Proper study guides for Updated Check Point Check Point Certified Security Administrator – GAiA certified begins with Check Point exam 156 215.77 preparation products which designed to deliver the Exact ccsa 156 215.77 questions by making you pass the exam 156 215.77 test at your first time. Try the free checkpoint 156 215.77 demo right now.

Q225. - (Topic 3) 

Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems? 

A. The Security Policy is not correct. 

B. You can't use any port other than the standard port 900 for Client Authentication via HTTP. 

C. The service FW_clntauth_http configuration is incorrect. 

D. The configuration file $FWDIR/conf/fwauthd.conf is incorrect. 

Answer:


Q226. - (Topic 3) 

When using LDAP as an authentication method for Identity Awareness, the query: 

A. Prompts the user to enter credentials. 

B. Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway. 

C. Requires client and server side software. 

D. Is transparent, requiring no client or server side software. 

Answer:


Q227. - (Topic 2) 

While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block? 

1) Select Active Mode tab in SmartView Tracker. 

2) Select Tools > Block Intruder. 

3) Select Log Viewing tab in SmartView Tracker. 

4) Set Blocking Timeout value to 60 minutes. 

5) Highlight connection that should be blocked. 

A. 3, 5, 2, 4 

B. 1, 5, 2, 4 

C. 1, 2, 5, 4 

D. 3, 2, 5, 4 

Answer:


Q228. - (Topic 3) 

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? 

A. SmartView Monitor 

B. SmartUpdate 

C. SmartView Status 

D. None, SmartConsole applications only communicate with the Security Management Server. 

Answer:


Q229. - (Topic 2) 

Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway? 

A. fw ctl get string active_secpol 

B. cpstat fw -f policy 

C. Check the Security Policy name of the appropriate Gateway in SmartView Monitor. 

D. fw stat 

Answer:


Q230. - (Topic 3) 

Which do you configure to give remote access VPN users a local IP address? 

A. Office mode IP pool 

B. Encryption domain pool 

C. NAT pool 

D. Authentication pool 

Answer:


Q231. - (Topic 3) 

In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB? 

A. Do nothing. The Security Management Server automatically copies old logs to a backup server before purging. 

B. Use the command fwm logexport to export the old log files to another location. 

C. Configure a script to run fw logswitch and SCP the output file to a separate file server. 

D. Do nothing. Old logs are deleted, until free space is restored. 

Answer: