It is impossible to pass Check Point ccsa 156 215.77 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed Check Point ccsa 156 215.77 practice questions. You will get a surprising result by our Leading Check Point Certified Security Administrator – GAiA practice guides.
Q105. - (Topic 1)
How can you most quickly reset Secure Internal Communications (SIC) between a Security Management Server and Security Gateway?
A. From the Security Management Server's command line, type fw putkey -p <shared key> <IP Address of Security Gateway>.
B. Run the command fwm sic_reset to reinitialize the Security Management Server Internal Certificate Authority (ICA). Then retype the activation key on the Security Gateway from SmartDashboard.
C. Use SmartUpdate to retype the Security Gateway activation key. This will automatically sync SIC to both the Security Management Server and Gateway.
D. From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).
Answer: D
9. - (Topic 1)
Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources' servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.
B. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.
C. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.
D. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets.
Answer: D
Q106. - (Topic 1)
Certificates for Security Gateways are created during a simple initialization from _____________.
A. The ICA management tool
B. SmartUpdate
C. sysconfig
D. SmartDashboard
Answer: D
Q107. - (Topic 2)
Which of the following can be found in cpinfo from an enforcement point?
A. Policy file information specific to this enforcement point
B. The complete file objects_5_0.c
C. VPN keys for all established connections to all enforcement points
D. Everything NOT contained in the file r2info
Answer: A
106. - (Topic 2)
What is the default setting when you use NAT?
A. Source Translated on Client side
B. Source Translated on both sides
C. Destination Translated on Client side
D. Destination Translated on Server side
Answer: C
Q108. - (Topic 2)
Which answers are TRUE? Automatic Static NAT CANNOT be used when:
1) NAT decision is based on the destination port.
2) Both Source and Destination IP's have to be translated.
3) The NAT rule should only be installed on a dedicated Gateway.
4) NAT should be performed on the server side.
A. 2 and 3
B. 1, 3, and 4
C. 1 and 2
D. 2 and 4
Answer: C
Q109. - (Topic 3)
Why are certificates preferred over pre-shared keys in an IPsec VPN?
A. Weak security: PSKs can only have 112 bit length.
B. Weak Security: PSK are static and can be brute-forced.
C. Weak scalability: PSKs need to be set on each and every Gateway.
D. Weak performancE. PSK takes more time to encrypt than Diffie-Hellman.
Answer: B
Q110. - (Topic 2)
To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?
A. This cannot be configured since two selections (Service, Action) are not possible.
B. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the Security Management Server cpinfo file.
C. In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. "HTTP_SSH") and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND.
D. In SmartDashboard, right-click in the column field Service > Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here.
Answer: C
Q111. - (Topic 2)
Where are custom queries stored in R77 SmartView Tracker?
A. On the Security Management Server tied to the GUI client IP.
B. On the SmartView Tracker PC local file system shared by all users of that local PC.
C. On the Security Management Server tied to the Administrator User Database login name.
D. On the SmartView Tracker PC local file system under the user's profile.
Answer: C
148. - (Topic 2)
Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?
A. SmartView Tracker > Audit Tab > Gateway Counters
B. SmartView Monitor > Gateway Status > Threshold Settings
C. This can only be monitored by a user-defined script.
D. SmartView Monitor > Gateway Status > System Information > Thresholds
Answer: D
Q112. - (Topic 3)
Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?
A. Peers authenticate using certificates or preshared secrets.
B. The DH public keys are exchanged.
C. Each Security Gateway generates a private Diffie-Hellman (DH) key from random pools.
D. Symmetric IPsec keys are generated.
Answer: D