156-215.77 Questions And Answers
$58
Exam Name: Check Point Certified Security Administrator
Updated: 2018-12-11
Q & A: 359
- Reviews
156-215.77 Frequently Asked Questions
Q1: Can I use 156-215.77 exam Q&As in my phone?
Yes, PassQuestion provides CCSA 156-215.77 pdf Q&As which you can download to study on your computer or mobile device, we also provide 156-215.77 pdf free demo which from the full version to check its quality before purchasing.
Q2: What are the formats of your Check Point 156-215.77 exam questions?
PassQuestion provides Check Point 156-215.77 exam questions with pdf format and software format, pdf file will be sent in attachment and software file in a download link, you need to download the link in a week, it will be automatically invalid after a week.
Q3: How can I download my 156-215.77 test questions after purchasing?
We will send CCSA 156-215.77 test questions to your email once we receive your order, pls make sure your email address valid or leave an alternate email.
Q4: How long can I get my CCSA 156-215.77 questions and answers after purchasing?
We will send CCSA 156-215.77 questions and answers to your email in 10 minutes in our working time and no less than 12 hours in our off time.
Working Time:
GMT+8: Monday- Saturday 8:00 AM-18:00 PM
GMT: Monday- Saturday 0:00 AM-10:00 AM
Q5: Can I pass my test with your CCSA 156-215.77 practice questions only?
Sure! All of PassQuestion CCSA 156-215.77 practice questions come from real test. If you can practice well and get a good score in our practice Q&As, we ensure you can pass your Check Point Certified Security Administrator exam easily.
Q6: How can I know my 156-215.77 updated?
You can check the number of questions, if it is changed,that means we have updated this exam ,you can contact us anytime to ask for an free update. our sales email : [email protected]
Q7: What is your refund process if I fail Check Point 156-215.77 test?
If you fail your 156-215.77 test by studying our study material, just scan your score report and send to us in attchment,when we check, we will give you full refund.
Q8. What other payment menthod can I use except Paypal?
If your country don't support Paypal, we offer another Payment method Western Union,it is also safe and fast. Pls contact us for the details, we will send it to your email.
Question No : 1
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway¡¯s external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers¡¯ public IP addresses?
A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ¡¯s interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers¡¯ public IP addresses?
A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ¡¯s interface.
Answer: B
Question No : 2
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm¡¯s business partners. Which SmartConsole application should you use to confirm your suspicions?
A. SmartDashboard
B. SmartUpdate
C. SmartView Status
D. SmartView Tracker
A. SmartDashboard
B. SmartUpdate
C. SmartView Status
D. SmartView Tracker
Answer: D
Question No : 3
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
A. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
C. Use automatic Static NAT for network 10.1.1.0/24.
D. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
A. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
C. Use automatic Static NAT for network 10.1.1.0/24.
D. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
Answer: A
Question No : 4
What happens when you run the command. fw sam -J src [Source IP Address]?
A. Connections from the specified source are blocked without the need to change the Security Policy.
B. Connections to the specified target are blocked without the need to change the Security Policy.
C. Connections to and from the specified target are blocked without the need to change the Security Policy.
D. Connections to and from the specified target are blocked with the need to change the Security Policy.
A. Connections from the specified source are blocked without the need to change the Security Policy.
B. Connections to the specified target are blocked without the need to change the Security Policy.
C. Connections to and from the specified target are blocked without the need to change the Security Policy.
D. Connections to and from the specified target are blocked with the need to change the Security Policy.
Answer: A
Question No : 5
Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?
A. Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.
B. Run the command revert to restore the snapshot, establish SIC, and install the Policy.
C. Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.
D. Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.
A. Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.
B. Run the command revert to restore the snapshot, establish SIC, and install the Policy.
C. Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.
D. Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.
Answer: A
Question No : 6
Which utility allows you to configure the DHCP service on GAiA from the command line?
A. ifconfig
B. sysconfig
C. cpconfig
D. dhcp_cfg
A. ifconfig
B. sysconfig
C. cpconfig
D. dhcp_cfg
Answer: B
Question No : 7
What is the default setting when you use NAT?
A. Destination Translated on Server side
B. Destination Translated on Client side
C. Source Translated on both sides
D. Source Translated on Client side
A. Destination Translated on Server side
B. Destination Translated on Client side
C. Source Translated on both sides
D. Source Translated on Client side
Answer: B
Question No : 8
Which of the following is a viable consideration when determining Rule Base order?
A. Placing frequently accessed rules before less frequently accessed rules
B. Grouping IPS rules with dynamic drop rules
C. Adding SAM rules at the top of the Rule Base
D. Grouping rules by date of creation
A. Placing frequently accessed rules before less frequently accessed rules
B. Grouping IPS rules with dynamic drop rules
C. Adding SAM rules at the top of the Rule Base
D. Grouping rules by date of creation
Answer: A
Question No : 9
An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key and the IP address of the Security Gateway. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
A. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.
B. You first need to run the command fw unloadlocal on the R77 Security Gateway appliance in order to remove the restrictive default policy.
C. You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway¡¯s topology.
D. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
A. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.
B. You first need to run the command fw unloadlocal on the R77 Security Gateway appliance in order to remove the restrictive default policy.
C. You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway¡¯s topology.
D. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
Answer: C
Question No : 10
In which Rule Base can you implement an Access Role?
A. DLP
B. Mobile Access
C. IPS
D. Firewall
A. DLP
B. Mobile Access
C. IPS
D. Firewall
Answer: D
Question No : 11
You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?
A. Manual copies of the directory $FWDIR/conf
B. GAiA back up utilities
C. upgrade_export and upgrade_import commands
D. Database Revision Control
A. Manual copies of the directory $FWDIR/conf
B. GAiA back up utilities
C. upgrade_export and upgrade_import commands
D. Database Revision Control
Answer: B
Question No : 12
You have detected a possible intruder listed in SmartView Tracker¡¯s active pane. What is the fastest method to block this intruder from accessing your network indefinitely?
A. Modify the Rule Base to drop these connections from the network.
B. In SmartView Tracker, select Tools > Block Intruder.
C. In SmartView Monitor, select Tools > Suspicious Activity Rules.
D. In SmartDashboard, select IPS > Network Security > Denial of Service.
A. Modify the Rule Base to drop these connections from the network.
B. In SmartView Tracker, select Tools > Block Intruder.
C. In SmartView Monitor, select Tools > Suspicious Activity Rules.
D. In SmartDashboard, select IPS > Network Security > Denial of Service.
Answer: B
Question No : 13
What information is found in the SmartView Tracker Management log?
A. SIC revoke certificate event
B. Destination IP address
C. Most accessed Rule Base rule
D. Number of concurrent IKE negotiations
A. SIC revoke certificate event
B. Destination IP address
C. Most accessed Rule Base rule
D. Number of concurrent IKE negotiations
Answer: A
Question No : 14
Which of these attributes would be critical for a site-to-site VPN?
A. Scalability to accommodate user groups
B. Centralized management
C. Strong authentication
D. Strong data encryption
A. Scalability to accommodate user groups
B. Centralized management
C. Strong authentication
D. Strong data encryption
Answer: D
Question No : 15
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.
A. /etc/sysconfig/netconf.C
B. /etc/conf/route.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
A. /etc/sysconfig/netconf.C
B. /etc/conf/route.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
Answer: A