Act now and download your Check Point 156-915.77 test today! Do not waste time for the worthless Check Point 156-915.77 tutorials. Download Updated Check Point Check Point Certified Security Expert Update Blade exam with real questions and answers and begin to learn Check Point 156-915.77 with a classic professional.

Q33. - (Topic 10) 

What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication? 

A. Captive Portal is more secure than standard LDAP 

B. Nothing, LDAP query is required when configuring Captive Portal 

C. Captive Portal works with both configured users and guests 

D. Captive Portal is more transparent to the user 

Answer:


Q34. - (Topic 5) 

As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting: 

A. in the user object's Authentication screen. 

B. in the Gateway object's Authentication screen. 

C. in the Limit tab of the Client Authentication Action Properties screen. 

D. in the Global Properties Authentication screen. 

Answer:


Q35. - (Topic 2) 

Where can you find the Check Point’s SNMP MIB file? 

A. $CPDIR/lib/snmp/chkpt.mib 

B. $FWDIR/conf/snmp.mib 

C. It is obtained only by request from the TAC. 

D. There is no specific MIB file for Check Point products. 

Answer:

20. - (Topic 2) 

Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources’ servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished? 

A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On. 

B. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target. 

C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets. 

D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target. 

Answer:


Q36. - (Topic 16) 

When do modifications to the Event Policy take effect? 

A. As soon as the Policy Tab window is closed. 

B. When saved on the SmartEvent Server and installed to the Correlation Units. 

C. When saved on the Correlation Units, and pushed as a policy. 

D. When saved on the SmartEvent Client, and installed on the SmartEvent Server. 

Answer:


Q37. - (Topic 15) 

If you need strong protection for the encryption of user data, what option would be the BEST choice? 

A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode. 

B. When you need strong encryption, IPsec is not the best choice. SSL VPN’s are a better choice. 

C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol. 

D. Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols. 

Answer:


Q38. - (Topic 4) 

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. 

What is TRUE about the new package’s NAT rules? 

A. Rules 1, 2, 3 will appear in the new package. 

B. Only rule 1 will appear in the new package. 

C. NAT rules will be empty in the new package. 

D. Rules 4 and 5 will appear in the new package. 

Answer:


Q39. - (Topic 3) 

Which of the following options is available with the GAiA cpconfig utility on a Management Server? 

A. Export setup 

B. DHCP Server configuration 

C. GUI Clients 

D. Time & Date 

Answer:


Q40. - (Topic 4) 

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: 

Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original 

“web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT. 

When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason? 

A. There is no Security Policy defined that allows HTTP traffic to the protected Web server. 

B. There is no ARP table entry for the protected Web server’s public IP address. 

C. There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address. 

D. There is no NAT rule translating the source IP address of packets coming from the protected Web server. 

Answer: