CheckPoint 156-215.77 Online Practice Questions and Exam Preparation

CheckPoint 156-215.77 Online Questions & Answers

• Question 61:

  You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:

  A. Standard policy.
  B. Initial policy.
  C. Last policy that was installed.
  D. Default filter.
  B. Initial policy.

• Question 62:

  Which rules are not applied on a first-match basis?

  A. User Authentication
  B. Client Authentication
  C. Session Authentication
  D. Cleanup
  A. User Authentication

• Question 63:

  Which command allows you to view the contents of an R77 table?

  A. fw tab -a
  B. fw tab -t
  C. fw tab -s
  D. fw tab -x
  B. fw tab -t

• Question 64:

  If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange?

  A. 9
  B. 2
  C. 3
  D. 6
  D. 6

• Question 65:

  Which type of R77 Security Server does not provide User Authentication?

  A. SMTP Security Server
  B. HTTP Security Server
  C. FTP Security Server
  D. HTTPS Security Server
  A. SMTP Security Server

• Question 66:

  What command syntax would you use to see accounts the gateway suspects are service accounts?

  A. pdp check_log
  B. pdp show service
  C. adlog check_accounts
  D. adlog a service_accounts
  D. adlog a service_accounts

• Question 67:

  A Cleanup rule:

  A. logs connections that would otherwise be dropped without logging by default.
  B. drops packets without logging connections that would otherwise be dropped and logged by default.
  C. logs connections that would otherwise be accepted without logging by default.
  D. drops packets without logging connections that would otherwise be accepted and logged by default.
  A. logs connections that would otherwise be dropped without logging by default.

• Question 68:

  Which rule is responsible for the installation failure? Exhibit:

  

  A. Rule 3
  B. Rule 4
  C. Rule 6
  D. Rule 5
  C. Rule 6

• Question 69:

  You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?

  A. Last
  B. After Stealth Rule
  C. First
  D. Before Last
  A. Last

• Question 70:

  Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:

  

  Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.

  The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.

  Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

  A. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
  B. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
  C. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
  D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source - group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original.
  B. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.