Checkpoint 156-215.77 Exam Practice Questions (P. 5)
- Full Access (388 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #41
You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
- ANo action is needed because cpshell has a timeout of one hour by default.
- BLog in as the default user expert and start cpinfo.
- CLog in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo.
- DLog in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
Correct Answer:
D
D
send
light_mode
delete
Question #42
Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific
Firewall. How do you configure this?
Firewall. How do you configure this?
- ADefine a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.
- BPut the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install.
- CIn the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator.
- DRight-click on the object representing the specific administrator, and select that Firewall in Policy Targets.
Correct Answer:
B
B
send
light_mode
delete
Question #43
What is the officially accepted diagnostic tool for IP Appliance Support?
send
light_mode
delete
Question #44
Which of these Security Policy changes optimize Security Gateway performance?
- AUsing groups within groups in the manual NAT Rule Base.
- BUse Automatic NAT rules instead of Manual NAT rules whenever possible.
- CUsing domain objects in rules when possible.
- DPutting the least-used rule at the top of the Rule Base.
Correct Answer:
B
B
send
light_mode
delete
Question #45
Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:
Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
- ACreate network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
- BCreate an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
- CCreate a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
- DCreate two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following:
Correct Answer:
B
B
send
light_mode
delete
Question #46
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
- AManual NAT rules are not configured correctly.
- BAllow bi-directional NAT is not checked in Global Properties.
- CRouting is not configured correctly.
- DTranslate destination on client side is not checked in Global Properties under Manual NAT Rules.
Correct Answer:
D
D
send
light_mode
delete
Question #47
You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?
- ATwo, one for outbound, one for inbound
- BOnly one, outbound
- CTwo, both outbound, one for the real IP connection and one for the NAT IP connection
- DOnly one, inbound
Correct Answer:
B
B
send
light_mode
delete
Question #48
Which of the following statements BEST describes Check Point's Hide Network Address Translation method?
- ATranslates many destination IP addresses into one destination IP address
- BOne-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
- CTranslates many source IP addresses into one source IP address
- DMany-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
Correct Answer:
C
C
send
light_mode
delete
Question #49
Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring
Internet connectivity?
Internet connectivity?
send
light_mode
delete
Question #50
NAT can NOT be configured on which of the following objects?
send
light_mode
delete
All Pages