156-215.77 Exam Questions - Online Test
156-215.77 Premium VCE File
150 Lectures, 20 Hours
Q1. - (Topic 2)
You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
-Allow bi-directional NAT
-Translate destination on client side
Do the above settings limit the partner's access?
A. No. The first setting is not applicable. The second setting will reduce performance.
B. Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.
C. Yes. Both of these settings are only applicable to automatic NAT rules.
D. No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.
Answer: D
Q2. - (Topic 1)
Which of the following statements is TRUE about management plug-ins?
A. A management plug-in interacts with a Security Management Server to provide new features and support for new products.
B. The plug-in is a package installed on the Security Gateway.
C. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
D. Installing a management plug-in is just like an upgrade process.
Answer: A
Q3. - (Topic 2)
In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.
A. 257
B. 256
C. 259
D. 900
Answer: A
Q4. - (Topic 3)
Which R77 GUI would you use to see the number of packets accepted since the last policy install?
A. SmartView Monitor
B. SmartView Status
C. SmartView Tracker
D. SmartDashboard
Answer: A
Q5. - (Topic 3)
What happens if the identity of a user is known?
A. If the user credentials do not match an Access Role, the gateway moves onto the next rule.
B. If the user credentials do not match an Access Role, the system displays the Captive Portal.
C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
D. If the user credentials do not match an Access Role, the system displays a sandbox.
Answer: A
Q6. - (Topic 2)
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.
What is TRUE about the new package's NAT rules?
A. NAT rules will be empty in the new package.
B. Rules 4 and 5 will appear in the new package.
C. Rules 1, 2, 3 will appear in the new package.
D. Only rule 1 will appear in the new package.
Answer: C
Q7. - (Topic 3)
In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
A. Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.
B. Use the command fwm logexport to export the old log files to another location.
C. Configure a script to run fw logswitch and SCP the output file to a separate file server.
D. Do nothing. Old logs are deleted, until free space is restored.
Answer: C
Q8. - (Topic 1)
Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service?
A. ipsofwd on admin
B. ipsofwd slowpath
C. fw fwd routing
D. fw load routed
Answer: A
Q9. - (Topic 3)
As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:
A. in the user object's Authentication screen.
B. in the Gateway object's Authentication screen.
C. in the Global Properties Authentication screen.
D. in the Limit tab of the Client Authentication Action Properties screen.
Answer: D
Q10. - (Topic 3)
You have a diskless appliance platform. How do you keep swap file wear to a minimum?
A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
C. Use PRAM flash devices, eliminating the longevity.
D. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
Answer: D
- Highest Quality 156-215.80 Exam Questions and Answers 2021
- [2021-New] Check Point 156-915.80 Dumps With Update Exam Questions (2-11)
- [2021-New] Check Point 156-215.77 Dumps With Update Exam Questions (131-140)
- [2021-New] Check Point 156-215.77 Dumps With Update Exam Questions (201-210)
- [2021-New] Check Point 156-915.80 Dumps With Update Exam Questions (6-15)
- Check Point 156-215.80 Exam Questions and Answers 2021
- [2021-New] Check Point 156-215.77 Dumps With Update Exam Questions (191-200)
- [2021-New] Check Point 156-915.80 Dumps With Update Exam Questions (5-14)
- [2021-New] Check Point 156-915.80 Dumps With Update Exam Questions (3-12)
- [2021-New] Check Point 156-215.77 Dumps With Update Exam Questions (1-10)