Pinpoint of 156-215.77 free practice exam materials and samples for Check Point certification for consumer, Real Success Guaranteed with Updated 156-215.77 pdf dumps vce Materials. 100% PASS Check Point Certified Security Administrator – GAiA exam Today!
2021 Oct 156-215.77 free draindumps
Q121. - (Topic 2)
You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).
C. Yes, there are always as many active NAT rules as there are connections.
D. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.
Answer: A
Q122. - (Topic 1)
The London Security Gateway Administrator has just installed the Security Gateway and Management Server. He has not changed any default settings. As he tries to configure the Gateway, he is unable to connect. Which troubleshooting suggestion will NOT help him?
A. Check if some intermediate network device has a wrong routing table entry, VLAN
assignment, duplex-mismatch, or trunk issue.
B. Verify that the Rule Base explicitly allows management connections.
C. Test the IP address assignment and routing settings of the Security Management Server, Gateway, and console client.
D. Verify the SIC initialization.
Answer: B
Q123. - (Topic 3)
Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:
A. Client Authentication rule using the manual sign-on method, using HTTP on port 900
B. Client Authentication rule, using partially automatic sign on
C. Client Authentication for fully automatic sign on
D. Session Authentication rule
Answer: A
Q124. - (Topic 3)
Where does the security administrator activate Identity Awareness within SmartDashboard?
A. LDAP Server Object > General Properties
B. Gateway Object > General Properties
C. Policy > Global Properties > Identity Awareness
D. Security Management Server > Identity Awareness
Answer: B
Q125. - (Topic 3)
Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________.
A. ICA Certificate
B. SecureClient
C. Full Endpoint Client
D. Identity Awareness Agent
Answer: D
Down to date 156-215.77 actual exam:
Q126. - (Topic 2)
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R77 Gateway.
B. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
C. The Security Policy installed to the Gateway had no rules in it.
D. The Allow Control Connections setting in Policy > Global Properties has been unchecked.
Answer: D
Q127. - (Topic 1)
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Answer: C
Q128. - (Topic 3)
If you are experiencing LDAP issues, which of the following should you check?
A. Domain name resolution
B. Overlapping VPN Domains C. Connectivity between the R77 Gateway and LDAP server
D. Secure Internal Communications (SIC)
Answer: C
Q129. - (Topic 2)
To reduce the information given to you in SmartView Tracker, what can you do to find information about data being sent between pcosaka and pctokyo?
A. Apply a source filter by adding both endpoint IP addresses with the equal option set.
B. Use a regular expression to filter out relevant logging entries.
C. Double-click an entry representing a connection between both endpoints.
D. Press CTRL+F in order to open the find dialog, and then search the corresponding IP addresses.
Answer: A
Q130. - (Topic 2)
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.
What is TRUE about the new package's NAT rules?
A. NAT rules will be empty in the new package.
B. Rules 4 and 5 will appear in the new package.
C. Rules 1, 2, 3 will appear in the new package.
D. Only rule 1 will appear in the new package.
Answer: C