CheckPoint Checkpoint Certifications 156-215.77 Questions & Answers

• Question 251:

  How can you activate the SNMP daemon on a Check Point Security Management Server?

  A. Using the command line, enter snmp_install.

  B. From cpconfig, select SNMP extension.

  C. Any of these options will work.

  D. In SmartDashboard, right-click a Check Point object and select Activate SNMP.

  Correct Answer: B

• Question 252:

  When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R77 topology configuration?

  A. External

  B. Any

  C. Specific

  D. Not Defined

  Correct Answer: B

• Question 253:

  A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?

  A. The Allow Control Connections setting in Policy > Global Properties has been unchecked.

  B. A Stealth Rule has been configured for the R77 Gateway.

  C. The Security Policy installed to the Gateway had no rules in it.

  D. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.

  Correct Answer: A

• Question 254:

  Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway's Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?

  A. Logging implied rules

  B. User-defined alert script

  C. SNMP trap

  D. SmartView Monitor Threshold

  Correct Answer: B

• Question 255:

  Which authentication type permits five different sign-on methods in the authentication properties window?

  A. Client Authentication

  B. Manual Authentication

  C. User Authentication

  D. Session Authentication

  Correct Answer: A

• Question 256:

  When you change an implicit rule's order from Last to First in Global Properties, how do you make the change take effect?

  A. Run fw fetch from the Security Gateway.

  B. Select Install Database from the Policy menu.

  C. Select Save from the File menu.

  D. Reinstall the Security Policy.

  Correct Answer: D

• Question 257:

  Which rule is responsible for the client authentication failure?

  Exhibit:

  

  A. Rule 4

  B. Rule 6

  C. Rule 3

  D. Rule 5

  Correct Answer: A

• Question 258:

  The Captive Portal tool:

  A. Acquires identities from unidentified users.

  B. Is only used for guest user authentication.

  C. Allows access to users already identified.

  D. Is deployed from the Identity Awareness page in the Global Properties settings.

  Correct Answer: A

• Question 259:

  Which of the following is NOT true for Clientless VPN?

  A. The Gateway can enforce the use of strong encryption.

  B. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN.

  C. Secure communication is provided between clients and servers that support HTTP.

  D. User Authentication is supported.

  Correct Answer: C

• Question 260:

  While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?

  1) Select Active Mode tab in SmartView Tracker.

  2) Select Tools > Block Intruder.

  3) Select Log Viewing tab in SmartView Tracker.

  4) Set Blocking Timeout value to 60 minutes.

  5) Highlight connection that should be blocked.

  A. 1, 2, 5, 4

  B. 3, 2, 5, 4

  C. 1, 5, 2, 4

  D. 3, 5, 2, 4

  Correct Answer: C