156-915.77 Online Practice Questions and Answers

You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?

A. database revision

B. snapshot

C. upgrade_export

D. backup

Where can you find the Check Point's SNMP MIB file?

A. $CPDIR/lib/snmp/chkpt.mib

B. $FWDIR/conf/snmp.mib

C. It is obtained only by request from the TAC.

D. There is no specific MIB file for Check Point products.

Which of the following options is available with the GAiA cpconfig utility on a Management Server?

A. Export setup

B. DHCP Server configuration

C. GUI Clients

D. Time and Date

Which of the following is a CLI command for Security Gateway R77?

A. fw tab -u

B. fw shutdown

C. fw merge

D. fwm policy_print

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.

What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.

B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

D. Place a static host route on the firewall for the valid IP address to the internal Web server.

In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:

A. It is not necessary to add a static route to the Gateway's routing table.

B. It is necessary to add a static route to the Gateway's routing table.

C. The Security Gateway's ARP file must be modified.

D. VLAN tagging cannot be defined for any hosts protected by the Gateway.

Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?

A. External-user group

B. LDAP group

C. A group with a generic user

D. All Users

What command with appropriate switches would you use to test Identity Awareness connectivity?

A. test_ldap

B. test_ad_connectivity

C. test_ldap_connectivity

D. test_ad

Which of the following items should be configured for the Security Management Server to authenticate via LDAP?

A. Check Point Password

B. Active Directory Server object

C. Windows logon password

D. WMI object

The connection to the ClusterXL member `A' breaks. The ClusterXL member `A' status is now `down'.

Afterwards the switch admin set a port to ClusterXL member `B' to `down'.

What will happen?

A. ClusterXL member `B' also left the cluster.

B. ClusterXL member `B' stays active as last member.

C. Both ClusterXL members share load equally.

D. ClusterXL member `A' is asked to come back to cluster.

The command useful for debugging by capturing packet information, including verifying LDAP authentication on all Check Point platforms is:

A. fw monitor

You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that? Exhibit:

1) fw2 is a member in a VPN community. 2) ClusterXL software blade is not enabled on fw2. 3) fw2 is a DAIP Gateway.

A. 2 or 3

B. 1 or 2

C. 1 or 3

D. All

When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need

to be considered?

1) Each member must have a unique source IP address.

2) Every interface on each member requires a unique IP address.

3) All VTI's going to the same remote peer must have the same name.

4) Cluster IP addresses are required.

A. 1, 2, and 4

B. 2 and 3

C. 1, 2, 3 and 4

D. 1, 3, and 4

From the following output of cphaprob state, which Cluster XL mode is this?

A. New mode

B. Multicast mode

C. Legacy mode

D. Unicast mode

In which case is a Sticky Decision Function relevant?

A. Load Sharing - Unicast

B. Load Balancing - Forward

C. High Availability

D. Load Sharing - Multicast