Proper study guides for 156-215.77 Check Point Certified Security Administrator – GAiA certified begins with exam 156 215.77 preparation products which designed to deliver the exam 156 215.77 by making you pass the 156-215.77 test at your first time. Try the free 156 215.77 pdf right now.
Free demo questions for Check Point 156-215.77 Exam Dumps Below:
NEW QUESTION 1
When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?
- A. Leveraging identity in the application control blade
- B. Basic identity enforcement in the internal network
- C. Identity-based auditing and logging
- D. Identity-based enforcement for non-AD users (non-Windows and guest users)
NEW QUESTION 2
Which of the following is NOT a valid option when configuring access for Captive Portal?
- A. From the Internet
- B. Through internal interfaces
- C. Through all interfaces
- D. According to the Firewall Policy
NEW QUESTION 3
You review this Security Policy because Rule 4 is inhibited. Which Rule is responsible? Exhibit:
- A. No rule inhibits Rule 4.
- B. Rule 1
- C. Rule 2
- D. Rule 3
NEW QUESTION 4
You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:
Unknown established connection
How do you resolve this problem without causing other security issues? Choose the BEST answer.
- A. Increase the service-based session timeout of the default Telnet service to 24-hours.
- B. Ask the mainframe users to reconnect every time this error occurs.
- C. Increase the TCP session timeout under Global Properties > Stateful Inspection.
- D. Create a new TCP service object on port 23 called Telnet-mainfram
- E. Define a service- based session timeout of 24-hour
- F. Use this new object only in the rule that allows the Telnet connections to the mainframe.
NEW QUESTION 5
You want to reset SIC between smberlin and sgosaka.
In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:
What is the reason for this behavior?
- A. The Gateway was not rebooted, which is necessary to change the SIC key.
- B. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
- C. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
- D. The activation key contains letters that are on different keys on localized keyboard
- E. Therefore, the activation can not be typed in a matching fashion.
NEW QUESTION 6
Where can an administrator configure the notification action in the event of a policy install time change?
- A. SmartView Monitor > Gateways > Thresholds Settings
- B. SmartView Monitor > Gateway Status > System Information > Thresholds
- C. SmartDashboard > Policy Package Manager
- D. SmartDashboard > Security Gateway Object > Advanced Properties Tab
NEW QUESTION 7
When using an encryption algorithm, which is generally considered the best encryption method?
- A. Triple DES
- B. AES-256
- C. CAST cipher
- D. DES
NEW QUESTION 8
Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What would be the correct order of steps needed to perform this task?
- A. 5, 1, 2, 4
- B. 5, 1, 4, 2
- C. 3, 1, 4, 2
- D. 2, 3, 1, 4
NEW QUESTION 9
Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.
- A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
- B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
- C. Enable User Directory in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
- D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
NEW QUESTION 10
Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the
- A. Identity Awareness Agent
- B. Full Endpoint Client
- C. ICA Certificate
- D. SecureClient
NEW QUESTION 11
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway’s side with the command cpconfig and put in the same activation key in the Gateway’s object on the Security Management Server. Unfortunately, SIC can not be established. What is a possible reason for the problem?
- A. The installed policy blocks the communication.
- B. The old Gateway object should have been deleted and recreated.
- C. Joe forgot to exit from cpconfig.
- D. Joe forgot to reboot the Gateway.
NEW QUESTION 12
UDP packets are delivered if they are .
- A. a stateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP
- B. a valid response to an allowed request on the inverse UDP ports and IP
- C. bypassing the kernel by the forwarding layer of ClusterXL
- D. referenced in the SAM related dynamic tables
NEW QUESTION 13
Where can you find the Check Point’s SNMP MIB file?
- A. $CPDIR/lib/snmp/chkpt.mib
- B. $FWDIR/conf/snmp.mib
- C. It is obtained only by request from the TAC.
- D. There is no specific MIB file for Check Point products.
NEW QUESTION 14
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the
interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.
- A. /etc/sysconfig/netconf.C
- B. /etc/conf/route.C
- C. /etc/sysconfig/network-scripts/ifcfg-ethx
- D. /etc/sysconfig/network
NEW QUESTION 15
Packages and licenses are loaded into the SmartUpdate repositories from which sources?
- A. Download Center, Check Point DVD, User Center, and from command cplic
- B. FTP server, User Center from a file
- C. User Center, manually, SCP server
- D. command cplic, manually, from a file
NEW QUESTION 16
Where does the security administrator activate Identity Awareness within SmartDashboard?
- A. Gateway Object > General Properties
- B. Security Management Server > Identity Awareness
- C. Policy > Global Properties > Identity Awareness
- D. LDAP Server Object > General Properties
Recommend!! Get the Full 156-215.77 dumps in VCE and PDF From 2passeasy, Welcome to Download: https://www.2passeasy.com/dumps/156-215.77/ (New 388 Q&As Version)