Down To Date Check Point Certified Security Expert Update Blade 156-915.77 Exam Topics

NEW QUESTION 1

You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?

• A. No action is needed because cpshell has a timeout of one hour by default.
• B. Log in as the default user expert and start cpinfo.
• C. Log in as admin, switch to expert mode, set the timeout to one hour with the command,idle 60, then start cpinfo.
• D. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.

Answer: D

NEW QUESTION 2

Which is the lowest Gateway version manageable by SmartCenter R77?

• A. R65
• B. S71
• C. R55
• D. R60A

Answer: A

NEW QUESTION 3

Use the table to match the BEST Management High Availability synchronication-status descriptions for your Security Management Server (SMS).
Exhibit:

• A. A-5, B-3, C-1, D-2
• B. A-3, B-1, C-4, D-2
• C. A-3, B-5, C-2, D-4
• D. A-3, B-1, C-5, D-4

Answer: D

NEW QUESTION 4

After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?

• A. The Global Properties setting Translate destination on client side is unchecke
• B. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mas
• C. Check the Global Properties setting Translate destination on client side.
• D. The Global Properties setting Translate destination on client side is unchecke
• E. But the topology on the external interface is set to Others +. Change topology to External.
• F. The Global Properties setting Translate destination on client side is checke
• G. But the topology on the external interface is set to Externa
• H. Change topology to Others +.
• I. The Global Properties setting Translate destination on client side is checke
• J. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mas
• K. Uncheck the Global Properties setting Translate destination on client side.

Answer: A

NEW QUESTION 5

Which Check Point tool allows you to open a debug file and see the VPN packet exchange details.

• A. PacketDebug.exe
• B. VPNDebugger.exe
• C. IkeView.exe
• D. IPSECDebug.exe

Answer: C

NEW QUESTION 6

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

• A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.
• B. Configure Automatic Static NAT on network 10.10.20.0/24.
• C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
• D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.

Answer: C

NEW QUESTION 7

Select the command set best used to verify proper failover function of a new ClusterXL configuration.

• A. reboot
• B. cphaprob -d failDevice -s problem -t 0 register / cphaprob -d failDevice unregister
• C. clusterXL_admin down / clusterXL_admin up
• D. cpstop/cpstart

Answer: C

NEW QUESTION 8

How many pre-defined exclusions are included by default in SmartEvent R77 as part of the product installation?

• A. 5
• B. 10
• C. 3

Answer: D

NEW QUESTION 9
Re-enable "Cluster membership" on the Gateway.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10

A ClusterXL configuration is limited to members.

• A. There is no limit.
• B. 16
• C. 6
• D. 2

Answer: C

NEW QUESTION 11

Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?

• A. The restore is not possible because the backup file does not have the same build number (version).
• B. The restore is done by selecting Snapshot Management from the boot menu of GAiA.
• C. The restore can be done easily by the command restore and copying netconf.C from the production environment.
• D. A backup cannot be restored, because the binary files are missing.

Answer: C

NEW QUESTION 12

If your firewall is performing a lot of IPS inspection and the CPUs assigned to fw_worker_thread are at or near 100%, which of the following could you do to improve performance?

• A. Add more RAM to the system.
• B. Add more Disk Drives.
• C. Assign more CPU cores to CoreXL
• D. Assign more CPU cores to SecureXL.

Answer: C

NEW QUESTION 13

Which of the following is a CLI command for Security Gateway R77?

• A. fw tab -u
• B. fw shutdown
• C. fw merge
• D. fwm policy_print <policyname>

Answer: A

NEW QUESTION 14

How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?

• A. fw unload policy
• B. fw unloadlocal
• C. fw delete all.all@localhost
• D. fwm unloadlocal

Answer: B

NEW QUESTION 15
CORRECT TEXT
Fill in the blank.

In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member’s IP address?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16
......