location.C. Configure a script to run fw logswitch and SCP the output file to a separate file server.D. Do nothing. The Security Management Server automatically copies old logs to a backup server before

purging.


Explanation/Reference:right choice of answer.

QUESTION 227How do you configure an alert in SmartView Monitor?

A. An alert cannot be configured in SmartView Monitor.B. By choosing the Gateway, and Configure Thresholds.C. By right-clicking on the Gateway, and selecting Properties.D. By right-clicking on the Gateway, and selecting System Information.

Correct Answer: B



QUESTION 228True or FalsE. SmartView Monitor can be used to create alerts on a specified Gateway.

A. True, by right-clicking on the Gateway and selecting Configure Thresholds.Real 139Checkpoint 156-215.77 Exam

B. True, by choosing the Gateway and selecting System Information.C. False, an alert cannot be created for a specified Gateway.D. False, alerts can only be set in SmartDashboard Global Properties.



QUESTION 229Users with Identity Awareness Agent installed on their machines login with __________, so that when theuser logs into the domain, that information is also used to meet Identity Awareness credential requests.

A. Key-loggingB. ICA CertificatesC. SecureClientD. Single Sign-On



QUESTION 230Which of the following methods is NOT used by Identity Awareness to catalog identities?

A. AD QueryB. Captive PortalC. Identity AgentD. GPO




QUESTION 231How many packets does the IKE exchange use for Phase 1 Main Mode?

A. 12

B. 1C. 3D. 6



QUESTION 232How many packets are required for IKE Phase 2?

A. 12B. 2C. 6D. 3




QUESTION 233Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

Exhibit:

A. This is an example of Hide NAT.B. There is not enough information provided in the Wireshark capture to determine the NAT settings.C. This is an example of Static NAT and Translate destination on client side unchecked in Global

Properties.D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.



QUESTION 234Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:

A. IP addresses.B. SIC is not NAT-tolerant.C. SIC names.D. MAC addresses.



QUESTION 235Which answers are TRUE? Automatic Static NAT CANNOT be used when:

1) NAT decision is based on the destination port.

2) Both Source and Destination IP's have to be translated.

3) The NAT rule should only be installed on a dedicated Gateway.

4) NAT should be performed on the server side.

A. 1 and 2B. 2 and 4C. 1, 3, and 4D. 2 and 3



QUESTION 236After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspectionpoints, but not in the O inspection point. Which is the likely source of the issue?

A. The packet has been sent out through a VPN tunnel unencrypted.B. An IPSO ACL has blocked the packet's outbound passage.C. A SmartDefense module has blocked the packet.D. It is due to NAT.




QUESTION 237Charles requests a Website while using a computer not in the net_singapore network. What is TRUE abouthis location restriction?

Exhibit:


A. Source setting in Source column always takes precedence.B. Source setting in User Properties always takes precedence.C. As location restrictions add up, he would be allowed from net_singapore and net_sydney.D. It depends on how the User Auth object is configured; whether User Properties or Source Restriction

takes precedence.



QUESTION 238What is the purpose of an Identity Agent?

A. Provide user and machine identity to a gatewayB. Manual entry of user credentials for LDAP authenticationC. Audit a user's access, and send that data to a log serverD. Disable Single Sign On




QUESTION 239The Captive Portal tool:

A. Acquires identities from unidentified users.B. Is only used for guest user authentication.C. Allows access to users already identified.D. Is deployed from the Identity Awareness page in the Global Properties settings.


Explanation/Reference:answer is appropriate.

QUESTION 240Captive Portal is a __________ that allows the gateway to request login information from the user.

A. Pre-configured and customizable web-based toolB. Transparent network inspection toolC. LDAP server add-onD. Separately licensed feature



Explanation:


QUESTION 241When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP(gateway)?

