The Update Guide To 156-915.77 Testing Engine

Actualtests offers free demo for 156-915.77 exam. "Check Point Certified Security Expert Update Blade", also known as 156-915.77 exam, is a CheckPoint Certification. This set of posts, Passing the CheckPoint 156-915.77 exam, will help you answer those questions. The 156-915.77 Questions & Answers covers all the knowledge points of the real exam. 100% real CheckPoint 156-915.77 exams and revised by experts!

CheckPoint 156-915.77 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1

Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?

  • A. fw cpinfo
  • B. cpinfo -o date.cpinfo.txt
  • C. diag
  • D. cpstat - date.cpstat.txt

Answer: B

NEW QUESTION 2

Which of the following is a CLI command for Security Gateway R77?

  • A. fw tab -u
  • B. fw shutdown
  • C. fw merge
  • D. fwm policy_print <policyname>

Answer: A

NEW QUESTION 3

What happens if the identity of a user is known?

  • A. If the user credentials do not match an Access Role, the system displays the Captive Portal.
  • B. If the user credentials do not match an Access Role, the system displays a sandbox.
  • C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
  • D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.

Answer: D

NEW QUESTION 4

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able
to connect to the HR Web server. What is the next BEST troubleshooting step?

  • A. Investigate this as a network connectivity issue
  • B. Install the Identity Awareness Agent
  • C. Set static IP to DHCP
  • D. After enabling Identity Awareness, reboot the gateway

Answer: C

NEW QUESTION 5

Which command allows you to view the contents of an R77 table?

  • A. fw tab -a <tablename>
  • B. fw tab -t <tablename>
  • C. fw tab -s <tablename>
  • D. fw tab -x <tablename>

Answer: B

NEW QUESTION 6

Which of the following tools is used to generate a Security Gateway R77 configuration report?

  • A. fw cpinfo
  • B. infoCP
  • C. cpinfo
  • D. infoview

Answer: C

NEW QUESTION 7

If your firewall is performing a lot of IPS inspection and the CPUs assigned to fw_worker_thread are at or near 100%, which of the following could you do to improve performance?

  • A. Add more RAM to the system.
  • B. Add more Disk Drives.
  • C. Assign more CPU cores to CoreXL
  • D. Assign more CPU cores to SecureXL.

Answer: C

NEW QUESTION 8
CORRECT TEXT
Fill in the blank. To verify the SecureXL status, you would enter command ______.


Solution:
fwaccel stat

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 9

The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

  • A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
  • B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
  • C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
  • D. You can limit the authentication attempts in the User Properties’ Authentication tab.

Answer: B

NEW QUESTION 10

The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?

  • A. When accuracy in detecting identity is crucial
  • B. Leveraging identity for Data Center protection
  • C. Protecting highly sensitive servers
  • D. Identity based enforcement for non-AD users (non-Windows and guest users)

Answer: D

NEW QUESTION 11

Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:

  • A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.
  • B. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.
  • C. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.
  • D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.

Answer: C

NEW QUESTION 12
CORRECT TEXT
Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member.


Solution:
fw ctl setsync off

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 13
Re-enable "Cluster membership" on the Gateway.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 14

When do modifications to the Event Policy take effect?

  • A. As soon as the Policy Tab window is closed.
  • B. When saved on the SmartEvent Server and installed to the Correlation Units.
  • C. When saved on the Correlation Units, and pushed as a policy.
  • D. When saved on the SmartEvent Client, and installed on the SmartEvent Server.

Answer: B

NEW QUESTION 15

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

  • A. No extra configuration is needed.
  • B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
  • C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
  • D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Answer: D

NEW QUESTION 16
Update the topology in the cluster object for the cluster and both members.


Solution:


Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 17

What command with appropriate switches would you use to test Identity Awareness connectivity?

  • A. test_ldap
  • B. test_ad_connectivity
  • C. test_ldap_connectivity
  • D. test_ad

Answer: B

NEW QUESTION 18

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

  • A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.
  • B. Configure Automatic Static NAT on network 10.10.20.0/24.
  • C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
  • D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.

Answer: C

NEW QUESTION 19

You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?

  • A. database revision
  • B. snapshot
  • C. upgrade_export
  • D. backup

Answer: D

NEW QUESTION 20

Which two processes are responsible on handling Identity Awareness?

  • A. pdp and lad
  • B. pdp and pdp-11
  • C. pep and lad
  • D. pdp and pep

Answer: D

NEW QUESTION 21
......

P.S. Thedumpscentre.com now are offering 100% pass ensure 156-915.77 dumps! All 156-915.77 exam questions have been updated with correct answers: https://www.thedumpscentre.com/156-915.77-dumps/ (203 New Questions)