Actualtests has program hotline for you for you to consult us in case you have any kind of question. Our objective would be to make our own customers satisfied as well as successful. Many of us are thus proud of the pass rate that we promise you may get the Check Point 156-915.77 certification without having any difficulty. Or even you can get 100% cash back in the paying fees.
2021 Nov 156-915.77 free practice questions
Q91. - (Topic 4)
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?
A. The packet has been sent out through a VPN tunnel unencrypted.
B. An IPSO ACL has blocked the packet’s outbound passage.
C. A SmartDefense module has blocked the packet.
D. It is due to NAT.
Answer: D
Q92. CORRECT TEXT - (Topic 14)
Fill in the blank. To verify that a VPN Tunnel is properly established, use the command
Answer: vpn tunnelutil
Q93. - (Topic 10)
What command syntax would you use to turn on PDP logging in a distributed environment?
A. pdp track=1
B. pdp tracker on
C. pdp logging on
D. pdp log=1
Answer: B
Q94. - (Topic 15)
If you need strong protection for the encryption of user data, what option would be the BEST choice?
A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.
B. When you need strong encryption, IPsec is not the best choice. SSL VPN’s are a better choice.
C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
D. Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.
Answer: C
Q95. - (Topic 4)
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original
“web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason?
A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
B. There is no ARP table entry for the protected Web server’s public IP address.
C. There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address.
D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.
Answer: D
Renewal 156-915.77 real exam:
Q96. - (Topic 7)
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
A. John should lock and unlock his computer
B. Investigate this as a network connectivity issue
C. The access should be changed to authenticate the user instead of the PC
D. John should install the Identity Awareness Agent
Answer: C
Q97. - (Topic 1)
What is the primary benefit of using the command upgrade_export over either backup or snapshot?
A. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.
Answer: A
Q98. - (Topic 13)
Which of the following is the preferred method for adding static routes in GAiA?
A. In the CLI with the command “route add”
B. In Web Portal, under Network Management > IPv4 Static Routes
C. In the CLI via sysconfig
D. In SmartDashboard under Gateway Properties > Topology
Answer: B
Q99. CORRECT TEXT - (Topic 12)
Fill in the blank. The user wants to replace a failed Windows-based firewall with a new server running GAiA. For the most complete restore of an GAiA configuration, he or she will use the command
Answer: migrate_import
Q100. - (Topic 6)
Review the rules.
Assume domain UDP is enabled in the impled rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
A. can connect to the Internet successfully after being authenticated.
B. is prompted three times before connecting to the Internet successfully.
C. can go to the Internet after Telnetting to the client authentication daemon port 259.
D. can go to the Internet, without being prompted for authentication.
Answer: D