CheckPoint 156-915.77 Free Practice Questions

NEW QUESTION 1
CORRECT TEXT
Fill in the blanks. To view the number of concurrent connections going through core 0 on the firewall, you would use the command and syntax _____.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

• A. SIC Certificates
• B. Licenses
• C. Route tables
• D. Global properties

Answer: C

NEW QUESTION 3

What are you required to do before running the command upgrade_export?

• A. Run a cpstop on the Security Gateway.
• B. Run a cpstop on the Security Management Server.
• C. Close all GUI clients.
• D. Run cpconfig and set yourself up as a GUI client.

Answer: C

NEW QUESTION 4

What type of traffic can be re-directed to the Captive Portal?

• A. SMTP
• B. HTTP
• C. All of the above
• D. FTP

Answer: B

NEW QUESTION 5
CORRECT TEXT
Fill in the blank.

In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member’s IP address?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 6
CORRECT TEXT
Fill in the blank. To verify SecureXL statistics, you would use the command .

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

Which of the following CLISH commands would you use to set the admin user's shell to bash?

• A. set user admin shell bash
• B. set user admin shell /bin/bash
• C. set user admin shell = /bin/bash
• D. set user admin /bin/bash

Answer: B

NEW QUESTION 8

MegaCorp is running Smartcenter R70, some Gateways at R65 and some other Gateways with R60. Management wants to upgrade to the most comprehensive IPv6 support. What should the administrator do first?

• A. Upgrade Smartcenter to R77 first.
• B. Upgrade R60-Gateways to R65.
• C. Upgrade every unit directly to R77.
• D. Check the ReleaseNotes to verify that every step is supported.

Answer: D

NEW QUESTION 9

Paul has just joined the MegaCorp security administration team. Natalie, the administrator, creates a new administrator account for Paul in SmartDashboard and installs the policy. When Paul tries to login it fails. How can Natalie verify whether Paul’s IP address is predefined on the security management server?

• A. Login to Smart Dashboard, access Properties of the SMS, and verify whether Paul’s IP address is listed.
• B. Type cpconfig on the Management Server and select the option “GUI client List” to see if Paul’s IP address is listed.
• C. Login in to Smart Dashboard, access Global Properties, and select Security Management, to verify whether Paul’s IP address is listed.
• D. Access the WEBUI on the Security Gateway, and verify whether Paul’s IP address is listed as a GUI client.

Answer: B

NEW QUESTION 10

Which file defines the fields for each object used in the file objects.C (color, num/string, default value…)?

• A. $FWDIR/conf/classes.C
• B. $FWDIR/conf/scheam.C
• C. $FWDIR/conf/fields.C
• D. $FWDIR/conf/table.C

Answer: A

NEW QUESTION 11

How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?

• A. Change the gateway settings to allow Captive Portal access via an external interface.
• B. No action is necessar
• C. This access is available by default.
• D. Change the Identity Awareness settings under Global Properties to allow Captive Portal access on all interfaces.
• E. Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an external interface.

Answer: A

NEW QUESTION 12
Reboot the gateway.

• A.

Answer: B

NEW QUESTION 13

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of .

• A. client side NAT
• B. source NAT
• C. destination NAT
• D. None of these

Answer: B

NEW QUESTION 14

Which of the following commands can provide the most complete restoration of a R77 configuration?

• A. upgrade_import
• B. cpinfo -recover
• C. cpconfig
• D. fwm dbimport -p

Answer: A

NEW QUESTION 15

How can you check whether IP forwarding is enabled on an IP Security Appliance?

• A. clish -c show routing active enable
• B. cat /proc/sys/net/ipv4/ip_forward
• C. echo 1 > /proc/sys/net/ipv4/ip_forward
• D. ipsofwd list

Answer: D

NEW QUESTION 16

ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

• A. Export setup
• B. DHCP Server configuration
• C. Time & Date
• D. GUI Clients

Answer: D

NEW QUESTION 17

Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti- spoofing settings. What is causing this?

• A. Manual NAT rules are not configured correctly.
• B. Allow bi-directional NAT is not checked in Global Properties.
• C. Routing is not configured correctly.
• D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.

Answer: D

NEW QUESTION 18

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

• A. Are used for securing internal network communications between the SmartDashboard and the Security Management Server.
• B. For R75 Security Gateways are created during the Security Management Server installation.
• C. Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.
• D. Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.

Answer: D

NEW QUESTION 19

Looking at the SYN packets in the Wireshark output, select the statement that is true about
NAT.

• A. This is an example of Hide NAT.
• B. There is not enough information provided in the Wireshark capture to determine the NAT settings.
• C. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
• D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Answer: D

NEW QUESTION 20

Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user’s properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?

• A. Select Ignore Database in the Action Properties window.
• B. Permit access to Finance_net.
• C. Select Intersect with user database in the Action Properties window.
• D. Select Intersect with user database or Ignore Database in the Action Properties window.

Answer: D

NEW QUESTION 21
......