CheckPoint Checkpoint Certifications 156-315.77 Questions & Answers

• Question 401:

  Which Check Point QoS feature marks the ToS byte in the IP header?

  A. Differentiated Services

  B. Guarantees

  C. Weighted Fair Queuing

  D. Low Latency Queuing

  Correct Answer: A

• Question 402:

  Which of the following explains Role Segregation?

  A. Administrators have different abilities than managers within SmartWorkflow.

  B. Different tasks within SmartDashboard are divided according to firewall administrator permissions.

  C. Changes made by an administrator in a SmartWorkflow session must have managerial approval prior to commitment.

  D. SmartWorkflow can be configured so that managers can only view their assigned sessions

  Correct Answer: C

• Question 403:

  Where is the encryption domain for a SmartLSM Security Gateway configured in R71?

  A. Inside the SmartLSM Security Gateway object in the SmartDashboard GUI

  B. Inside the SmartLSM Security Gateway profile in the SmartProvisioning GUI

  C. Inside the SmartLSM Security Gateway object in the SmartProvisioning GUI

  D. Inside the SmartLSM Security Gateway profile in the SmartDashboard GUI

  Correct Answer: B

• Question 404:

  You use the snapshot feature to store yourConnecterSSL VPN configuration. What do you expect to find?

  A. Nothing; snapshot is not supported inConnectorSSL VPN.

  B. The management configuration of the current product, on a management or stand-alone machine

  C. A complete image of the local file system

  D. Specified directories of the local file system.

  Correct Answer: C

• Question 405:

  Which of the following commands can be used to stop Management portal services?

  A. fw stopportal

  B. cpportalstop

  C. cpstop / portal

  D. smartportalstop

  Correct Answer: D

• Question 406:

  VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. Which of the following services is NOT provided by a CIFS resource?

  A. Log access shares

  B. Block Remote Registry Access

  C. Log mapped shares

  D. Allow MS print shares

  Correct Answer: D

• Question 407:

  Refer to the to the network topology below.

  

  You have IPS software Blades active on security Gateways sglondon, sgla, and sgny, but still experience attacks on the Web server in the New York DMZ. How is this possible?

  A. All of these options are possible.

  B. Attacker may have used a touch of evasion techniques like using escape sequences instead of clear text commands. It is also possible that there are entry points not shown in the network layout, like rouge access points.

  C. Since other Gateways do not have IPS activated, attacks may originate from their networks without any noticing

  D. An IPS may combine different technologies, but is dependent on regular signature updates and well-turned automatically algorithms. Even if this is accomplished, no technology can offer 100% protection.

  Correct Answer: A

• Question 408:

  Problems sometimes occur when distributing IPSec packets to a few machines in a Load Sharing Multicast mode cluster, even though the machines have the same source and destination IP addresses. What is the best Load Sharing method for preventing this type of problem?

  A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces (SPI)

  B. Load Sharing based on SPIs only

  C. Load Sharing based on IP addresses only

  D. Load Sharing based on SPIs and ports only

  E. Load Sharing based on IP addresses and ports

  Correct Answer: E

• Question 409:

  Which component functions as the Internal Certificate Authority for VPN-1 NGX?

  A. VPN-1 Certificate Manager

  B. SmartCenterServer

  C. SmartLSM

  D. Policy Server

  E. Security Gateway

  Correct Answer: B

• Question 410:

  Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGXroute-based VPN feature, without stopping the VPN. What is the correct order of steps?

  A. 1. Add a new interface on each Gateway.

  2.

  Remove the newly added network from the current VPN Domain for each Gateway.

  3.

  Create VTIs on each Gateway, to point to the other two peers

  4.

  Enable advanced routing on all three Gateways.

  B. 1. Add a new interface on each Gateway.

  2.

  Remove the newly added network from the current VPN Domain in each gateway object.

  3.

  Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers.

  4.

  Add static routes on three Gateways, to route the new network to each peer's VTI interface.

  C. 1. Add a new interface on each Gateway.

  2.

  Add the newly added network into the existing VPN Domain for each Gateway.

  3.

  Create VTIs on each gateway object, to point to the other two peers.

  4.

  Enable advanced routing on all three Gateways.

  D. 1. Add a new interface on each Gateway.

  2.

  Add the newly added network into the existing VPN Domain for each gateway object.

  3.

  Create VTIs on each gateway object, to point to the other two peers.

  4.

  Add static routes on three Gateways, to route the new networks to each peer's VTI interface.

  Correct Answer: B