CheckPoint 156-215.77 Online Practice Questions and Exam Preparation

CheckPoint 156-215.77 Online Questions & Answers

• Question 281:

  How many packets does the IKE exchange use for Phase 1 Aggressive Mode?

  A. 12
  B. 6
  C. 3
  D. 1
  C. 3

• Question 282:

  You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's Remote Access properties and install policy. What additional steps are required for this to function correctly?

  A. You need to start SSL Network Extender first, then use Visitor Mode.
  B. Set Visitor Mode in Policy > Global Properties > Remote-Access > VPN - Advanced.
  C. Office mode is not configured.
  D. The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). With multi- port no additional changes are necessary.
  D. The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). With multi- port no additional changes are necessary.

• Question 283:

  Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.

  A. SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
  B. SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
  C. SmartView Tracker, CPINFO, SmartUpdate
  D. Security Policy Editor, Log Viewer, Real Time Monitor GUI
  C. SmartView Tracker, CPINFO, SmartUpdate

• Question 284:

  You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify security administration, which one of the following would you choose to do?

  A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
  B. Run separate SmartConsole instances to login and configure each Security Gateway directly.
  C. Create network objects that restrict all applicable rules to only certain networks.
  D. Create a separate Security Policy package for each remote Security Gateway.
  D. Create a separate Security Policy package for each remote Security Gateway.

• Question 285:

  John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only

  from John's desktop which is assigned a static IP address 10.0.0.19.

  John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a

  rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

  To make this scenario work, the IT administrator:

  1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

  2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

  What should John do when he cannot access the web server from a different personal computer?

  A. John should lock and unlock his computer
  B. Investigate this as a network connectivity issue
  C. The access should be changed to authenticate the user instead of the PC
  D. John should install the Identity Awareness Agent
  C. The access should be changed to authenticate the user instead of the PC

• Question 286:

  With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?

  A. Allow for unencrypted traffic
  B. Allow traffic outside the encrypted domain
  C. Enable Hot Spot/Hotel Registration
  D. Allow your users to turn off SecureClient
  C. Enable Hot Spot/Hotel Registration

• Question 287:

  Which R77 GUI would you use to see the number of packets accepted since the last policy install?

  A. SmartView Monitor
  B. SmartView Tracker
  C. SmartDashboard
  D. SmartView Status
  A. SmartView Monitor

• Question 288:

  Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?

  A. All Records Query
  B. Account Query
  C. Active Tab
  D. Audit Tab
  C. Active Tab

• Question 289:

  Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?

  A. SmartView Tracker
  B. SmartPortal
  C. SmartUpdate
  D. SmartDashboard
  C. SmartUpdate

• Question 290:

  When configuring the Check Point Gateway network interfaces, you can define the direction as Internal or External. What does the option Interface leads to DMZ mean? Exhibit:

  

  A. Using restricted Gateways, this option automatically turns off the counting of IP Addresses originating from this interface.
  B. Activating this option automatically turns this interface to External.
  C. It defines the DMZ Interface since this information is necessary for Content Control
  D. Select this option to automatically configure Anti-Spoofing to this net.
  C. It defines the DMZ Interface since this information is necessary for Content Control