It is impossible to pass Check Point 156-215.77 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed Check Point 156-215.77 practice questions. You will get a surprising result by our Improved Check Point Certified Security Administrator – GAiA practice guides.

2021 Aug 156-215.77 practice question

Q81. - (Topic 2) 

A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for? 

A. Secure Internal Communications (SIC) not configured for the object. 

B. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object. 

C. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box. 

D. Anti-spoofing not configured on the interfaces on the Gateway object. 

Answer: C 


Q82. - (Topic 1) 

Spoofing is a method of: 

A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation. 

B. Making packets appear as if they come from an authorized IP address. 

C. Detecting people using false or wrong authentication logins. 

D. Hiding your firewall from unauthorized users. 

Answer: B 


Q83. - (Topic 2) 

Which SmartConsole tool would you use to see the last policy pushed in the audit log? 

A. SmartView Tracker 

B. SmartView Status 

C. None, SmartConsole applications only communicate with the Security Management Server. 

D. SmartView Server 

Answer: A 

197. - (Topic 2) 

Where is the easiest and BEST place to find information about connections between two machines? 

A. On a Security Gateway Console interface; it gives you detailed access to log files and state table information. 

B. On a Security Management Server, using SmartView Tracker. 

C. All options are valid. 

D. On a Security Gateway using the command fw log. 

Answer: B 


Q84. - (Topic 1) 

You need to completely reboot the Operating System after making which of the following changes on the Security Gateway? (i.e. the command cprestart is not sufficient.) 

1.

 Adding a hot-swappable NIC to the Operating System for the first time. 

2.

 Uninstalling the R75 Power/UTM package. 

3.

 Installing the R75 Power/UTM package. 

4.

 Re-establishing SIC to the Security Management Server. 

5.

 Doubling the maximum number of connections accepted by the Security Gateway. 

A. 2, 3 only 

B. 3 only 

C. 3, 4, and 5 only 

D. 1, 2, 3, 4, and 5 

Answer: A 


Q85. - (Topic 2) 

By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server: 

A. Purges the current log file, and prompts you for the new log's mode. 

B. Purges the current log file, and starts a new log file. 

C. Saves the current log file, names the log file by date and time, and starts a new log file. 

D. Prompts you to enter a filename, and then saves the log file. 

Answer: C 


156-215.77 testing engine

Abreast of the times 156-215.77 test question:

Q86. - (Topic 3) 

You cannot use SmartDashboard's User Directory features to connect to the LDAP server. What should you investigate? 

1) Verify you have read-only permissions as administrator for the operating system. 

2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server. 

3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration. 

A. 2 and 3 

B. 1 and 3 

C. 1 and 2 

D. 1, 2, and 3 

Answer: A 


Q87. - (Topic 3) 

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup? 

A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel. 

B. All is fine and can be used as is. 

C. The two algorithms do not have the same key length and so don't work together. You will get the error …. No proposal chosen…. 

D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1. 

Answer: D 


Q88. - (Topic 3) 

Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________. 

A. ICA Certificate 

B. SecureClient 

C. Full Endpoint Client 

D. Identity Awareness Agent 

Answer: D 


Q89. - (Topic 2) 

Which statement is TRUE about implicit rules? 

A. You create them in SmartDashboard. 

B. The Gateway enforces implicit rules that enable outgoing packets only. 

C. Changes to the Security Gateway's default settings do not affect implicit rules. 

D. They are derived from Global Properties and explicit object properties. 

Answer: D 


Q90. - (Topic 2) 

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker? 

A. Two, one for outbound, one for inbound 

B. Only one, inbound 

C. Only one, outbound 

D. Two, both outbound, one for the real IP connection and one for the NAT IP connection 

Answer: C