We provide real 156-915.77 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Check Point 156-915.77 Exam quickly & easily. The 156-915.77 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Check Point 156-915.77 dumps pdf and vce product and material, you can easily pass the 156-915.77 exam.
Q1. - (Topic 7)
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?
A. John should install the Identity Awareness Agent
B. The firewall admin should install the Security Policy
C. John should lock and unlock the computer
D. Investigate this as a network connectivity issue
Answer: B
Topic 8, Identity Awareness Obj 2
Q2. - (Topic 2)
You have a diskless appliance platform. How do you keep swap file wear to a minimum?
A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
C. Use PRAM flash devices, eliminating the longevity.
D. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
Answer: D
Q3. - (Topic 2)
You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. No action is needed because cpshell has a timeout of one hour by default.
B. Log in as the default user expert and start cpinfo.
C. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo.
D. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
Answer: D
Topic 3, Deployment Platforms Obj 3
Q4. CORRECT TEXT - (Topic 14)
Fill in the blank. To verify that a VPN Tunnel is properly established, use the command
Answer: vpn tunnelutil
Q5. - (Topic 1)
Which command displays the installed Security Gateway version?
A. fw printver
B. fw ver
C. fw stat
D. cpstat -gw
Answer: B
Q6. - (Topic 3)
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. fw cpinfo
B. cpinfo -o date.cpinfo.txt
C. diag
D. cpstat - date.cpstat.txt
Answer: B
Q7. - (Topic 12)
How could you compare the Fingerprint shown to the Fingerprint on the server? Exhibit:
A. Run cpconfig, select the Certificate's Fingerprint option and view the fingerprint
B. Run cpconfig, select the GUI Clients option and view the fingerprint
C. Run cpconfig, select the Certificate Authority option and view the fingerprint
D. Run sysconfig, select the Server Fingerprint option and view the fingerprint
Answer: A
Q8. - (Topic 4)
You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?
A. Two, one for outbound, one for inbound
B. Only one, outbound
C. Two, both outbound, one for the real IP connection and one for the NAT IP connection
D. Only one, inbound
Answer: B