we provide Accurate Check Point exam 156 215.77 free question which are the best for clearing exam 156 215.77 test, and to get certified by Check Point Check Point Certified Security Administrator – GAiA. The exam 156 215.77 Questions & Answers covers all the knowledge points of the real ccsa 156 215.77 exam. Crack your Check Point exam 156 215.77 Exam with latest dumps, guaranteed!
Q1. - (Topic 3)
Which of the following is NOT true for Clientless VPN?
A. User Authentication is supported.
B. Secure communication is provided between clients and servers that support HTTP.
C. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN.
D. The Gateway can enforce the use of strong encryption.
Q2. - (Topic 2)
Which rule is responsible for the installation failure?
A. Rule 3
B. Rule 5
C. Rule 6
D. Rule 4
Q3. - (Topic 3)
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect.
How does he solve this problem?
A. John should lock and unlock the computer
B. Investigate this as a network connectivity issue
C. John should install the Identity Awareness Agent
D. The firewall admin should install the Security Policy
Q4. - (Topic 2)
What is the purpose of a Stealth Rule?
A. To permit implied rules.
B. To drop all traffic to the management server that is not explicitly permitted.
C. To prevent users from connecting directly to the gateway.
D. To permit management traffic.
Q5. - (Topic 3)
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicions?
C. SmartView Status
D. SmartView Tracker
Q6. - (Topic 2)
To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?
A. This cannot be configured since two selections (Service, Action) are not possible.
B. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the Security Management Server cpinfo file.
C. In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. "HTTP_SSH") and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND.
D. In SmartDashboard, right-click in the column field Service > Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here.
Q7. - (Topic 3)
How can you reset the Security Administrator password that was created during initial Security Management Server installation on GAiA?
A. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.
B. As expert user Type fwm -a, and provide the existing administrator’s account name. Reset the Security Administrator’s password.
C. Type cpm -a, and provide the existing administrator’s account name. Reset the Security Administrator’s password.
D. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Password portion of the file. Then log in to the account without a password. You will be prompted to assign a new password.
Q8. - (Topic 1)
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Q9. - (Topic 3)
The R77 fw monitor utility is used to troubleshoot which of the following problems?
A. User data base corruption
B. Traffic issues
C. Phase two key negotiation
D. Log Consolidation Engine
Q10. - (Topic 3)
When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)?
A. (8) Delete all IPsec+IKE SAs for a given User (Client)
B. (5) Delete all IPsec SAs for a given peer (GW)
C. (6) Delete all IPsec SAs for a given User (Client)
D. (7) Delete all IPsec+IKE SAs for a given peer (GW)