Exam Code: checkpoint 156 215.77 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Administrator – GAiA
Certification Provider: Check Point
Free Today! Guaranteed Training- Pass exam 156 215.77 Exam.
Q137. - (Topic 3)
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
B. All is fine and can be used as is.
C. The two algorithms do not have the same key length and so don't work together. You will get the error …. No proposal chosen….
D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
Answer: D
Q138. - (Topic 2)
The fw monitor utility is used to troubleshoot which of the following problems?
A. Address translation
B. Log Consolidation Engine
C. User data base corruption D. Phase two key negotiation
Answer: A
Q139. - (Topic 2)
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
A. Configure Automatic Static NAT on network 10.10.20.0/24.
B. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.
C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
D. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.
Answer: C
Q140. - (Topic 1)
Which rule position in the Rule Base should hold the Cleanup Rule? Why?
A. Last. It explicitly drops otherwise accepted traffic.
B. First. It explicitly accepts otherwise dropped traffic.
C. Last. It serves a logging function before the implicit drop.
D. Before last followed by the Stealth Rule.
Answer: C
Q141. - (Topic 1)
How is wear on the flash storage device mitigated on diskless appliance platforms?
A. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
B. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
C. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
D. PRAM flash devices are used, eliminating the longevity.
Answer: B
Q142. - (Topic 2)
Which SmartConsole tool would you use to see the last policy pushed in the audit log?
A. SmartView Tracker
B. SmartView Status
C. None, SmartConsole applications only communicate with the Security Management Server.
D. SmartView Server
Answer: A
197. - (Topic 2)
Where is the easiest and BEST place to find information about connections between two machines?
A. On a Security Gateway Console interface; it gives you detailed access to log files and state table information.
B. On a Security Management Server, using SmartView Tracker.
C. All options are valid.
D. On a Security Gateway using the command fw log.
Answer: B
Q143. - (Topic 3)
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
As expert user, issue these commands:
A. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field
B. As expert user, issue the command:
C. # IP link set eth0 addr 00:0C:29:12:34:56
D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
Answer: A
Q144. - (Topic 3)
MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?
A. Using each of the Gateways' IP addresses, and applying the licenses on the Security Management Server with the command cprlic put.
B. Using the remote Gateway's IP address, and applying the license locally with the command cplic put.
C. Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.
D. Using the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate.
Answer: C