Exam Details
Exam Code
:156-215.77Exam Name
:Check Point Certified Security AdministratorCertification
:CCSA R77Vendor
:CheckPointTotal Questions
:388 Q&AsLast Updated
:May 09, 2024
CheckPoint CCSA R77 156-215.77 Questions & Answers
-
Question 11:
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep- alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.
Which of the following is the BEST explanation for this behavior?
A. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
B. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non- standard GRE protocol for encapsulation.
C. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
D. The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.
-
Question 12:
How do you configure an alert in SmartView Monitor?
A. An alert cannot be configured in SmartView Monitor.
B. By choosing the Gateway, and Configure Thresholds.
C. By right-clicking on the Gateway, and selecting Properties.
D. By right-clicking on the Gateway, and selecting System Information.
-
Question 13:
How can you activate the SNMP daemon on a Check Point Security Management Server?
A. B. From cpconfig, select SNMP extension.
B. C. Any of these options will work.
C. D. In SmartDashboard, right-click a Check Point object and select Activate SNMP.
-
Question 14:
Review the rules.
Assume domain UDP is enabled in the impled rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
A. can connect to the Internet successfully after being authenticated.
B. is prompted three times before connecting to the Internet successfully.
C. can go to the Internet after Telnetting to the client authentication daemon port 259.
D. can go to the Internet, without being prompted for authentication.
-
Question 15:
Which authentication type requires specifying a contact agent in the Rule Base?
A. Client Authentication with Partially Automatic Sign On
B. Client Authentication with Manual Sign On
C. User Authentication
D. Session Authentication
-
Question 16:
For remote user authentication, which authentication scheme is NOT supported?
A. Check Point Password
B. RADIUS
C. TACACS
D. SecurID
-
Question 17:
With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?
A. Allow for unencrypted traffic
B. Allow traffic outside the encrypted domain
C. Enable Hot Spot/Hotel Registration
D. Allow your users to turn off SecureClient
-
Question 18:
What happens when you run the command. fw sam -J src [Source IP Address]?
A. Connections from the specified source are blocked without the need to change the Security Policy.
B. Connections to the specified target are blocked without the need to change the Security Policy.
C. Connections to and from the specified target are blocked without the need to change the Security Policy.
D. Connections to and from the specified target are blocked with the need to change the Security Policy.
-
Question 19:
A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?
A. Eventia Analyzer
B. SmartView Tracker
C. SmartView Monitor
D. This information can only be viewed with the command fw ctl pstat from the CLI.
-
Question 20:
Which set of objects have an Authentication tab?
A. Templates, Users
B. Users, Networks
C. Users, User Groups
D. Networks, Hosts
Related Exams:
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.