It is more faster and easier to pass the Check Point 156-915.77 exam by using Verified Check Point Check Point Certified Security Expert Update Blade questuins and answers. Immediate access to the Leading 156-915.77 Exam and find the same core area 156-915.77 questions with professionally verified answers, then PASS your exam with a high score now.
Q9. - (Topic 11)
What is Check Point's CoreXL?
A. A way to synchronize connections across cluster members
B. TCP-18190
C. Multiple core interfaces on the device to accelerate traffic
D. Multi Core support for Firewall Inspection
Answer: D
Q10. - (Topic 6)
How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?
A. By using the Clear User Cache button in SmartDashboard.
B. Usernames and passwords only clear from memory after they time out.
C. By retrieving LDAP user information using the command fw fetchldap.
D. By installing a Security Policy.
Answer: D
Q11. - (Topic 11)
You are troubleshooting a HTTP connection problem. You've started fw monitor -o http.pcap. When you open http.pcap with Wireshark there is only one line. What is the most likely reason?
A. fw monitor was restricted to the wrong interface.
B. Like SmartView Tracker only the first packet of a connection will be captured by fw monitor.
C. By default only SYN pakets are captured.
D. Acceleration was turned on and therefore fw monitor sees only SYN.
Answer: D
Q12. - (Topic 4)
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.
C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.
D. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.
Answer: A
Q13. - (Topic 7)
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?
A. Investigate this as a network connectivity issue
B. Install the Identity Awareness Agent
C. Set static IP to DHCP
D. After enabling Identity Awareness, reboot the gateway
Answer: C
Q14. - (Topic 1)
What is the syntax for uninstalling a package using newpkg?
A. -u <pathname of package>
B. -i <full pathname of package>
C. -S <pathname of package>
D. newpkg CANNOT be used to uninstall a package
Answer: D
Q15. CORRECT TEXT - (Topic 14)
Checkpoint 156-915.77 : Practice Test
Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member.
Answer: fw ctl setsync off
Q16. - (Topic 4)
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
A. o=outbound kernel, before the virtual machine
B. I=inbound kernel, after the virtual machine
C. O=outbound kernel, after the virtual machine
D. i=inbound kernel, before the virtual machine
Answer: B