156-215.77 Exam Questions
419 real 156-215.77 exam questions with expert-verified answers and explanations. Page 2 of 9.
- Question #51
Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?
- Question #52
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only...
- Question #53
A ___________ rule is used to prevent all traffic going to the R75 Security Gateway.
- Question #54
In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In ord...
- Question #55
To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How...
- Question #56
What CANNOT be configured for existing connections during a policy install?
- Question #57
What is the purpose of a Stealth Rule?
- Question #58
Which of these Security Policy changes optimize Security Gateway performance?
- Question #59
Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows: RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, us...
- Question #60
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traff...
- Question #61
You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule...
- Question #62
Which of the following statements BEST describes Check Point's Hide Network Address Translation method?
- Question #63
Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?
- Question #64
NAT can NOT be configured on which of the following objects?
- Question #65
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?
- Question #66
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an un...
- Question #67
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropp...
- Question #68
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
- Question #69
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10...
- Question #70
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to conf...
- Question #71
An internal host initiates a session to and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of ____________.
- Question #72
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will...
- Question #73
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to th...
- Question #74
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: "web_public_IP" is the node object that rep...
- Question #75
You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
- Question #76
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRU...
- Question #77
What is the default setting when you use NAT?
- Question #78
A marketing firm's networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check t...
- Question #79
Which statement below describes the most correct strategy for implementing a Rule Base?
- Question #80
Which of the following is a viable consideration when determining Rule Base order?
- Question #81
Which of the following is a viable consideration when determining Rule Base order?
- Question #82
Which of the following is a viable consideration when determining Rule Base order?
- Question #83
You would use the Hide Rule feature to:
- Question #84
You are a Security Administrator using one Security Management Server managing three different firewalls. One firewall does NOT show up in the dialog box when attempting to install...
- Question #85
Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the di...
- Question #86
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object d...
- Question #87
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unload...
- Question #88
When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R77 topology configuration?
- Question #89
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Ru...
- Question #90
Which rule is responsible for the installation failure?
- Question #91
Which command allows Security Policy name and install date verification on a Security Gateway?
- Question #92
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user...
- Question #93
Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
- Question #94
Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gatew...
- Question #95
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?
- Question #96
Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?
- Question #97
Of the following, what parameters will not be preserved when using Database Revision Control?
- Question #98
You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to...
- Question #99
You plan to create a backup of the rules, objects, policies, and global properties from an R77 Security Management Server. Which of the following backup and restore solutions can y...
- Question #100
Which R77 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations?