156-215.77 Exam - Check Point Certified Security Administrator – GAiA

Q1. - (Topic 2) 

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? 

A. SmartView Server 

B. SmartView Tracker 

C. None, SmartConsole applications only communicate with the Security Management Server. 

D. SmartUpdate 

View Answer

Q2. - (Topic 3) 

Reviewing the Rule Base, 

you see that ________ is responsible for the installation failure. A. Rule 4 

B. Rule 5 

C. Rule 7 

D. Rule 8 

View Answer

Q3. - (Topic 1) 

How can you check whether IP forwarding is enabled on an IP Security Appliance? 

A. clish -c show routing active enable 

B. ipsofwd list 

C. cat /proc/sys/net/ipv4/ip_forward 

D. echo 1 > /proc/sys/net/ipv4/ip_forward 

View Answer

Q4. - (Topic 3) 

Which of the following authentication methods can be configured in the Identity Awareness setup wizard? 

A. Captive Portal 

B. TACACS 

C. Check Point Password 

D. Windows password 

View Answer

Q5. - (Topic 1) 

The London Security Gateway Administrator has just installed the Security Gateway and Management Server. He has not changed any default settings. As he tries to configure the Gateway, he is unable to connect. Which troubleshooting suggestion will NOT help him? 

A. Check if some intermediate network device has a wrong routing table entry, VLAN 

assignment, duplex-mismatch, or trunk issue. 

B. Verify that the Rule Base explicitly allows management connections. 

C. Test the IP address assignment and routing settings of the Security Management Server, Gateway, and console client. 

D. Verify the SIC initialization. 

View Answer

Q6. - (Topic 1) 

When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change? 

A. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field 

B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up 

C. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings. 

D. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56 

View Answer

Q7. - (Topic 3) 

When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)? 

A. (6) Delete all IPsec SAs for a given User (Client) 

B. (7) Delete all IPsec+IKE SAs for a given peer (GW) 

C. (8) Delete all IPsec+IKE SAs for a given User (Client) 

D. (5) Delete all IPsec SAs for a given peer (GW) 

View Answer

Q8. - (Topic 2) 

Which of the following is a viable consideration when determining Rule Base order? 

A. Grouping IPS rules with dynamic drop rules 

B. Grouping reject and drop rules after the Cleanup Rule 

C. Placing more restrictive rules before more permissive rules 

D. Grouping authentication rules with QOS rules 

View Answer

Q9. - (Topic 3) 

Security Gateway R77 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services. 

A. FTP, HTTP, TELNET 

B. SMTP, FTP, TELNET 

C. SMTP, FTP, HTTP, TELNET 

D. FTP, TELNET 

View Answer

Q10. - (Topic 2) 

You enable Automatic Static NAT on an internal host node object with a private IP address 

of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) 

When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5? 

A. O=outbound kernel, after the virtual machine 

B. i=inbound kernel, before the virtual machine 

C. I=inbound kernel, after the virtual machine 

D. o=outbound kernel, before the virtual machine 

View Answer