High top quality and great value associated with our Check Point 156-915.77: 100% passing guarantee and income back. If you use Testkings Check Point Check Point exam practice components, we offer you wonderful success on your first try. Otherwise, you will obtain the full refund of ones purchasing fees. And you will take pleasure in free updated Check Point 156-915.77 exam questions along with answers within 120 days following buying.

2021 Nov 156-915.77 exam question

Q41. - (Topic 4) 

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet? 

A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service. 

B. Configure Automatic Static NAT on network 10.10.20.0/24. 

C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24. 

D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule. 

Answer:


Q42. - (Topic 1) 

What are you required to do before running the command upgrade_export? 

A. Run a cpstop on the Security Gateway. 

B. Run a cpstop on the Security Management Server. 

C. Close all GUI clients. 

D. Run cpconfig and set yourself up as a GUI client. 

Answer:


Q43. - (Topic 6) 

Study the Rule base and Client Authentication Action properties screen -

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The: 

A. user is prompted for authentication by the Security Gateway again. 

B. FTP data connection is dropped after the user is authenticated successfully. 

C. user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication. 

D. FTP connection is dropped by Rule 2. 

Answer:


Q44. - (Topic 15) 

You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information. 

You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels. 

What is the problem and how do you make the VPN use the VTI tunnels? 

A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community 

B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain 

C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes 

D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP. 

Answer:


Q45. - (Topic 11) 

To run GAiA in 64bit mode, which of the following is true? 

1) Run set edition default 64-bit. 

2) Install more than 4 GB RAM. 

3) Install more than 4 TB of Hard Disk. 

A. 1 and 3 

B. 1 and 2 

C. 2 and 3 

D. 1, 2, and 3 

Answer:


Up to the immediate present 156-915.77 practice:

Q46. - (Topic 1) 

You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time? 

A. database revision 

B. snapshot 

C. upgrade_export 

D. backup 

Answer:


Q47. - (Topic 14) 

You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that? 

Exhibit: 

1) fw2 is a member in a VPN community. 2) ClusterXL software blade is not enabled on fw2. 3) fw2 is a DAIP Gateway. 

A. 2 or 3 

B. 1 or 2 

C. 1 or 3 

D. All 

Answer:

Topic 15, IPSEC VPN and Remote Access 


Q48. - (Topic 4) 

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker? 

A. Two, one for outbound, one for inbound 

B. Only one, outbound 

C. Two, both outbound, one for the real IP connection and one for the NAT IP connection 

D. Only one, inbound 

Answer:


Q49. - (Topic 1) 

Which of the following statements accurately describes the command upgrade_export? 

A. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server. 

B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version. 

C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting. 

D. This command is no longer supported in GAiA. 

Answer:


Q50. - (Topic 3) 

Which of the following tools is used to generate a Security Gateway R77 configuration report? 

A. fw cpinfo 

B. infoCP 

C. cpinfo 

D. infoview 

Answer: