CheckPoint 156-315.77 Online Practice Questions and Exam Preparation

CheckPoint 156-315.77 Online Questions & Answers

• Question 661:

  You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?

  A. Connections cannot be established until cluster members are fully synchronized.
  B. It is not possible to configure High Availability that is not synchronized.
  C. Old connections are lost but can be reestablished.
  D. Old connections are lost but are automatically recovered whenever the failed machine recovers.
  C. Old connections are lost but can be reestablished.

• Question 662:

  Match the VPN-related terms with their definitions:

  

  A. A-3,B-2, C-1, D-4
  B. A-3, B-4, C-1, D-2
  C. A-3, B-2, C-4, D-1
  D. A-2, B-3, C-4, D-1
  C. A-3, B-2, C-4, D-1

• Question 663:

  Choose all correct statements. SmartUpdate, located on a VPN-1 NGX SmartCenter Server, allows you to:

  (1)

  Remotely perform a first time installation of VPN-1 NGX on a new machine

  (2)

  Determine OS patch levels on remote machines

  (3)

  Update installed Check Point and any OPSEC certified software remotely

  (4)

  Update installed Check Point software remotely

  (5)

  Track installed versions of Check Point and OPSEC products

  (6)

  Centrally manage licenses

  A. 4, 5, and 6
  B. 2, 4, 5, and 6
  C. 1 and 4
  D. 1, 3, 4, and 6
  B. 2, 4, 5, and 6

• Question 664:

  Where is the ideal place to deploy your SSL VPN?

  A. Deployed in DMZ
  B. SSL VPN enabled on the gateway
  C. In front of the external interface on the gateway
  D. Anywhere
  A. Deployed in DMZ

• Question 665:

  Refer to the network topology below.

  

  You have IPS Software Blades active on the Security Gateways sglondon, sgla, and sgny, but still experience attacks on the Web server in the New York DMZ. How is this possible?

  A. All of these options are possible.
  B. The attacker may have used a bunch of evasion techniques like using escape sequences instead of cleartext commands. It is also possible that there are entry points not shown in the network layout, like rogue access points.
  C. Since other Gateways do not have IPS activated, attacks may originate from their networks without anyone noticing.
  D. An IPS may combine different detection technologies, but is dependent on regular signature updates and well-tuned anomaly algorithms. Even if this is accomplished, no technology can offer 100% protection.
  A. All of these options are possible.

• Question 666:

  Which procedure creates a new administrator inSmart Workflow?

  A. Run cpconfig, supply the Login Name. Profile Properties, Name, Access Applications and Permissions.
  B. InSmart Dashboard, clickSmart Workflow/ EnableSmart Workflowand the EnableSmart Workflowwizard will start. Supply the Login Name, Profile Properties, Name, Access Applications and Permissions when prompted.
  C. On the Provider-1 primary MDS, run cpconfig, supply the Login Name, Profile Properties, Name, Access Applications and Permissions.
  D. InSmart Dashboard, click Users and Administrators right click Administrators / New Administrator and supply the Login Name. Profile Properties, Name, Access Applications and Permissions.
  D. InSmart Dashboard, click Users and Administrators right click Administrators / New Administrator and supply the Login Name. Profile Properties, Name, Access Applications and Permissions.

• Question 667:

  Which two processes are responsible on handling Identity Awareness?

  A. pdp and lad
  B. pdp and pdp-11
  C. pep and lad
  D. pdp and pep
  D. pdp and pep

• Question 668:

  A cluster contains two members, with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster's IP address is 172.28.108.3, and the internal cluster's IP address is 10.4.8.3.

  The synchronization interfaces are 192.168.1.1 and 192.168.1.2. The Security Administrator discovers State Synchronization is not working properly, cphaprob if command output displays as follows:

  What is causing the State Synchronization problem?

  A. Another cluster is using 192.168.1.3 as one of the unprotected interfaces.
  B. Interfaces 192.168.1.1 and 192.168.1.2 have defined 192.168.1.3 as a suB. interface.
  C. The synchronization interface on the cluster member object's Topology tab is enabled with "Cluster Interface". Disable this interface.
  D. The synchronization network has a cluster, with IP address 192.168.1.3 defined in the gateway-cluster object. Remove the 192.168.1.3 VIP interface from the cluster topology.
  D. The synchronization network has a cluster, with IP address 192.168.1.3 defined in the gateway-cluster object. Remove the 192.168.1.3 VIP interface from the cluster topology.

• Question 669:

  Network applications accessed using SSL Network Extender have been found to fail after one of their TCP connections has been left idle for more than one hour. You determine that you must enable sending reset (RST) packets upon TCP time-out expiration. Where is it necessary to change the setting?

  A. $FWDIR/conf/objects_5_0.C
  B. $FWDIR/conf/objects.C
  C. $WEBISDIR/conf/cpadmin.elg
  D. $CVPNDIR/conf/cvpnd.C
  A. $FWDIR/conf/objects_5_0.C

• Question 670:

  For object-based VPN routing to succeed, what must be configured?

  A. A single rule in the Rule Base must cover traffic in both directions, inbound and outbound on the central (HUB) Security Gateway.
  B. No rules need to be created, implied rules that cover inbound and outbound traffic on the central (HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections.
  C. At least two rules in the Rule Base must created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway.
  D. VPN routing is not configured in the Rule Base or Community objects. Only the native- routing mechanism on each Gateway can direct the traffic via its VTI configured interfaces.
  C. At least two rules in the Rule Base must created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway.