156-915.77 Online Practice Questions and Answers
Which command allows you to view the contents of an R77 table?
A. fw tab -a
B. fw tab -t
C. fw tab -s
D. fw tab -x
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original
"web_public_IP" is the node object that represents the new Web server's public IP address. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error "page cannot be displayed".
Which of the following is NOT a possible reason?
A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
B. There is no ARP table entry for the protected Web server's public IP address.
C. There is no route defined on the Security Gateway for the public IP address to the Web server's private IP address.
D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.
Security Gateway R77 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services.
A. SMTP, FTP, TELNET
B. SMTP, FTP, HTTP, TELNET
C. FTP, HTTP, TELNET
D. FTP, TELNET
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?
A. John should install the Identity Awareness Agent
B. The firewall admin should install the Security Policy
C. John should lock and unlock the computer
D. Investigate this as a network connectivity issue
Captive Portal is a __________ that allows the gateway to request login information from the user.
A. Pre-configured and customizable web-based tool
B. Transparent network inspection tool
C. LDAP server add-on
D. Separately licensed feature
Which of the following is the preferred method for adding static routes in GAiA?
A. In the CLI with the command "route add"
B. In Web Portal, under Network Management > IPv4 Static Routes
C. In the CLI via sysconfig
D. In SmartDashboard under Gateway Properties > Topology
John is configuring a new R77 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.
What's happening?
A. ClusterXL needs to be unselected to permit third party clustering configuration.
B. Third Party Clustering is not available for R77 Security Gateways.
C. John has an invalid ClusterXL license.
D. John is not using third party hardware as IP Clustering is part of Check Point's IP Appliance.
Fill in the blanks. To view the number of concurrent connections going through core 0 on the firewall, you would use the command and syntax __ __ _ ___ __ ___________ __ .
A. fw –i 0 tab –t connections –s
MegaCorp is using SmartCenter Server with several gateways. Their requirements result in a heavy log load. Would it be feasible to add the SmartEvent Correlation Unit and SmartEvent Server to their SmartCenter Server?
A. No. SmartCenter SIC will interfere with the function of SmartEvent.
B. No. If SmartCenter is already under stress, the use of a separate server for SmartEvent is recommended.
C. No, SmartEvent and Smartcenter cannot be installed on the same machine at the same time.
D. Yes. SmartEvent must be installed on your SmartCenter Server.
User definitions are stored in ________________ .
A. $FWDIR/conf/fwmuser
B. $FWDIR/conf/users.NDB
C. $FWDIR/conf/fwauth.NDB
D. $FWDIR/conf/fwusers.conf