We provide real 156 215.77 pdf exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Check Point 156 215.77 pdf Exam quickly & easily. The exam 156 215.77 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Check Point 156 215.77 pdf dumps pdf and vce product and material, you can easily pass the checkpoint 156 215.77 exam.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Check Point 156-215.77 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 156-215.77 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/156-215.77-exam-dumps.html
Q211. - (Topic 2)
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.
C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.
D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.
Answer: D
Q212. - (Topic 2)
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?
A. Install the View Implicit Rules package using SmartUpdate.
B. Define two log servers on the R77 Gateway object. Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
C. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
D. Check the Log Implied Rules Globally box on the R77 Gateway object.
Answer: C
Q213. - (Topic 1)
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Answer: C
Q214. - (Topic 1)
Over the weekend, an Administrator without access to SmartDashboard installed a new R77 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?
A. You first need to run the command fw unloadlocal on the new Security Gateway.
B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on both the Security Gateway and the Management Server.
C. You first need to initialize SIC in SmartUpdate.
D. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
Answer: D
22. - (Topic 1)
How can you reset the Security Administrator password that was created during initial Security Management Server installation on SecurePlatform?
A. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Password portion of the file. Then log in to the account without a password. You will be prompted to assign a new password.
B. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.
C. Type cpm -a, and provide the existing administrator's account name. Reset the Security Administrator's password.
D. As expert user Type fwm -a, and provide the existing administrator's account name. Reset the Security Administrator's password.
Answer: D
Q215. - (Topic 1)
Which of the following is a hash algorithm?
A. DES
B. IDEA
C. MD5
D. 3DES
Answer: C
Q216. - (Topic 3)
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
A. You can limit the authentication attempts in the User Properties' Authentication tab.
B. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
C. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
D. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
Answer: D
Q217. - (Topic 2)
Which of the following is a viable consideration when determining Rule Base order?
A. Grouping authentication rules with address-translation rules
B. Grouping rules by date of creation
C. Grouping reject and drop rules after the Cleanup Rule
D. Grouping functionally related rules together
Answer: D
Q218. - (Topic 1)
Which rule position in the Rule Base should hold the Cleanup Rule? Why?
A. Last. It explicitly drops otherwise accepted traffic.
B. First. It explicitly accepts otherwise dropped traffic.
C. Last. It serves a logging function before the implicit drop.
D. Before last followed by the Stealth Rule.
Answer: C
Q219. - (Topic 2)
Static NAT connections, by default, translate on which firewall kernel inspection point?
A. Post-inbound
B. Eitherbound
C. Inbound
D. Outbound
Answer: C
Q220. - (Topic 2)
Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:
RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter
200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for
200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address
200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of
200.200.200.3.
D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source -group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original.
Answer: C
