A Review Of High Value 156-915.77 Preparation Exams

NEW QUESTION 1

Which of the following statements accurately describes the command upgrade_export?

• A. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
• B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.
• C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
• D. This command is no longer supported in GAiA.

Answer: B

NEW QUESTION 2

When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?

• A. Leveraging identity in the application control blade
• B. Basic identity enforcement in the internal network
• C. Identity-based auditing and logging
• D. Identity-based enforcement for non-AD users (non-Windows and guest users)

Answer: D

NEW QUESTION 3

After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?

• A. The packet has been sent out through a VPN tunnel unencrypted.
• B. An IPSO ACL has blocked the packet’s outbound passage.
• C. A SmartDefense module has blocked the packet.
• D. It is due to NAT.

Answer: D

NEW QUESTION 4

Peter is your new Security Administrator. On his first working day, he is very nervous and enters the wrong password three times. His account is locked. What can be done to unlock Peter’s account? Give the BEST answer.

• A. You can unlock Peter’s account by using the command fwm lock_admin -u Peter on the Security Management Server.
• B. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Management Server
• C. It is not possible to unlock Peter’s accoun
• D. You have to install the firewall once again or abstain from Peter’s help.
• E. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Gateway.

Answer: A

NEW QUESTION 5

John is configuring a new R77 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.

What’s happening?

• A. ClusterXL needs to be unselected to permit third party clustering configuration.
• B. Third Party Clustering is not available for R77 Security Gateways.
• C. John has an invalid ClusterXL license.
• D. John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.

Answer: A

NEW QUESTION 6

You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that?
Exhibit:

1) fw2 is a member in a VPN community.
2) ClusterXL software blade is not enabled on fw2.
3) fw2 is a DAIP Gateway.

• A. 2 or 3
• B. 1 or 2
• C. 1 or 3
• D. All

Answer: C

NEW QUESTION 7

Which file defines the fields for each object used in the file objects.C (color, num/string, default value…)?

• A. $FWDIR/conf/classes.C
• B. $FWDIR/conf/scheam.C
• C. $FWDIR/conf/fields.C
• D. $FWDIR/conf/table.C

Answer: A

NEW QUESTION 8

Which statements about Management HA are correct?
1) Primary SmartCenter describes first installed SmartCenter
2) Active SmartCenter is always used to administrate with SmartConsole
3) Active SmartCenter describes first installed SmartCenter
4) Primary SmartCenter is always used to administrate with SmartConsole

• A. 1 and 4
• B. 2 and 3
• C. 1 and 2
• D. 3 and 4

Answer: C

NEW QUESTION 9

You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?

• A. No action is needed because cpshell has a timeout of one hour by default.
• B. Log in as the default user expert and start cpinfo.
• C. Log in as admin, switch to expert mode, set the timeout to one hour with the command,idle 60, then start cpinfo.
• D. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.

Answer: D

NEW QUESTION 10

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

• A. o=outbound kernel, before the virtual machine
• B. I=inbound kernel, after the virtual machine
• C. O=outbound kernel, after the virtual machine
• D. i=inbound kernel, before the virtual machine

Answer: B

NEW QUESTION 11

To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

• A. Source
• B. Track
• C. User
• D. Action

Answer: A

NEW QUESTION 12

How granular may an administrator filter an Access Role with identity awareness? Per:

• A. Specific ICA Certificate
• B. AD User
• C. Radius Group
• D. Windows Domain

Answer: B

NEW QUESTION 13

Match the ClusterXL modes with their configurations. Exhibit:

• A. A-2, B-3, C-4, D-1
• B. A-2, B-3, C-1, D-5
• C. A-3, B-5, C-1, D-4
• D. A-5, B-2, C-4, D-1

Answer: C

NEW QUESTION 14

Where do you verify that UserDirectory is enabled?

• A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
• B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
• C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
• D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

Answer: D

NEW QUESTION 15

When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: A

NEW QUESTION 16
......