Exam Code: 156-915.77 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Expert Update Blade
Certification Provider: Check Point
Free Today! Guaranteed Training- Pass 156-915.77 Exam.

Q81. - (Topic 15) 

You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window. 

What must you enable to see the Directional Match? 

A. directional_match(true) in the objects_5_0.C file on Security Management Server 

B. VPN Directional Match on the Gateway object’s VPN tab 

C. VPN Directional Match on the VPN advanced window, in Global Properties 

D. Advanced Routing on each Security Gateway 

Answer:


Q82. CORRECT TEXT - (Topic 14) 

Type the command and syntax to view critical devices on a cluster member in a ClusterXL environment. 

Answer: cphaprob -ia list 


Q83. - (Topic 4) 

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet? 

A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service. 

B. Configure Automatic Static NAT on network 10.10.20.0/24. 

C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24. 

D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule. 

Answer:


Q84. - (Topic 8) 

The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method? 

A. When accuracy in detecting identity is crucial 

B. Leveraging identity for Data Center protection 

C. Protecting highly sensitive servers 

D. Identity based enforcement for non-AD users (non-Windows and guest users) 

Answer:


Q85. CORRECT TEXT - (Topic 14) 

Fill in the blank. 

In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108. Review the exhibit and type the IP address of the member serving as the pivot machine in the space below. 

Answer: 10.4.8.2 


Q86. - (Topic 4) 

Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this? 

A. Manual NAT rules are not configured correctly. 

B. Allow bi-directional NAT is not checked in Global Properties. 

C. Routing is not configured correctly. 

D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules. 

Answer:


Q87. - (Topic 12) 

MultiCorp is running Smartcenter R71 on an IPSO platform and wants to upgrade to a new Appliance with R77. Which migration tool is recommended? 

A. Download Migration Tool R77 for IPSO and Splat/Linux from Check Point website. 

B. Use already installed Migration Tool. 

C. Use Migration Tool from CD/ISO Checkpoint 156-915.77 : Practice Test 

D. Fetch Migration Tool R71 for IPSO and Migration Tool R77 for Splat/Linux from CheckPoint website 

Answer:


Q88. - (Topic 15) 

You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information. 

You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels. 

What is the problem and how do you make the VPN use the VTI tunnels? 

A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community 

B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain 

C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes 

D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP. 

Answer: