156-215.77 Exam Questions

Why are certificates preferred over pre-shared keys in an IPsec VPN?

What is a possible reason for the IKE failure shown in this screenshot?

When using an encryption algorithm, which is generally considered the best encryption method?

Which do you configure to give remote access VPN users a local IP address?

You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's Remote Access properties and install policy; but SecureClient refuses to connect....

With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they of...

What statement is true regarding Visitor Mode?

When attempting to connect with SecureClient Mobile you get the following error message: The certificate provided is invalid. Please provide the username and password. What is the...

If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange?

How many packets does the IKE exchange use for Phase 1 Main Mode?

How many packets does the IKE exchange use for Phase 1 Aggressive Mode?

Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?

Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

How many packets are required for IKE Phase 2?

Which of the following actions do NOT take place in IKE Phase 1?

When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)?

Which rule is responsible for the installation failure?

You are troubleshooting NAT entries in SmartView Tracker. Which column do you check to view the new source IP?

You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?

Which rule is responsible for the installation failure?

You start to use SmartView Monitor to analyze the packet size distribution of your traffic. Unfortunately, you get the message: "There are no machines that contain Firewall Blade a...

Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP....

Charles requests a Website while using a computer not in the net_singapore network. What is TRUE about his location restriction?

In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group. What happens when Eric tries to connect t...

Review the rules. Assume domain UDP is enabled in the impled rules. What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

Study the Rule base and Client Authentication Action properties screen - After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the...

Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire w...

You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community?

You believe Phase 2 negotiations are failing while you are attempting to configure a site-to- site VPN with one of your firm's business partners. Which SmartConsole application sho...

The customer has a small Check Point installation, which includes one GAiA server working as the SmartConsole, and a second server running Windows 2008 as both Security Management...

The customer has a small Check Point installation which includes one Windows 2008 server as the SmartConsole and a second server running GAiA as both Security Management Server and...

Which utility allows you to configure the DHCP service on GAiA from the command line?

You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for t...

When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be...

You have a diskless appliance platform. How do you keep swap file wear to a minimum?

Where can you find the Check Point's SNMP MIB file?

Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:

Which of the following statements BEST describes Check Point's Hide Network Address Translation method?

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRU...

Which rule is responsible for the client authentication failure?

Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure.

When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?

Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the he...

You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community?

John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After enterin...

Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What would be the correct order of steps needed to perform this task?

Identity Awareness is implemented to manage access to protected resources based on a user's _____________.

A Cleanup rule:

A _______ rule is used to prevent all traffic going to the R77 Security Gateway.

You review this Security Policy because Rule 4 is inhibited. Which Rule is responsible?