CheckPoint Checkpoint Certifications 156-215.77 Questions & Answers

• Question 241:

  All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

  A. FTP

  B. SMTP

  C. HTTP

  D. RLOGIN

  Correct Answer: B

• Question 242:

  John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

  John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

  To make this scenario work, the IT administrator:

  1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web

  Server from any machine and from any location.

  What should John do when he cannot access the web server from a different personal computer?

  A. John should lock and unlock his computer

  B. Investigate this as a network connectivity issue

  C. The access should be changed to authenticate the user instead of the PC

  D. John should install the Identity Awareness Agent

  Correct Answer: C

• Question 243:

  When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?

  Exhibit:

  

  A. (6) Delete all IPsec SAs for a given User (Client)

  B. (5) Delete all IPsec SAs for a given peer (GW)

  C. (8) Delete all IPsec+IKE SAs for a given User (Client)

  D. Delete all IPsec+IKE SAs for a given peer (GW)

  Correct Answer: D

• Question 244:

  How many packets does the IKE exchange use for Phase 1 Aggressive Mode?

  A. 12

  B. 6

  C. 3

  D. 1

  Correct Answer: C

• Question 245:

  Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.

  To make this scenario work, the IT administrator must:

  1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.

  2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.

  3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.

  Ms. McHanry tries to access the resource but is unable. What should she do?

  A. Have the security administrator select the Action field of the Firewall Rule "Redirect HTTP connections to an authentication (captive) portal?

  B. Have the security administrator reboot the firewall

  C. Have the security administrator select Any for the Machines tab in the appropriate Access Role

  D. Install the Identity Awareness agent on her iPad

  Correct Answer: A

• Question 246:

  You are a Security Administrator using one Security Management Server managing three different firewalls. One firewall does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is a possible cause?

  A. The firewall has failed to sync with the Security Management Server for 60 minutes.

  B. The firewall object has been created but SIC has not yet been established.

  C. The firewall is not listed in the Policy Installation Targets screen for this policy package.

  D. The license for this specific firewall has expired.

  Correct Answer: C

• Question 247:

  You want to reset SIC between smberlin and sgosaka.

  

  In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:

  

  What is the reason for this behavior?

  A. The Gateway was not rebooted, which is necessary to change the SIC key.

  B. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).

  C. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.

  D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.

  Correct Answer: C

• Question 248:

  How many packets are required for IKE Phase 2?

  A. 12

  B. 2

  C. 6

  D. 3

  Correct Answer: D

• Question 249:

  Which of the following are authentication methods that Security Gateway R77 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.

  A. Proxied, User, Dynamic, Session

  B. Connection, User, Client

  C. User, Client, Session

  D. User, Proxied, Session

  Correct Answer: C

• Question 250:

  What happens when you open the Gateway object window Trusted Communication and press and confirm Reset?

  Exhibit:

  

  A. Sic will be reset on the Gateway only.

  B. The Gateway certificate will be revoked on the Gateway only.

  C. The Gateway certificate will be revoked on the Security Managment Server only.

  D. The Gateway certificate will be revoked on the Security Management Server and SIC will be reset on the Gateway.

  Correct Answer: C