Master the ccsa 156 215.77 content and be ready for exam day success quickly with this checkpoint 156 215.77. We guarantee it!We make it a reality and give you real 156 215.77 pdf in our Check Point 156-215.77 braindumps. Latest 100% VALID checkpoint 156 215.77 at below page. You can use our Check Point 156-215.77 braindumps and pass your exam.
Online 156-215.77 free questions and answers of New Version:
NEW QUESTION 1
Which of the following is NOT an option for internal network definition of Anti-spoofing?
- A. Specific – derived from a selected object
- B. Route-based – derived from gateway routing table
- C. Network defined by the interface IP and Net Mask
- D. Not-defined
NEW QUESTION 2
You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
- Allow bi-directional NAT
- Translate destination on client side
Do the above settings limit the partner’s access?
- A. Ye
- B. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.
- C. N
- D. The first setting is not applicabl
- E. The second setting will reduce performance.
- F. Ye
- G. Both of these settings are only applicable to automatic NAT rules.
- H. N
- I. The first setting is only applicable to automatic NAT rule
- J. The second setting will force translation by the kernel on the interface nearest to the client.
NEW QUESTION 3
Where is the easiest and BEST place to find information about connections between two machines?
- A. All options are valid.
- B. On a Security Gateway using the command fw log.
- C. On a Security Management Server, using SmartView Tracker.
- D. On a Security Gateway Console interface; it gives you detailed access to log files and state table information.
NEW QUESTION 4
You have detected a possible intruder listed in SmartView Tracker’s active pane. What is the fastest method to block this intruder from accessing your network indefinitely?
- A. Modify the Rule Base to drop these connections from the network.
- B. In SmartView Tracker, select Tools > Block Intruder.
- C. In SmartView Monitor, select Tools > Suspicious Activity Rules.
- D. In SmartDashboard, select IPS > Network Security > Denial of Service.
NEW QUESTION 5
You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?
- A. SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on the Security Management Server’s Operating System.
- B. SmartView Tracker in Network and Endpoint Mode
- C. SmartView Tracker in Active Mode
- D. SmartView Tracker in Management Mode
NEW QUESTION 6
Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?
- A. Symmetric IPsec keys are generated.
- B. Each Security Gateway generates a private Diffie-Hellman (DH) key from random pools.
- C. The DH public keys are exchanged.
- D. Peers authenticate using certificates or preshared secrets.
NEW QUESTION 7
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:
- A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
- B. SmartUpdate wizard walks the Administrator through a distributed installation.
- C. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
- D. selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.
NEW QUESTION 8
Which of the following uses the same key to decrypt as it does to encrypt?
- A. Asymmetric encryption
- B. Dynamic encryption
- C. Certificate-based encryption
- D. Symmetric encryption
NEW QUESTION 9
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?
- A. The POP3 rule is disabled.
- B. POP3 is accepted in Global Properties.
- C. The POP3 rule is hidden.
- D. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.
NEW QUESTION 10
You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem?
- A. The object was created with Node > Gateway.
- B. No Masters file is created for the new Gateway.
- C. The Gateway object is not specified in the first policy rule column Install On.
- D. The new Gateway's temporary license has expired.
NEW QUESTION 11
Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?
- A. Bridge
- B. Load Sharing
- C. High Availability
- D. Fail Open
NEW QUESTION 12
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office.
What is the correct order for pushing SIC certificates to the Gateway before shipping it?
- A. 2, 3, 4, 1, 5
- B. 2, 1, 3, 4, 5
- C. 1, 3, 2, 4, 5
- D. 2, 3, 4, 5, 1
NEW QUESTION 13
Which of the following commands can provide the most complete restoration of a R77 configuration?
- A. upgrade_import
- B. cpinfo -recover
- C. cpconfig
- D. fwm dbimport -p <export file>
NEW QUESTION 14
Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots.
What occurs with the remote Gateway after reboot?
- A. Since the Security Management Server is not available, the remote Gateway cannotfetch the Security Polic
- B. Therefore, all traffic is allowed through the Gateway.
- C. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Polic
- D. Therefore, no traffic is allowed through the Gateway.
- E. The remote Gateway fetches the last installed Security Policy locally and passes traffic normall
- F. The Gateway will log locally, since the Security Management Server is not available.
- G. Since the Security Management Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.
NEW QUESTION 15
Which tool CANNOT be launched from SmartUpdate R77?
- A. IP Appliance Voyager
- B. snapshot
- C. GAiA WebUI
- D. cpinfo
NEW QUESTION 16
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway’s VPN domain?
- A. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
- B. An office mode address must be obtained by the client.
- C. The SNX client application must be installed on the client.
- D. Active-X must be allowed on the client.
Recommend!! Get the Full 156-215.77 dumps in VCE and PDF From Certleader, Welcome to Download: https://www.certleader.com/156-215.77-dumps.html (New 388 Q&As Version)