Anda di halaman 1dari 7

DumpLeader

Ensure Success with Money back Guarantee

http://www.dumpleader.com
Advance your career with IT Cert!

IT Certification Guaranteed, The Easy Way!

Exam

156-215.77

Title

Check Point Certified Security


Administrator GAiA R77

Vendor

CheckPoint

Version

DEMO

IT Certification Guaranteed, The Easy Way!

NO.1 If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?
A. The Administrator can only revert to a previously created snapshot (if there is one) with the
command cprinstall snapshot <object name> <filename>.
B. The Administrator must reinstall the last version via the command cprinstall revert <object name>
<file name>.
C. The Administrator must remove the rpm packages manually, and re-attempt the upgrade.
D. GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.
Answer: D
NO.2 The customer has a small Check Point installation which includes one Windows 2008 server as
the SmartConsole and a second server running GAiA as both Security Management Server and the
Security Gateway. This is an example of a(n):
A. Distributed Installation
B. Unsupported configuration
C. Hybrid Installation
D. Stand-Alone Installation
Answer: D
NO.3 Which of the following statements BEST describes Check Point's Hide Network Address
Translation method?
A. Translates many destination IP addresses into one destination IP address
B. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source
and Destination IP address translation
C. Translates many source IP addresses into one source IP address
D. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source
and Destination IP address translation
Answer: C
NO.4 Which of the following actions do NOT take place in IKE Phase 1?
A. Peers agree on encryption method.
B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.
C. Peers agree on integrity method.
D. Each side generates a session key from its private key and the peer's public key.
Answer: B
NO.5 Which of the following uses the same key to decrypt as it does to encrypt?
A. B. Dynamic encryption
B. C. Certificate-based encryption
C. D. Symmetric encryption
Answer: A
NO.6 Several Security Policies can be used for different installation targets. The Firewall protecting
Human Resources' servers should have its own Policy Package. These rules must be installed on this

IT Certification Guaranteed, The Easy Way!

machine and not on the Internet Firewall. How can this be accomplished?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are
defined by the selection in the Rule Base row Install On.
B. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is
shown in the list of possible installation targets after selecting Policy > Install on Target.
C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct
firewall via Specific Targets.
D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the
appropriate target directly after selecting Policy > Install on Target.
Answer: C
NO.7 Exhibit:

Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What
would be the correct order of steps needed to perform this task?
A. 5, 1, 2, 4
B. 5, 1, 4, 2
C. 3, 1, 4, 2
D. 2, 3, 1, 4
Answer: A
NO.8 Which R77 GUI would you use to see the number of packets accepted since the last policy
install?
A. SmartView Monitor
B. SmartView Tracker
C. SmartDashboard
D. SmartView Status
Answer: A
NO.9 Can you use Captive Portal with HTTPS?
A. No, it only works with FTP
B. No, it only works with FTP and HTTP
C. Yes
D. No, it only works with HTTP
Answer: C
NO.10 Which feature or command provides the easiest path for Security Administrators to revert to

IT Certification Guaranteed, The Easy Way!

earlier versions of the same Security Policy and objects configuration?


A. Database Revision Control
B. Policy Package management
C. dbexport/dbimport
D. upgrade_export/upgrade_import
Answer: A
NO.11 Which authentication type requires specifying a contact agent in the Rule Base?
A. Client Authentication with Partially Automatic Sign On
B. Client Authentication with Manual Sign On
C. User Authentication
D. Session Authentication
Answer: D
NO.12 Certificates for Security Gateways are created during a simple initialization from
_____________.
A. sysconfig
B. The ICA management tool
C. SmartUpdate
D. SmartDashboard
Answer: D
NO.13 You just installed a new Web server in the DMZ that must be reachable from the Internet. You
create a manual Static NAT rule as follows: SourcE. Any || Destination: web_public_IP || ServicE. Any
|| Translated SourcE. original || Translated Destination: web_private_IP || ServicE. Original
"web_public_IP? is the node object that represents the new Web server's public IP address.
"web_private_IP? is the node object that represents the new Web site's private IP address. You
enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error "page cannot be
displayed?. Which of the following is NOT a possible reason?
A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
B. There is no ARP table entry for the protected Web server's public IP address.
C. There is no route defined on the Security Gateway for the public IP address to the Web server's
private IP address.
D. There is no NAT rule translating the source IP address of packets coming from the protected Web
server.
Answer: A
NO.14 For remote user authentication, which authentication scheme is NOT supported?
A. Check Point Password
B. RADIUS
C. TACACS
D. SecurID
4

IT Certification Guaranteed, The Easy Way!

Answer: C
NO.15 Which rule is responsible for the installation failure?
Exhibit:

A. Rule 3
B. Rule 4
C. Rule 6
D. Rule 5
Answer: C
NO.16 Why are certificates preferred over pre-shared keys in an IPsec VPN?
A. Weak performancE. PSK takes more time to encrypt than Diffie-Hellman.
B. Weak Security: PSK are static and can be brute-forced.
C. Weak security: PSKs can only have 112 bit length.
D. Weak scalability: PSKs need to be set on each and every Gateway.
Answer: B
NO.17 Which do you configure to give remote access VPN users a local IP address?
A. Encryption domain pool
B. NAT pool
C. Office mode IP pool
D. Authentication pool
Answer: C
NO.18 When using GAiA, it might be necessary to temporarily change the MAC address of the
interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be
active. How do you configure this change?

IT Certification Guaranteed, The Easy Way!

As expert user, issue these commands:

A. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field
B. As expert user, issue the command:
C. # IP link set eth0 addr 00:0C:29:12:34:56
D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field
Physical Address, and press Apply to save the settings.
Answer: C
NO.19 Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which
operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security
Gateway, but she has never been able to SCP files to it. What would be the most likely reason she
cannot do so?
A. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
B. She needs to run sysconfig and restart the SSH process.
C. She needs to edit /etc/scpusers and add the Standard Mode account.
D. She needs to run cpconfig to enable the ability to SCP files.
Answer: C
NO.20 Which of the following is a viable consideration when determining Rule Base order?
A. Grouping rules by date of creation
B. Grouping reject and drop rules after the Cleanup Rule
C. Grouping authentication rules with address-translation rules
D. Grouping functionally related rules together
Answer: D

Anda mungkin juga menyukai