156-915.77 Online Practice Questions and Answers

You are MegaCorp's Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer.

A. The Administrator decides the rule order by shifting the corresponding rules up and down.

B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

D. The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.

Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?

A. Hide

B. Static Destination

C. Static Source

D. Dynamic Destination

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

A. Dynamic Source Address Translation

B. Hide Address Translation

C. Port Address Translation

D. Static Destination Address Translation

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

A. destination on server side

B. source on server side

C. source on client side

D. destination on client side

Type the full fw command and syntax that will show full synchronization status.

A. fw ctl pstat

In the following cluster configuration; if you reboot sglondon_1 which device will be active when

sglondon_1 is back up and running?

Why?

A. sglondon_1 because it the first configured object with the lowest IP.

B. sglondon_2 because sglondon_1 has highest IP.

C. sglondon_1, because it is up again, sglondon_2 took over during reboot.

D. sglondon_2 because it has highest priority.

Use the table to match the BEST Management High Availability synchronication-status descriptions for your Security Management Server (SMS).

Exhibit:

A. A-5, B-3, C-1, D-2

B. A-3, B-1, C-4, D-2

C. A-3, B-5, C-2, D-4

D. A-3, B-1, C-5, D-4

When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need

to be considered?

1) Each member must have a unique source IP address.

2) Every interface on each member requires a unique IP address.

3) All VTI's going to the same remote peer must have the same name.

4) Cluster IP addresses are required.

A. 1, 2, and 4

B. 2 and 3

C. 1, 2, 3 and 4

D. 1, 3, and 4

What is the purpose of the pre-defined exclusions included with SmartEvent R77?

A. To allow SmartEvent R77 to function properly with all other R71 devices.

B. To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71.

C. As a base for starting and building exclusions.

D. To give samples of how to write your own exclusion.

If Jack was concerned about the number of log entries he would receive in the SmartReporter system, which policy would he need to modify?

A. Log Sequence Policy

B. Report Policy

C. Log Consolidator Policy

D. Consolidation Policy