[Free] Download New Updated (April 2016) Checkpoint 156-215.77 Actual Tests 151-160

Ensurepass

QUESTION 151

One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?

 

A.

There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

B.

The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway’s Certificate.

C.

The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.

D.

The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.

 

Correct Answer: A

 

 

QUESTION 152

You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?

 

A.

Restore the entire database, except the user database, and then create the new user and user group.

B.

Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.

C.

Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.

D.

Restore the entire database, except the user database.

 

Correct Answer: D

 

 

QUESTION 153

Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:

 

A.

SIC names.

B.

MAC addresses.

C.

IP addresses.

D.

SIC is not NAT-tolerant.

 

Correct Answer: A

 

 

QUESTION 154

You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the best answer.

 

A.

The Administrator decides the rule order by shifting the corresponding rules up and down.

B.

The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

C.

The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

D.

The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.

 

Correct Answer: C

 

 

QUESTION 155

A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?

 

A.

A Stealth Rule has been configured for the R77 Gateway.

B.

The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.

C.

The Security Policy installed to the Gateway had no rules in it.

D.

The Allow Control Connections setting in Policy > Global Properties has been unchecked.

 

Correct Answer: D

 

 

QUESTION 156

Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?

 

A.

upgrade_export/upgrade_import

B.

dbexport/dbimport

C.

Database Revision Control

D.

Policy Package management

 

Correct Answer: C

 

 

QUESTION 157

While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?

 

1. Select Active Mode tab in SmartView Tracker.

2. Select Tools > Block Intruder.

3. Select Log Viewing tab in SmartView Tracker.

4. Set Blocking Timeout value to 60 minutes.

5. Highlight connection that should be blocked.

 

A.

3, 5, 2, 4

B.

1, 5, 2, 4

C.

1, 2, 5, 4

D.

3, 2, 5, 4

 

Correct Answer: B

 

 

QUESTION 158

Which SmartView Tracker select
ion would most effectively show who installed a Security Policy blocking all traffic from the corporate network?

 

A.

Network and Endpoint tab

B.

Custom filter

C.

Management tab

D.

Active tab

Correct Answer: C

 

 

QUESTION 159

Of the following, what parameters will not be preserved when using Database Revision Control?

 

clip_image002

 

A.

3, 4, 5, 6, 9, 12, 13

B.

1, 2, 8, 10, 11

C.

5, 6, 9, 12, 13

D.

2, 4, 7, 10, 11

 

Correct Answer: A

 

 

QUESTION 160

You can include External commands in SmartView Tracker by the menu Tools > Custom Commands. The Security Management Server is running under SecurePlatform, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address?

 

A.

There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup.

B.

Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list.

C.

Use the program GUIdbedit to add the command traceroute to the Security Management Server properties.

D.

Go to the menu, Tools > Custom Commands and configure the Linux command traceroute to the list.

 

Correct Answer: B

 

Free VCE & PDF File for Checkpoint 156-215.77 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …