Master the ccsa 156 215.77 Check Point Certified Security Administrator – GAiA content and be ready for exam day success quickly with this Ucertify ccsa 156 215.77 torrent. We guarantee it!We make it a reality and give you real exam 156 215.77 questions in our Check Point exam 156 215.77 braindumps.Latest 100% VALID Check Point ccsa 156 215.77 Exam Questions Dumps at below page. You can use our Check Point 156 215.77 pdf braindumps and pass your exam.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Check Point 156-215.77 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 156-215.77 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/156-215.77-exam-dumps.html
Q31. - (Topic 2)
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
A. Allow bi-directional NAT is not checked in Global Properties.
B. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.
C. Manual NAT rules are not configured correctly.
D. Routing is not configured correctly.
Answer: B
Q32. - (Topic 2)
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.
A. source on client side
B. source on server side
C. destination on client side
D. destination on server side
Answer: C
Q33. - (Topic 1)
When launching SmartDashboard, what information is required to log into R77?
A. User Name, Management Server IP, certificate fingerprint file
B. User Name, Password, Management Server IP
C. Password, Management Server IP
D. Password, Management Server IP, LDAP Server IP
Answer: B
Q34. - (Topic 1)
What is the primary benefit of using the command upgrade_export over either backup or snapshot?
A. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
C. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.
D. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
Answer: D
Q35. - (Topic 3)
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.
Which of the following is the BEST explanation for this behavior?
A. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
B. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R75 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation.
C. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
D. The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.
Answer: A
Q36. - (Topic 2)
Which R77 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations?
A. Policy Package management
B. Database Revision Control
C. upgrade_export/upgrade_import
D. fwm dbexport/fwm dbimport
Answer: A
Q37. - (Topic 1)
The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. This is an example of a(n):
A. Stand-Alone Installation.
B. Distributed Installation.
C. Hybrid Installation.
D. Unsupported configuration.
Answer: B
Q38. - (Topic 2)
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?
A. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
B. No extra configuration is needed.
C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.
Answer: D
Q39. - (Topic 3)
How do you configure an alert in SmartView Monitor?
A. By right-clicking on the Gateway, and selecting Properties.
B. By choosing the Gateway, and Configure Thresholds.
C. An alert cannot be configured in SmartView Monitor.
D. By right-clicking on the Gateway, and selecting System Information.
Answer: B
Q40. - (Topic 3)
You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?
A. Send a CD-ROM with the HFA to each location and have local personnel install it.
B. Use SmartUpdate to install the packages to each of the Security Gateways remotely.
C. Send a Certified Security Engineer to each site to perform the update.
D. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
Answer: B
