Want to know Exambible ccsa 156 215.77 Exam practice test features? Want to lear more about Check Point Check Point Certified Security Administrator – GAiA certification experience? Study Download Check Point ccsa 156 215.77 answers to Up to the immediate present ccsa 156 215.77 questions at Exambible. Gat a success with an absolute guarantee to pass Check Point 156 215.77 pdf (Check Point Certified Security Administrator – GAiA) test on your first attempt.
Q16. - (Topic 1)
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. SecureClient
B. Security Gateway
C. None, Security Management Server would be installed by itself.
D. SmartConsole
Answer: B
Q17. - (Topic 2)
Which of the following can be found in cpinfo from an enforcement point?
A. Policy file information specific to this enforcement point
B. The complete file objects_5_0.c
C. VPN keys for all established connections to all enforcement points
D. Everything NOT contained in the file r2info
Answer: A
106. - (Topic 2)
What is the default setting when you use NAT?
A. Source Translated on Client side
B. Source Translated on both sides
C. Destination Translated on Client side
D. Destination Translated on Server side
Answer: C
Q18. - (Topic 1)
Your primary Security Gateway runs on SecurePlatform. What is the easiest way to back up your Security Gateway R77 configuration, including routing and network configuration files?
A. Using the native SecurePlatform backup utility from command line or in the Web based user interface.
B. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
C. Using the command upgrade_export.
D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.
Answer: A
Q19. - (Topic 3)
Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.
A. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
B. Enable User Directory in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
C. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
Answer: B
Q20. - (Topic 2)
One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?
A. There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.
B. The time on the Security Management Server's clock has changed, which invalidates the remote Gateway's Certificate.
C. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
D. The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
Answer: A
152. - (Topic 2)
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
A. Restore the entire database, except the user database, and then create the new user and user group.
B. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.
C. Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.
D. Restore the entire database, except the user database.
Answer: D
Q21. - (Topic 3)
Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?
A. All Users
B. External-user group
C. A group with a generic user
D. LDAP group
Answer: D
Q22. - (Topic 2)
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R77 Gateway.
B. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
C. The Security Policy installed to the Gateway had no rules in it.
D. The Allow Control Connections setting in Policy > Global Properties has been unchecked.
Answer: D
Q23. - (Topic 3)
With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?
A. Allow traffic outside the encrypted domain
B. Allow your users to turn off SecureClient
C. Allow for unencrypted traffic
D. Enable Hot Spot/Hotel Registration
Answer: D
Q24. - (Topic 1)
Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service?
A. ipsofwd on admin
B. ipsofwd slowpath
C. fw fwd routing
D. fw load routed
Answer: A
Q25. - (Topic 3)
Which of the following items should be configured for the Security Management Server to authenticate via LDAP?
A. Windows logon password
B. Active Directory Server object
C. WMI object
D. Check Point Password
Answer: B
Q26. - (Topic 1)
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. cpstat - date.cpstat.txt
B. fw cpinfo
C. cpinfo -o date.cpinfo.txt
D. diag
Answer: C
Q27. - (Topic 3)
Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:
A. Three star Communities: The first one is between New York headquarters and its branches. The second star Community is between London headquarters and its branches. The third star Community is between New York and London headquarters but it is irrelevant which site is "center" and which "satellite".
B. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the "mesh center Gateways" option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window.
C. Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite.
D. Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters.
Answer: A
Q28. - (Topic 2)
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?
A. Install the View Implicit Rules package using SmartUpdate.
B. Define two log servers on the R77 Gateway object. Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
C. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
D. Check the Log Implied Rules Globally box on the R77 Gateway object.
Answer: C
Q29. - (Topic 2)
The fw monitor utility is used to troubleshoot which of the following problems?
A. Address translation
B. Log Consolidation Engine
C. User data base corruption D. Phase two key negotiation
Answer: A
Q30. - (Topic 3)
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:
A. SmartUpdate wizard walks the Administrator through a distributed installation.
B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
C. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
D. selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.
Answer: C