Exhibit:

A. (6) Delete all IPsec SAs for a given User (Client)B. (5) Delete all IPsec SAs for a given peer (GW)C. (8) Delete all IPsec+IKE SAs for a given User (Client)D. Delete all IPsec+IKE SAs for a given peer (GW)



QUESTION 242What information is found in the SmartView Tracker Management log?

A. SIC revoke certificate eventB. Destination IP addressC. Most accessed Rule Base ruleD. Number of concurrent IKE negotiations





A. Historical reports logB. Policy rule modification date/time stamp

C. Destination IP addressD. Most accessed Rule Base rule




A. Creation of an administrator using cpconfigB. GAiA expert login eventC. FTP username authentication failureD. Administrator SmartDashboard logout event



QUESTION 245How do you use SmartView Monitor to compile traffic statistics for your company's Internet Web activityduring production hours?

A. Select Tunnels view, and generate a report on the statistics.B. Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the

Gateway.C. Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the

day.D. View total packets passed through the Security Gateway.



Explanation:

QUESTION 246What happens when you run the command. fw sam -J src [Source IP Address]?

A. Connections from the specified source are blocked without the need to change the Security Policy.B. Connections to the specified target are blocked without the need to change the Security Policy.C. Connections to and from the specified target are blocked without the need to change the Security

Policy.D. Connections to and from the specified target are blocked with the need to change the Security Policy.



Explanation:

QUESTION 247An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sentthrough your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG.Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logsfor GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).

Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the1-minute interval.

If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.

Which of the following is the BEST explanation for this behavior?

A. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit sincecertain types of traffic can only be tracked this way.

B. The log unification process is using a LUUID (Log Unification Unique Identification) that has becomecorrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions.This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol forencapsulation.

C. The Log Server log unification process unifies all log entries from the Security Gateway on a specificconnection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute sessiontimeout, thus each keep-alive packet is considered part of the original logged connection Real 135Checkpoint 156-215.77 Examat the beginning of the day.

D. The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPNconfiguration to the partner site to enable proper logging.



QUESTION 248Which port must be allowed to pass through enforcement points in order to allow packet logging to operatecorrectly?

A. 514B. 257C. 256D. 258


Explanation/Reference:perfect answer.

QUESTION 249You are the Security Administrator for MegaCorp and would like to view network activity usingSmartReporter. You select a standard predefined report. As you can see here, you can select the londonGateway.


When you attempt to configure the Express Report, you are unable to select this Gateway.

What is the reason for this behavior? Give the BEST answer.

A. You must enable the Eventia Express Mode on the london Gateway.B. You have the license for Eventia Reporter in Standard mode only.C. You must enable the Express Mode inside Eventia Reporter.

D. You must enable Monitoring in the london Gateway object's General Properties.Real 137Checkpoint 156-215.77 Exam



QUESTION 250In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?

A. Rule 0B. Blank field under Rule NumberC. Rule 1D. Cleanup Rule



QUESTION 251After implementing Static Address Translation to allow Internet traffic to an internal Web Server on yourDMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofingprotections. Which of the following is the MOST LIKELY cause?

A. The Global Properties setting Translate destination on client side is unchecked. But the topology on theDMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties settingTranslate destination on client side.

B. The Global Properties setting Translate destination on client side is unchecked. But the topology on theexternal interface is set to Others +. Change topology to External.

C. The Global Properties setting Translate destination on client side is checked. But the topology on theexternal interface is set to External. Change topology to Others +.

D. The Global Properties setting Translate destination on client side is checked. But the topology on theDMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Propertiessetting Translate destination on client side.



QUESTION 252Which NAT option applicable for Automatic NAT applies to Manual NAT as well?

A. Allow bi-directional NATB. Automatic ARP configurationC. Translate destination on client-sideD. Enable IP Pool NAT




QUESTION 253Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have asmall network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate thesource address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTPservices. Which of the following configurations will allow this network to access the Internet?

A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.B. Configure Automatic Static NAT on network 10.10.20.0/24.C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT

Rule Base on the automatic rule.



QUESTION 254You have three servers located in a DMZ, using private IP addresses. You want internal users from10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured forHide NAT behind the Security Gateway's external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ

Real 25Checkpoint 156-215.77 Examservers' public IP addresses?

A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind theSecurity Gateway DMZ interface.

B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate theDMZ servers.

C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.

D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ's interface.



QUESTION 255An internal host initiates a session to the Google.com website and is set for Hide NAT behind the SecurityGateway. The initiating traffic is an example of __________.

A. client side NATB. source NATC. destination NATD. None of these



QUESTION 256A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway.With the default settings in place for NAT, the initiating packet will translate the _________.

A. destination on server sideB. source on server sideC. source on client sideD. destination on client side




QUESTION 257A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checkedin the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is arule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

A. Automatic ARP must be unchecked in the Global Properties.B. Nothing else must be configured.C. A static route must be added on the Security Gateway to the internal host.D. A static route for the NAT IP must be added to the Gateway's upstream router.


Explanation/Reference:answer is updated.

QUESTION 258You are a Security Administrator who has installed Security Gateway R77 on your network. You need toallow a specific IP address range for a partner site to access your intranet Web server. To limit the partner'saccess for HTTP and FTP only, you did the following:

1) Created manual Static NAT rules for the Web server.

2) Cleared the following settings in the Global Properties > Network Address Translation screen:

- Allow bi-directional NAT

- Translate destination on client side

Do the above settings limit the partner's access?

A. Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that theGateway translates the traffic after accepting the packet.

B. No. The first setting is not applicable. The second setting will reduce performance.C. Yes. Both of these settings are only applicable to automatic NAT rules.D. No. The first setting is only applicable to automatic NAT rules. The second setting will force translation

by the kernel on the interface nearest to the client.




QUESTION 259You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5,which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)

When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACKpacket translated from 216.216.216.5 back into 10.10.10.5?

A. o=outbound kernel, before the virtual machineB. I=inbound kernel, after the virtual machineC. O=outbound kernel, after the virtual machineD. i=inbound kernel, before the virtual machine



QUESTION 260You have configured Automatic Static NAT on an internal host-node object. You clear the box Translatedestination on client site from Global Properties > NAT. Assuming all other NAT settings in GlobalProperties are selected, what else must be configured so that a host on the Internet can initiate an inboundconnection to this host?

A. No extra configuration is needed.B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security

Gateway's external interface.

C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's

internal interface.


Explanation/Reference:answer is verified.

QUESTION 261Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?

A. fw ctl get string active_secpolB. fw statC. cpstat fw -f policyD. Check the Security Policy name of the appropriate Gateway in SmartView Monitor.



QUESTION 262Exhibit:


Of the following, what parameters will not be preserved when using Database Revision Control?

A. 2, 4, 7, 10, 11B. 3, 4, 5, 6, 9, 12, 13

C. 5, 6, 9, 12, 13D. 1, 2, 8, 10, 11



QUESTION 263You are about to test some rule and object changes suggested in an R77 news group. Which backupsolution should you use to ensure the easiest restoration of your Security Policy to its previous configurationafter testing the changes?

A. Manual copies of the directory $FWDIR/confB. upgrade_export commandC. Database Revision Control


D. GAiA backup utilities



QUESTION 264Exhibit:

You plan to create a backup of the rules, objects, policies, and global properties from an R77 SecurityManagement Server. Which of the following backup and restore solutions can you use?

A. 2, 4, and 5B. 1, 2, 3, 4, and 5C. 1, 2, and 3D. 1, 3, and 4


Explanation/Reference:updated answer.

QUESTION 265Which R77 feature or command allows Security Administrators to revert to earlier Security Policy versionswithout changing object configurations?

A. upgrade_export/upgrade_importB. fwm dbexport/fwm dbimportC. Database Revision Control


D. Policy Package management



QUESTION 266What must a Security Administrator do to comply with a management requirement to log all traffic acceptedthrough the perimeter Security Gateway?

A. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules markedas None in the Track column). Send these logs to a secondary log server for a complete logging history.Use your normal log server for standard logging for troubleshooting.

B. Install the View Implicit Rules package using SmartUpdate.C. Define two log servers on the R77 Gateway object. Enable Log Implied Rules on the first log server.

Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log serverrecords into the same database for HIPPA log audits.

D. Check the Log Implied Rules Globally box on the R77 Gateway object.



QUESTION 267The third-shift Administrator was updating Security Management Server access settings in GlobalProperties. He managed to lock all administrators out of their accounts. How should you unlock theseaccounts?

A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.B. Reinstall the Security Management Server and restore using upgrade_import.C. Type fwm lock_admin -ua from the Security Management Server command line.D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator

object and select unlock.



QUESTION 268Several Security Policies can be used for different installation targets. The Firewall protecting HumanResources' servers should have its own Policy Package. These rules must be installed on this machine andnot on the Internet Firewall. How can this be accomplished?

A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall aredefined by the selection in the Rule Base row Install On.

B. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is

shown in the list of possible installation targets after selecting Policy > Install on Target.C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall

via Specific Targets.D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the

appropriate target directly after selecting Policy > Install on Target.Real 14Checkpoint 156-215.77 Exam



QUESTION 269Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the SecurityManagement Server to run fw logswitch automatically every 48 hours. How do you create this schedule?

A. On a GAiA Security Management Server, this can only be accomplished by configuring the command fwlogswitch via the cron utility.

B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Serverobject's Logs and Masters window, enable Schedule log switch, and select the Time object.

C. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs andMasters window, enable Schedule log switch, and select the Time object.

D. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties >Logs and Masters window, to schedule a logswitch.



QUESTION 270Which of the following commands can provide the most complete restoration of a R77 configuration?

A. upgrade_importB. cpinfo -recoverC. cpconfigD. fwm dbimport -p <export file>



QUESTION 271When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

A. SIC CertificatesB. LicensesC. Route tablesD. Global properties

Correct Answer: CSection: (none)

Explanation

Explanation/Reference:appropriate answer.

QUESTION 272Real 16Checkpoint 156-215.77 ExamYour organization's disaster recovery plan needs an update to the backup and restore section to reap thenew distributed R77 installation benefits. Your plan must meet the following required and desiredobjectives:

Required ObjectivE. The Security Policy repository must be backed up no less frequently than every 24hours.

Desired ObjectivE. The R77 components that enforce the Security Policies should be backed up at leastonce a week.

Desired ObjectivE. Back up R77 logs at least once a week.

Your disaster recovery plan is as follows:

- Use the cron utility to run the command upgrade_export each night on the Security Management Servers.

- Configure the organization's routine back up software to back up the files created by the commandupgrade_export.

- Configure the GAiA back up utility to back up the Security Gateways every Saturday night.

- Use the cron utility to run the command upgrade_export each Saturday night on the log servers.

- Configure an automatic, nightly logswitch.

- Configure the organization's routine back up software to back up the switched logs every night.

Upon evaluation, your plan:

A. Meets the required objective and only one desired objective.B. Meets the required objective but does not meet either desired objective.C. Does not meet the required objective.D. Meets the required objective and both desired objectives.



QUESTION 273Your company is running Security Management Server R77 on GAiA, which has been migrated througheach version starting from Check Point 4.1. How do you add a new administrator account?


A. Using SmartDashboard, under Users, select Add New AdministratorB. Using SmartDashboard or cpconfigC. Using the Web console on GAiA under Product configuration, select AdministratorsD. Using cpconfig on the Security Management Server, choose Administrators

Correct Answer: A




Documents

Checkpoint.Selftestengine.156-215.77.v2015-04 … · Checkpoint 156-215.77 Exam. C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address