CheckPoint Checkpoint Certifications 156-215.77 Questions & Answers

• Question 201:

  Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure. Exhibit:

  

  Exhibit:

  A. Rule 4

  B. Rule 7

  C. Rule 8

  D. Rule 5

  Correct Answer: A

• Question 202:

  You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

  A. A group with generic user

  B. All users

  C. LDAP Account Unit Group

  D. Internal user Group

  Correct Answer: A

• Question 203:

  What is the purpose of an Identity Agent?

  A. Provide user and machine identity to a gateway

  B. Manual entry of user credentials for LDAP authentication

  C. Audit a user's access, and send that data to a log server

  D. Disable Single Sign On

  Correct Answer: A

• Question 204:

  Match the terms with their definitions: Exhibit:

  

  A. A-3, B-2, C-4, D-1

  B. A-2, B-3, C-4, D-1

  C. A-3, B-2, C-1, D-4

  D. A-3, B-4, C-1, D-2

  Correct Answer: A

• Question 205:

  For which service is it NOT possible to configure user authentication?

  A. Telnet

  B. SSH

  C. FTP

  D. HTTPS

  Correct Answer: B

• Question 206:

  UDP packets are delivered if they are ___________.

  A. a stateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP

  B. a valid response to an allowed request on the inverse UDP ports and IP

  C. bypassing the kernel by the forwarding layer of ClusterXL

  D. referenced in the SAM related dynamic tables

  Correct Answer: B

• Question 207:

  Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:

  A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.

  B. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.

  C. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.

  D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.

  Correct Answer: C

• Question 208:

  You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

  A. Create a new logical-server object to represent your partner's CA.

  B. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA).

  C. Manually import your partner's Certificate Revocation List.

  D. Manually import your partner's Access Control List.

  Correct Answer: B

• Question 209:

  Which do you configure to give remote access VPN users a local IP address?

  A. Encryption domain pool

  B. NAT pool

  C. Office mode IP pool

  D. Authentication pool

  Correct Answer: C

• Question 210:

  Captive Portal is a __________ that allows the gateway to request login information from the user.

  A. Pre-configured and customizable web-based tool

  B. Transparent network inspection tool

  C. LDAP server add-on

  D. Separately licensed feature

  Correct Answer: A