Check Point Check Point 156-915.77 exam questions and answers update freely within 120 days. Your 156-915.77 analyze engine software will certainly check along with download the updated Check Point examine materials routinely for you. Our own professionals renovate the Check Point Check Point braindumps regularly and upgrade your 156-915.77 exam questions and answers instantly when new questions combined with the Check Point true exam. You will find virtually any Check Point practice questions in our demos.
2021 Nov 156-915.77 testing engine
Q61. - (Topic 3)
Which of the following statements accurately describes the command snapshot?
A. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.
B. snapshot creates a Security Management Server full system-level backup on any OS.
C. snapshot stores only the system-configuration settings on the Gateway.
D. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.
Answer: A
Q62. - (Topic 16)
What is the purpose of the pre-defined exclusions included with SmartEvent R77?
A. To allow SmartEvent R77 to function properly with all other R71 devices.
B. To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71.
C. As a base for starting and building exclusions.
D. To give samples of how to write your own exclusion.
Answer: B
Q63. - (Topic 2)
You have a diskless appliance platform. How do you keep swap file wear to a minimum?
A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
C. Use PRAM flash devices, eliminating the longevity.
D. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
Answer: D
Q64. - (Topic 4)
You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.
B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).
C. Yes, there are always as many active NAT rules as there are connections.
D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
Answer: D
Q65. - (Topic 15)
When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment,
what issues need to be considered?
1) Each member must have a unique source IP address.
2) Every interface on each member requires a unique IP address.
3) All VTI's going to the same remote peer must have the same name.
4) Cluster IP addresses are required.
A. 1, 2, and 4
B. 2 and 3
C. 1, 2, 3 and 4
D. 1, 3, and 4
Answer: C
Topic 16, SmartReporting and SmartEvent
Refresh 156-915.77 practice test:
Q66. - (Topic 4)
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?
A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ’s interface.
Answer: B
Q67. - (Topic 1)
Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?
A. The restore is not possible because the backup file does not have the same build number (version).
B. The restore is done by selecting Snapshot Management from the boot menu of GAiA.
C. The restore can be done easily by the command restore and copying netconf.C from the production environment.
D. A backup cannot be restored, because the binary files are missing.
Answer: C
Q68. - (Topic 1)
Match the following commands to their correct function.
Each command has one function only listed.
A. C1>F6; C2>F4; C3>F2; C4>F5
B. C1>F2; C2>F1; C3>F6; C4>F4
C. C1>F2; C2>F4; C3>F1; C4>F5
D. C1>F4; C2>F6; C3>F3; C4>F2
Answer: A
Q69. - (Topic 7)
What happens if the identity of a user is known?
A. If the user credentials do not match an Access Role, the traffic is automatically dropped.
B. If the user credentials do not match an Access Role, the system displays a sandbox.
C. If the user credentials do not match an Access Role, the gateway moves onto the next rule.
D. If the user credentials do not match an Access Role, the system displays the Captive Portal.
Answer: C
Q70. - (Topic 4)
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
A. It is not necessary to add a static route to the Gateway’s routing table.
B. It is necessary to add a static route to the Gateway’s routing table.
C. The Security Gateway’s ARP file must be modified.
D. VLAN tagging cannot be defined for any hosts protected by the Gateway.
Answer: A