지난 몇년동안 IT산업의 지속적인 발전과 성장을 통해 CheckPoint Certification 156-915.77시험은 IT인증시험중의 이정표로 되어 많은 인기를 누리고 있습니다. IT인증시험을Pass4Test덤프로 준비해야만 하는 이유는 Pass4Test덤프는 IT업계전문가들이 CheckPoint Certification 156-915.77실제시험문제를 연구하여 CheckPoint Certification 156-915.77시험문제에 대비하여 예상문제를 제작했다는 점에 있습니다.
NO.1 Barak is a Security Administrator for an organization that has two sites using per shared secrets
in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is
opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three
Security Gateways are managed by the same Smart Center Server, behind the Oslo Security Gateway.
Barak decides to switch from per shared secrets to Certificates issued by the Internal Certificate
Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are
Barak's remaining steps?
1.Disable "PrE. Shared Secret" on the London and Oslo gateway objects
2.Add the Madrid gateway object into the Oslo and London's mesh VPN Community
3.Manually generate ICA Certificates for all three Security Gateways.
4.Configure "Traditional mode VPN configuration" in the Madrid gateway object's VPN screen
NO.2 Review the following list of actions that Security Gateway R76 can take when it controls
packets. The Policy Package has been configured for Simplified Mode VPN. Select the response below
that includes the available actions:
A. Accept, Drop, Encrypt, Session Auth
B. Accept, Drop, Reject, Client Auth
C. Accept, Hold, Reject, Proxy
D. Accept, Reject, Encrypt, Drop
Answer: B
NO.3 Reinstall the Security Policy on all three Security Gateways.
A. 1, 2, 5
B. 1, 3, 4, 5
C. 1, 2, 3, 5
D. 1, 2, 4, 5
E. 1, 2, 3, 4
Answer: A
5. John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR
servers to a set of designated IP addresses to minimize malware infection and unauthorized access
risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP
address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the
organization. The IT department gave the laptop a static IP address, but that limits him to operating it
only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web
Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To
make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and
installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web
Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able to
connect to the HR Web server. What is the next BEST troubleshooting step?
A. John should install the Identity Awareness Agent
B. Investigate this as a network connectivity issue
C. After enabling Identity Awareness, reboot the gateway
D. He should lock and unlock the computer
Answer: D
NO.4 In Management High Availability, what is an Active SMS?
A. Active Security Master Server
B. Active Smart Management Server
C. Active Security Management Server
D. Active Smart Master Server
Answer: C
NO.5 How does Check Point recommend that you secure the sync interface between gateways?
A. Configure the sync network to operate within the DMZ.
B. Secure each sync interface in a cluster with Endpoint.
C. Use a dedicated sync network.
D. Encrypt all sync traffic between cluster members.
Answer: C
NO.6 Which network port does PPTP use for communication?
A. 1723/tcp
B. 1723/udp
C. 25/udp
D. 25/tco
Answer: A
NO.7 John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR
servers to designated IP addresses to minimize malware infection and unauthorized access risks.
Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address
10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization.
The IT department gave the laptop a static IP address, but that limits him to operating it only from his
desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his
laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have
access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs
the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web
Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to
connect. How does he solve this problem?
A. John should lock and unlock the computer
B. Investigate this as a network connectivity issue
C. John should install the Identity Awareness Agent
D. The firewall admin should install the Security Policy
Answer: D
NO.8 What is Check Point's CoreXL?
A. A way to synchronize connections across cluster members
B. TCP-18190
C. Multiple core interfaces on the device to accelerate traffic
D. Multi Core support for Firewall Inspection
Answer: D