156-215.77 Premium Bundle

156-215.77 Premium Bundle

Check Point Certified Security Administrator – GAiA Certification Exam

4.5 
(28980 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 10, 2024Last update

Check-Point 156-215.77 Free Practice Questions

Q1. - (Topic 3) 

Which rule is responsible for the installation failure? 

A. Rule 3 

B. Rule 4 

C. Rule 5 

D. Rule 6 

Answer:

Q2. - (Topic 2) 

To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this? 

A. This cannot be configured since two selections (Service, Action) are not possible. 

B. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the Security Management Server cpinfo file. 

C. In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. "HTTP_SSH") and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND. 

D. In SmartDashboard, right-click in the column field Service > Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here. 

Answer:

Q3. - (Topic 3) 

An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install). 

Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval. 

If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute. 

Which of the following is the BEST explanation for this behavior? 

A. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day. 

B. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R75 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation. 

C. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way. 

D. The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging. 

Answer:

Q4. - (Topic 2) 

A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block? 

A. A Stealth Rule has been configured for the R77 Gateway. 

B. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway. 

C. The Security Policy installed to the Gateway had no rules in it. 

D. The Allow Control Connections setting in Policy > Global Properties has been unchecked. 

Answer:

Q5. - (Topic 3) 

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base. 

To make this scenario work, the IT administrator must: 

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources. 

2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected. 

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action. 

Ms. McHanry tries to access the resource but is unable. What should she do? 

A. Have the security administrator select the Action field of the Firewall Rule "Redirect HTTP connections to an authentication (captive) portal" 

B. Install the Identity Awareness agent on her iPad 

C. Have the security administrator reboot the firewall 

D. Have the security administrator select Any for the Machines tab in the appropriate Access Role 

Answer:

Q6. - (Topic 2) 

You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect? 

A. After Stealth Rule 

B. First 

C. Before Last 

D. Last 

Answer:

Q7. - (Topic 3) 

Select the TRUE statements about the Rule Base shown? 

1) HTTP traffic from webrome to websingapore will be encrypted. 2) HTTP traffic from websingapore to webrome will be encrypted. 3) HTTP traffic from webrome to websingapore will be authenticated. 4) HTTP traffic from websingapore to webrome will be blocked. 

A. 1, 2, and 3 

B. 2 and 3 

C. 3 and 4 

D. 3 only 

Answer:

Q8. - (Topic 3) 

Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of: 

A. Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters. 

B. Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite. 

C. Two star communities and one mesh: A star community for each city with headquarters as center, and branches as satellites. Then one mesh community for the two headquarters. 

D. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the “mesh center Gateways? option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window. 

Answer:

Q9. - (Topic 3) 

Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)? 

A. vpn tu 

B. vpn ipsec 

C. vpn debug ipsec 

D. fw ipsec tu 

Answer:

Q10. - (Topic 1) 

Tom has been tasked to install Check Point R77 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does not include a SmartConsole machine in his calculations? 

A. Three machines 

B. One machine 

C. One machine, but it needs to be installed using SecurePlatform for compatibility purposes 

D. Two machines 

Answer:

Q11. - (Topic 2) 

Which of the following is a viable consideration when determining Rule Base order? 

A. Adding SAM rules at the top of the Rule Base 

B. Placing frequently accessed rules before less frequently accessed rules 

C. Grouping rules by date of creation 

D. Grouping IPS rules with dynamic drop rules 

Answer:

Q12. - (Topic 3) 

In which Rule Base can you implement an Access Role? 

A. DLP 

B. Mobile Access 

C. IPS 

D. Firewall 

Answer:

Q13. - (Topic 3) 

What is a possible reason for the IKE failure shown in this screenshot? 

A. Mismatch in preshared secrets. 

B. Mismatch in Diffie-Hellman group. 

C. Mismatch in VPN Domains. 

D. Mismatch in encryption schemes. 

Answer:

Q14. - (Topic 3) 

True or False? SmartView Monitor can be used to create alerts on a specified Gateway. 

A. False, alerts can only be set in SmartDashboard Global Properties. 

B. True, by choosing the Gateway and selecting System Information. 

C. False, an alert cannot be created for a specified Gateway. 

D. True, by right-clicking on the Gateway and selecting Configure Thresholds. 

Answer:

Q15. - (Topic 3) 

Reviewing the Rule Base, 

you see that ________ is responsible for the installation failure. A. Rule 4 

B. Rule 5 

C. Rule 7 

D. Rule 8 

Answer:

START 156-215.77 EXAM