Your success in Check Point checkpoint 156 215.77 is our sole target and we develop all our checkpoint 156 215.77 braindumps in a way that facilitates the attainment of this target. Not only is our 156 215.77 pdf study material the best you can find, it is also the most detailed and the most updated. ccsa 156 215.77 Practice Exams for Check Point CCSA ccsa 156 215.77 are written to the highest standards of technical accuracy.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Check Point 156-215.77 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 156-215.77 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/156-215.77-exam-dumps.html
Q11. - (Topic 3)
Why are certificates preferred over pre-shared keys in an IPsec VPN?
A. Weak security: PSKs can only have 112 bit length.
B. Weak Security: PSK are static and can be brute-forced.
C. Weak scalability: PSKs need to be set on each and every Gateway.
D. Weak performancE. PSK takes more time to encrypt than Diffie-Hellman.
Answer: B
Q12. - (Topic 3)
Where does the security administrator activate Identity Awareness within SmartDashboard?
A. LDAP Server Object > General Properties
B. Gateway Object > General Properties
C. Policy > Global Properties > Identity Awareness
D. Security Management Server > Identity Awareness
Answer: B
Q13. - (Topic 3)
You are running the license_upgrade tool on your SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?
A. Perform the actual license-upgrade process
B. View the status of currently installed licenses
C. Simulate the license-upgrade process
D. View the licenses in the SmartUpdate License Repository
Answer: D
Q14. - (Topic 2)
What is the purpose of a Stealth Rule?
A. To permit implied rules.
B. To drop all traffic to the management server that is not explicitly permitted.
C. To prevent users from connecting directly to the gateway.
D. To permit management traffic.
Answer: C
Q15. - (Topic 3)
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 0
B. Blank field under Rule Number
C. Cleanup Rule
D. Rule 1
Answer: A
Q16. - (Topic 1)
Which of the following describes the default behavior of an R77 Security Gateway?
A. Traffic is filtered using controlled port scanning.
B. IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.
C. All traffic is expressly permitted via explicit rules.
D. Traffic not explicitly permitted is dropped.
Answer: D
Q17. - (Topic 3)
When using an encryption algorithm, which is generally considered the best encryption method?
A. DES
B. CAST cipher
C. AES-256
D. Triple DES
Answer: C
Q18. - (Topic 3)
Where can you find the Check Point’s SNMP MIB file?
A. $CPDIR/lib/snmp/chkpt.mib
B. $FWDIR/conf/snmp.mib
C. It is obtained only by request from the TAC.
D. There is no specific MIB file for Check Point products.
Answer: A
Q19. - (Topic 3)
Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________.
A. ICA Certificate
B. SecureClient
C. Full Endpoint Client
D. Identity Awareness Agent
Answer: D
Q20. - (Topic 2)
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. A static route for the NAT IP must be added to the Gateway's upstream router.
B. Automatic ARP must be unchecked in the Global Properties.
C. Nothing else must be configured.
D. A static route must be added on the Security Gateway to the internal host.
Answer: D
