Want to know Ucertify 156-215.77 Exam practice test features? Want to lear more about Check Point Check Point Certified Security Administrator – GAiA certification experience? Study Accurate Check Point 156-215.77 answers to Renovate 156-215.77 questions at Ucertify. Gat a success with an absolute guarantee to pass Check Point 156-215.77 (Check Point Certified Security Administrator – GAiA) test on your first attempt.
2021 Nov 156-215.77 pdf:
Q211. - (Topic 3)
Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?
A. Intrusion Detection System (IDS) Policy install
B. SAM - Suspicious Activity Rules feature of SmartView Monitor
C. Block Intruder feature of SmartView Tracker
D. Change the Rule Base and install the Policy to all Security Gateways
Q212. - (Topic 3)
What is the difference between Standard and Specific Sign On methods?
A. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect.
B. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service specifically defined in the window Specific Action Properties.
C. Standard Sign On requires the user to re-authenticate for each service and each host to which he is trying to connect. Specific Sign On allows the user to sign on only to a specific IP address.
D. Standard Sign On allows the user to be automatically authorized for all services that the rule allows, but re-authenticate for each host to which he is trying to connect. Specific Sign On requires that the user re-authenticate for each service.
Q213. - (Topic 2)
You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?
A. After Stealth Rule
C. Before Last
Q214. - (Topic 2)
Your perimeter Security Gateway's external IP is 22.214.171.124. Your network diagram shows:
RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 126.96.36.199.
The local network 192.168.1.0/24 needs to use 188.8.131.52 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter
184.108.40.206 as the hiding IP address. Add an ARP entry for 220.127.116.11 for the MAC address of 18.104.22.168.
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 22.214.171.124 as hiding IP address. Add an ARP entry for
126.96.36.199 for the MAC address of 188.8.131.52.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address
184.108.40.206. Add an ARP entry for 220.127.116.11 for the MAC address of
D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source -group object; Destination - any; Service - any; Translated source - 18.104.22.168; Destination - original; Service - original.
Q215. - (Topic 3)
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:
A. SmartUpdate wizard walks the Administrator through a distributed installation.
B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
C. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
D. selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.
Abreast of the times certified security administrator:
Q216. - (Topic 2)
NAT can NOT be configured on which of the following objects?
B. HTTP Logical Server
C. Address Range
Q217. - (Topic 1)
You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in Expert Mode to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.
C. ifconfig -a
Q218. - (Topic 3)
You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?
Q219. - (Topic 1)
You want to reset SIC between smberlin and sgosaka.
In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:
What is the reason for this behavior?
A. The Gateway was not rebooted, which is necessary to change the SIC key.
B. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
C. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.
Q220. - (Topic 3)
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
A. John should lock and unlock his computer
B. John should install the Identity Awareness Agent
C. Investigate this as a network connectivity issue
D. The access should be changed to authenticate the user instead of the PC
see more 156-215.77 dumps