1. Home
  2. CheckPoint
  3. 156-215.77

Check Point Certified Security Administrator

Exam Details

  • Exam Code
    :156-215.77
  • Exam Name
    :Check Point Certified Security Administrator
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 13, 2024

CheckPoint Checkpoint Certifications 156-215.77 Questions & Answers

  • Question 331:

    You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of

    inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:

    Unknown established connection

    How do you resolve this problem without causing other security issues? Choose the BEST answer.

    A. Increase the service-based session timeout of the default Telnet service to 24-hours.

    B. Ask the mainframe users to reconnect every time this error occurs.

    C. Increase the TCP session timeout under Global Properties > Stateful Inspection.

    D. Create a new TCP service object on port 23 called Telnet-mainframe. Define a service- based session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

  • Question 332:

    Where can you find the Check Point's SNMP MIB file?

    A. $CPDIR/lib/snmp/chkpt.mib

    B. $FWDIR/conf/snmp.mib

    C. It is obtained only by request from the TAC.

    D. There is no specific MIB file for Check Point products.

  • Question 333:

    Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti- spoofing settings. What is causing this?

    A. Manual NAT rules are not configured correctly.

    B. Allow bi-directional NAT is not checked in Global Properties.

    C. Routing is not configured correctly.

    D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.

  • Question 334:

    A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

    A. destination on server side

    B. source on server side

    C. source on client side

    D. destination on client side

  • Question 335:

    The customer has a small Check Point installation which includes one Windows 2008 server as the SmartConsole and a second server running GAiA as both Security Management Server and the Security Gateway. This is an example of a(n):

    A. Distributed Installation

    B. Unsupported configuration

    C. Hybrid Installation

    D. Stand-Alone Installation

  • Question 336:

    Which of the following statements BEST describes Check Point's Hide Network Address Translation method?

    A. Translates many destination IP addresses into one destination IP address

    B. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

    C. Translates many source IP addresses into one source IP address

    D. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

  • Question 337:

    You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.

    What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

    A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.

    B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

    C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

    D. Place a static host route on the firewall for the valid IP address to the internal Web server.

  • Question 338:

    Which component functions as the Internal Certificate Authority for R77?

    A. Security Gateway

    B. Management Server

    C. Policy Server

    D. SmartLSM

  • Question 339:

    Which R77 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations?

    A. upgrade_export/upgrade_import

    B. fwm dbexport/fwm dbimport

    C. Database Revision Control

    D. Policy Package management

  • Question 340:

    When launching SmartDashboard, what information is required to log into R77?

    A. User Name, Management Server IP, certificate fingerprint file

    B. User Name, Password, Management Server IP

    C. Password, Management Server IP

    D. Password, Management Server IP, LDAP Server IP

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.