CheckPoint 156-215.77 Online Practice Questions and Exam Preparation

CheckPoint 156-215.77 Online Questions & Answers

• Question 101:

  The SIC certificate is stored in the directory _______________.

  A. $CPDIR/registry
  B. $CPDIR/conf
  C. $FWDIR/database
  D. $FWDIR/conf
  B. $CPDIR/conf

• Question 102:

  Which of the following items should be configured for the Security Management Server to authenticate via LDAP?

  A. Check Point Password
  B. Active Directory Server object
  C. Windows logon password
  D. WMI object
  B. Active Directory Server object

• Question 103:

  Which of the following items should be configured for the Security Management Server to authenticate using LDAP?

  A. Check Point Password
  B. WMI object
  C. Domain Admin username
  D. Windows logon password
  A. Check Point Password

• Question 104:

  What is the primary benefit of using the command upgrade_export over either backup or snapshot?

  A. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
  B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
  C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
  D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.
  A. upgrade_export is operating system independent and can be used when backup or snapshot is not available.

• Question 105:

  Where is the easiest and BEST place to find information about connections between two machines?

  A. All options are valid.
  B. On a Security Gateway using the command fw log.
  C. On a Security Management Server, using SmartView Tracker.
  D. On a Security Gateway Console interface; it gives you detailed access to log files and state table information.
  C. On a Security Management Server, using SmartView Tracker.

• Question 106:

  Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?

  A. 514
  B. 257
  C. 256
  D. 258
  B. 257

• Question 107:

  You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package's NAT rules? Exhibit:

  

  A. Rules 1, 2, 3 will appear in the new package.
  B. Only rule 1 will appear in the new package.
  C. NAT rules will be empty in the new package.
  D. Rules 4 and 5 will appear in the new package.
  A. Rules 1, 2, 3 will appear in the new package.

• Question 108:

  You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?

  A. SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on the Security Management Server's Operating System.
  B. SmartView Tracker in Network and Endpoint Mode
  C. SmartView Tracker in Active Mode
  D. SmartView Tracker in Management Mode
  D. SmartView Tracker in Management Mode

• Question 109:

  You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?

  A. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
  B. Send a CD-ROM with the HFA to each location and have local personnel install it.
  C. Send a Certified Security Engineer to each site to perform the update.
  D. Use SmartUpdate to install the packages to each of the Security Gateways remotely.
  D. Use SmartUpdate to install the packages to each of the Security Gateways remotely.

• Question 110:

  Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

  A. vpn debug ipsec
  B. vpn ipsec
  C. fw ipsec tu
  D. vpn tu
  D. vpn tu