Youre going to get the particular detailed description once you encounter difficulties during your 156-215.77 examine. Ucertify provide you the particular 156-215.77 Check Point Certified Security Administrator – GAiA tips legibly within the 156-215.77 puts. These types of tremendously conserving your own expenditures to get acquainted with the particular Check Point training courses.

2021 Jul 156-215.77 practice exam

Q221. - (Topic 3) 

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________. 

A. client side NAT 

B. source NAT 

C. destination NAT 

D. None of these 

Answer: B 


Q222. - (Topic 3) 

What is a possible reason for the IKE failure shown in this screenshot? 

A. Mismatch in preshared secrets. 

B. Mismatch in Diffie-Hellman group. 

C. Mismatch in VPN Domains. 

D. Mismatch in encryption schemes. 

Answer: A 


Q223. - (Topic 2) 

Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gateway after reboot? 

A. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway. 

B. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway. 

C. The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available. 

D. Since the Security Management Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic. 

Answer: C 


Q224. - (Topic 2) 

NAT can NOT be configured on which of the following objects? 

A. Host 

B. HTTP Logical Server 

C. Address Range 

D. Gateway 

Answer: B 


Q225. - (Topic 3) 

Select the TRUE statements about the Rule Base shown? 

1) HTTP traffic from webrome to websingapore will be encrypted. 2) HTTP traffic from websingapore to webrome will be encrypted. 3) HTTP traffic from webrome to websingapore will be authenticated. 4) HTTP traffic from websingapore to webrome will be blocked. 

A. 1, 2, and 3 

B. 2 and 3 

C. 3 and 4 

D. 3 only 

Answer: C 


156-215.77 exam question

Up to the minute 156-215.77 brain dumps:

Q226. - (Topic 3) 

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base. 

To make this scenario work, the IT administrator must: 

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources. 

2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected. 

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action. 

Ms. McHanry tries to access the resource but is unable. What should she do? 

A. Have the security administrator select the Action field of the Firewall Rule "Redirect HTTP connections to an authentication (captive) portal" 

B. Install the Identity Awareness agent on her iPad 

C. Have the security administrator reboot the firewall 

D. Have the security administrator select Any for the Machines tab in the appropriate Access Role 

Answer: A 


Q227. - (Topic 2) 

Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway? 

A. fw ctl get string active_secpol 

B. cpstat fw -f policy 

C. Check the Security Policy name of the appropriate Gateway in SmartView Monitor. 

D. fw stat 

Answer: A 


Q228. - (Topic 3) 

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? 

A. SmartUpdate 

B. SmartView Status 

C. SmartView Monitor 

D. None, SmartConsole applications only communicate with the Security Management Server. 

Answer: C 


Q229. - (Topic 1) 

Over the weekend, an Administrator without access to SmartDashboard installed a new R77 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy? 

A. You first need to run the command fw unloadlocal on the new Security Gateway. 

B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on both the Security Gateway and the Management Server. 

C. You first need to initialize SIC in SmartUpdate. 

D. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server. 

Answer: D 

22. - (Topic 1) 

How can you reset the Security Administrator password that was created during initial Security Management Server installation on SecurePlatform? 

A. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Password portion of the file. Then log in to the account without a password. You will be prompted to assign a new password. 

B. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator. 

C. Type cpm -a, and provide the existing administrator's account name. Reset the Security Administrator's password. 

D. As expert user Type fwm -a, and provide the existing administrator's account name. Reset the Security Administrator's password. 

Answer: D 


Q230. - (Topic 2) 

Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows: 

RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5. 

The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. 

Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements? 

A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 

200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3. 

B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 

200.200.200.3 for the MAC address of 200.200.200.5. 

C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 

200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 

200.200.200.3. 

D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source -group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original. 

Answer: C