[Free] Download New Updated (April 2016) Checkpoint 156-215.77 Actual Tests 191-200

Ensurepass

QUESTION 191

Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?

 

A.

Audit Tab

B.

All Records Query

C.

Active Tab

D.

Account Query

 

Correct Answer: C

 

 

QUESTION 192

All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:

 

A.

Exclusion of specific services for reporting purposes.

B.

Specific traffic that facilitates functionality, such as logging, management, and key exchange.

C.

Acceptance of IKE and RDP traffic for communication and encryption purposes.

D.

Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.

 

Correct Answer: A

 

 

QUESTION 193

You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:

 

“Unknown established connection”

 

How do you resolve this problem without causing other security issues? Choose the BEST answer.

 

A.

Increase the service-based session timeout of the default Telnet service to 24-hours.

B.

Increase the TCP session timeout under Global Properties > Stateful Inspection.

C.

Create a new TCP service object on port 23 called Telnet-mainframe. Define a service- based session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

D.

Ask the mainframe users to reconnect every time this error occurs.

 

Correct Answer: C

 

 

QUESTION 194

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

 

A.

source on client side

B.

source on server side

C.

destination on client side

D.

destination on server side

 

Correct Answer: C

 

 

QUESTION 195

Which SmartConsole tool would you use to see the last policy pushed in the audit log?

 

A.

SmartView Tracker

B.

SmartView Status

C.

None, SmartConsole applications only communicate with the Security Management Server.

D.

SmartView Server

 

Correct Answer: A

 

 

 

 

 

 

 

 

QUESTION 196

You just installed a new Web server in the DMZ that must be reachable from the Internet.

 

You create a manual Static NAT rule as follows:

 

clip_image002

 

“web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT.

 

When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason?

 

A.

There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address.

B.

There is no ARP table entry for the protected Web server’s public IP address.

C.

There is no Security Policy defined that allows HTTP traffic to the protected Web server.

D.

There is no NAT rule translating the source IP address of packets coming from the protected Web server.

 

Correct Answer: D

 

 

QUESTION 197

Where is the easiest and BEST place to find information about connections between two machines?

 

A.

On a Security Gateway Console interface; it gives you detailed access to log files and state table information.

B.

On a Security Management Server, using SmartView Tracker.

C.

All options are valid.

D.

On a Security Gateway using the command fw log.

 

Correct Answer: B

 

 

 

 

 

 

QUESTION 198

What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?

 

A.

Install the View Implicit Rules package using SmartUpdate.

B.

Define two log servers on the R77 Gateway object. Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.

C.

In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.

D.

Check the Log Implied Rules Globally box on the R77 Gateway object.

 

Correct Answer: C

 

 

QUESTION 199

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

 

A.

A static route for the NAT IP must be added to the Gateway’s upstream router.

B.

Automatic ARP must be unchecked in the Global Properties.

C.

Nothing else must be configured.

D.

A static route must be added on the Security Gateway to the internal host.

 

Correct Answer: D

 

 

QUESTION 200

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

 

A.

All connections are reset, so a policy install is recommended during announced downtime only.

B.

Users being authenticated by Client Authentication have to re-authenticate.

C.

Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.

D.

All FTP downloads are reset; users have to start their downloads again.

 

Correct Answer: B

 

Free VCE & PDF File for Checkpoint 156-215.77 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …