Want to know Testking ccsa 156 215.77 Exam practice test features? Want to lear more about Check Point Check Point Certified Security Administrator – GAiA certification experience? Study Download Check Point exam 156 215.77 answers to Replace 156 215.77 pdf questions at Testking. Gat a success with an absolute guarantee to pass Check Point checkpoint 156 215.77 (Check Point Certified Security Administrator – GAiA) test on your first attempt.

Q31. - (Topic 1) 

You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout? 

A. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo. 

B. Log in as the default user expert and start cpinfo. 

C. No action is needed because cpshell has a timeout of one hour by default. 

D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo. 

Answer:


Q32. - (Topic 3) 

What action CANNOT be run from SmartUpdate R77? 

A. Reboot Gateway 

B. Fetch sync status 

C. Get all Gateway Data 

D. Preinstall verifier 

Answer:


Q33. - (Topic 1) 

Your company is running Security Management Server R77 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account? 

A. Using cpconfig on the Security Management Server, choose Administrators 

B. Using SmartDashboard, under Users, select Add New Administrator 

C. Using the Web console on SecurePlatform under Product configuration, select Administrators 

D. Using SmartDashboard or cpconfig 

Answer:


Q34. - (Topic 3) 

You have a diskless appliance platform. How do you keep swap file wear to a minimum? 

A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted. 

B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement. 

C. Use PRAM flash devices, eliminating the longevity. 

D. A RAM drive reduces the swap file thrashing which causes fast wear on the device. 

Answer:


Q35. - (Topic 2) 

Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway? 

A. Audit Tab 

B. All Records Query 

C. Active Tab 

D. Account Query 

Answer:


Q36. - (Topic 3) 

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. 

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. 

To make this scenario work, the IT administrator: 

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. 

What should John do when he cannot access the web server from a different personal computer? 

A. John should lock and unlock his computer 

B. John should install the Identity Awareness Agent 

C. Investigate this as a network connectivity issue 

D. The access should be changed to authenticate the user instead of the PC 

Answer:


Q37. - (Topic 3) 

The customer has a small Check Point installation which includes one Windows 2008 server as the SmartConsole and a second server running GAiA as both Security Management Server and the Security Gateway. This is an example of a(n): 

A. Distributed Installation 

B. Unsupported configuration 

C. Hybrid Installation 

D. Stand-Alone Installation 

Answer:


Q38. - (Topic 3) 

Captive Portal is a __________ that allows the gateway to request login information from the user. 

A. LDAP server add-on 

B. Transparent network inspection tool 

C. Separately licensed feature 

D. Pre-configured and customizable web-based tool 

Answer:


Q39. - (Topic 2) 

How do you use SmartView Monitor to compile traffic statistics for your company's Internet Web activity during production hours? 

A. View total packets passed through the Security Gateway. 

B. Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway. 

C. Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day. 

D. Select Tunnels view, and generate a report on the statistics. 

Answer:


Q40. - (Topic 3) 

Access Role objects define users, machines, and network locations as: 

A. One object 

B. Credentialed objects 

C. Separate objects 

D. Linked objects 

Answer:


Q41. - (Topic 1) 

You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem? 

A. The new Gateway's temporary license has expired. 

B. The object was created with Node > Gateway. 

C. The Gateway object is not specified in the first policy rule column Install On. 

D. No Masters file is created for the new Gateway. 

Answer:


Q42. - (Topic 1) 

What are you required to do before running the command upgrade_export? 

A. Run a cpstop on the Security Management Server. 

B. Run a cpstop on the Security Gateway. 

C. Close all GUI clients. 

D. Run cpconfig and set yourself up as a GUI client. 

Answer:


Q43. - (Topic 2) 

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server? 

A. A static route for the NAT IP must be added to the Gateway's upstream router. 

B. Automatic ARP must be unchecked in the Global Properties. 

C. Nothing else must be configured. 

D. A static route must be added on the Security Gateway to the internal host. 

Answer:


Q44. - (Topic 3) 

Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a: 

A. Client Authentication rule using the manual sign-on method, using HTTP on port 900 

B. Client Authentication rule, using partially automatic sign on 

C. Client Authentication for fully automatic sign on 

D. Session Authentication rule 

Answer:


Q45. - (Topic 2) 

Which of the following is a viable consideration when determining Rule Base order? 

A. Grouping IPS rules with dynamic drop rules 

B. Grouping reject and drop rules after the Cleanup Rule 

C. Placing more restrictive rules before more permissive rules 

D. Grouping authentication rules with QOS rules 

Answer: