Want to Pass 156-915.77 Exam In Next HOURS? Get it now →
February 12, 2018

Finding Renew 156-915.77 answers

Ucertify 156-915.77 Questions are updated and all 156-915.77 answers are verified by experts. Once you have completely prepared with our 156-915.77 exam prep kits you will be ready for the real 156-915.77 exam without a problem. We have Update Check Point 156-915.77 dumps study guide. PASSED 156-915.77 First attempt! Here What I Did.

Q61. - (Topic 8) 

When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method? 

A. Leveraging identity in the application control blade 

B. Basic identity enforcement in the internal network 

C. Identity-based auditing and logging 

D. Identity-based enforcement for non-AD users (non-Windows and guest users) 

Answer:


Q62. CORRECT TEXT - (Topic 14) 

Type the command and syntax you would use to verify that your Check Point cluster is functioning correctly. 

Answer: cphaprob state 


Q63. - (Topic 14) 

Review the Rule Base displayed. 

For which rules will the connection templates be generated in SecureXL? 

A. Rules 2 and 5 

B. Rules 2 through 5 

C. Rule 2 only 

D. All rules except Rule 3 

Answer:


Q64. - (Topic 1) 

What is the syntax for uninstalling a package using newpkg? 

A. -u <pathname of package> 

B. -i <full pathname of package> 

C. -S <pathname of package> 

D. newpkg CANNOT be used to uninstall a package 

Answer:


Q65. - (Topic 2) 

You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout? 

A. No action is needed because cpshell has a timeout of one hour by default. 

B. Log in as the default user expert and start cpinfo. 

C. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo. 

D. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo. 

Answer:

Topic 3, Deployment Platforms Obj 3 


Q66. - (Topic 4) 

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: 

Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original 

“web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT. 

When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason? 

A. There is no Security Policy defined that allows HTTP traffic to the protected Web server. 

B. There is no ARP table entry for the protected Web server’s public IP address. 

C. There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address. 

D. There is no NAT rule translating the source IP address of packets coming from the protected Web server. 

Answer:


Q67. - (Topic 13) 

The connection to the ClusterXL member ‘A’ breaks. The ClusterXL member ‘A’ status is now ‘down’. Afterwards the switch admin set a port to ClusterXL member ‘B’ to ‘down’. What will happen? 

A. ClusterXL member ‘B’ also left the cluster. 

B. ClusterXL member ‘B’ stays active as last member. 

C. Both ClusterXL members share load equally. 

D. ClusterXL member ‘A’ is asked to come back to cluster. 

Answer:

Topic 14, Advanced Clustering and Acceleration 


Q68. - (Topic 4) 

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________. 

A. client side NAT 

B. source NAT 

C. destination NAT 

D. None of these 

Answer:


Q69. - (Topic 7) 

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base. 

To make this scenario work, the IT administrator must: 

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources. 

2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected. 

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action. 

Ms. McHanry tries to access the resource but is unable. What should she do? 

A. Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal” 

B. Have the security administrator reboot the firewall 

C. Have the security administrator select Any for the Machines tab in the appropriate Access Role 

D. Install the Identity Awareness agent on her iPad 

Answer:


Q70. - (Topic 1) 

Which of the following statements accurately describes the command upgrade_export? 

A. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server. 

B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version. 

C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting. 

D. This command is no longer supported in GAiA. 

Answer:



see more free 156-915.77 exam dumps