CheckPoint Checkpoint Certifications 156-215.77 Questions & Answers

• Question 191:

  When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?

  A. Leveraging identity in the application control blade

  B. Basic identity enforcement in the internal network

  C. Identity-based auditing and logging

  D. Identity-based enforcement for non-AD users (non-Windows and guest users)

  Correct Answer: D

• Question 192:

  Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.

  A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.

  B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.

  C. Enable User Directory in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.

  D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.

  Correct Answer: C

• Question 193:

  How many packets does the IKE exchange use for Phase 1 Main Mode?

  A. 12

  B. 1

  C. 3

  D. 6

  Correct Answer: D

• Question 194:

  You are troubleshooting NAT entries in SmartView Tracker. Which column do you check to view the new source IP?

  Exhibit: A. XlateDPort

  

  B. XlateDst

  C. XlateSPort

  D. XlateSrc

  Correct Answer: D

• Question 195:

  You would use the Hide Rule feature to:

  A. View only a few rules without the distraction of others.

  B. Hide rules from read-only administrators.

  C. Hide rules from a SYN/ACK attack.

  D. Make rules invisible to incoming packets.

  Correct Answer: A

• Question 196:

  Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?

  A. Symmetric IPsec keys are generated.

  B. Each Security Gateway generates a private Diffie-Hellman (DH) key from random pools.

  C. The DH public keys are exchanged.

  D. Peers authenticate using certificates or preshared secrets.

  Correct Answer: B

• Question 197:

  Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:

  A. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the mesh center Gateways option checked; all London branch offices defined in one satellite window, but, all New York branch offices defined in another satellite window.

  B. Two mesh and one star Community: One mesh Community is set up for each of the headquarters and its branch offices. The star Community is configured with London as the center of the Community and New York is the satellite.

  C. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the Community center, and its branches as satellites. The mesh Community includes only New York and London Gateways.

  D. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.

  Correct Answer: C

• Question 198:

  Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:

  A. Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters.

  B. Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite.

  C. Two star communities and one mesh: A star community for each city with headquarters as center, and branches as satellites. Then one mesh community for the two headquarters.

  D. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the "mesh center Gateways? option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window.

  Correct Answer: C

• Question 199:

  The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?

  A. When accuracy in detecting identity is crucial

  B. Leveraging identity for Data Center protection

  C. Protecting highly sensitive servers

  D. Identity based enforcement for non-AD users (non-Windows and guest users)

  Correct Answer: D

• Question 200:

  What is the Manual Client Authentication TELNET port?

  A. 23

  B. 264

  C. 900

  D. 259

  Correct Answer: D