Vendor: Check Point

Exam Code: 156-315.77

Exam Name: Check Point Certified Security Expert (CCSE)

R77

Version: 14.111
QUESTION 1
Which of the following is NOT part of the policy installation process?

A. Code compilation
B. Code generation
C. Initiation
D. Validation

Answer: D

QUESTION 2
The process ________ is responsible for Management High Availability synchronization.

A. CPLMD
B. FWM
C. Fwsync
D. CPD

Answer: B

QUESTION 3
_________ is the called process that starts when opening SmartView Tracker application.

A. logtrackerd
B. fwlogd
C. CPLMD
D. FWM

Answer: C

QUESTION 4
Anytime a client initiates a connection to a server, the firewall kernel signals the FWD process
using a trap. FWD spawns the ________ child service, which runs the security server.

A. FWD
B. FWSD
C. In.httpd
D. FWSSD

Answer: D

QUESTION 5
Security server configuration settings are stored in _______________ .

A. $FWDIR/conf/AMT.conf
B. $FWDIR/conf/fwrl.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/conf/fwopsec.conf

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: C

QUESTION 6
User definitions are stored in ________________ .

A. $FWDIR/conf/fwmuser
B. $FWDIR/conf/users.NDB
C. $FWDIR/conf/fwauth.NDB
D. $FWDIR/conf/fwusers.conf

Answer: C

QUESTION 7
Jon is explaining how the inspection module works to a colleague. If a new connection passes
through the inspection module and the packet matches the rule, what is the next step in the
process?

A. Verify if the packet should be moved through the TCP/IP stack.

B. Verify if any logging or alerts are defined.
C. Verify if the packet should be rejected.
D. Verify if another rule exists.

Answer: B

QUESTION 8
Which of the following statements accurately describes the upgrade export command?

A. Used primarily when upgrading the Security Management Server,upgrade export stores all object
databases and the conf directories for importing to a newer version of the Security Gateway.
B. Used when upgrading the Security Gateway,upgrade exportin cludes modified files, such as in
the directories /lib and /conf.
C. upgrade exportis used when upgrading the Security Gateway, and allows certain files to be
included or excluded before exporting.
D. upgrade export stores network-configuration data, objects, global properties, and the database
revisions prior to upgrading the Security Management Server.

Answer: A

QUESTION 9
What are you required to do before running upgrade export?

A. Run a cpstop on the Security Gateway.

B. Run cpconfig and set yourself up as a GUI client.
C. Run a cpstop on the Security Management Server.
D. Close all GUI clients.

Answer: D

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 10
A snapshot delivers a complete backup of Secure Platform.
The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots.
How do you restore a local snapshot named MySnapshot.tgz?

A. As Expert user, type command snapshot - R to restore from a local file.

Then, provide the correct file name.
B. As Expert user, type command revert --file MySnapshot.tgz.
C. As Expert user, type command snapshot -r MySnapshot.tgz.
D. Reboot the system and call the start menu.
Select option Snapshot Management, provide the Expert password and select [L] for a restore
from a local file.
Then, provide the correct file name.

Answer: B

QUESTION 11
What is the primary benefit of using upgrade export over either backup or snapshot?

A. The commands backup and snapshot can take a long time to run where as upgrade export will
take a much shorter amount of time.
B. upgrade export will back up routing tables, hosts files, and manual ARP configurations, where
backup and snapshot will not.
C. upgrade export has an option to backup the system and Smart ViewTracker logs while backup
and snapshot will not.
D. upgrade exportis operating system independent and can be used when backup or snapshot is not
available.

Answer: D

QUESTION 12
Your R7x-series Enterprise Security Management Server is running abnormally on Windows
Server 2003 R2. You decide to try reinstalling the Security Management Server, but you want to
try keeping the critical Security Management Server configuration settings intact (i.e., all Security
Policies, databases, SIC, licensing etc.)
What is the BEST method to reinstall the Server and keep its critical configuration?

A.

B.

C.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D.

Answer: B

QUESTION 13
Your primary Security Management Server runs on GAiA. What is the easiest way to back up
your Security Gateway R76 configuration, including routing and network configuration files?

A. Using the native GaiA backup utility from command line or in the Web-based user interface.
B. Using the command upgrade export.
C. Run the command pre_upgrade verifierand save the file *.tgz to the directory c:/temp.
D. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.

Answer: A

QUESTION 14
You need to back up the routing, interface, and DNS configuration information from your R76
Secure Platform Security Gateway. Which backup-and-restore solution do you use?

A. Secure Platformback up utilities

B. Manual copies of the directory $FWDIR/conf
C. Database Revision Control
D. Commands upgrade export and upgrade import

Answer: A

QUESTION 15
Which of the following methods will provide the most complete backup of an R76 configuration?

A. Database Revision Control

B. Policy Package Management
C. Copying the directories $FWDIR\conf and $CPDIR\conf to another server
D. upgrade exportcommand

Answer: D

QUESTION 16
Which of the following commands can provide the most complete restore of an R76
configuration?

A. upgrade import
B. fwm dbimport -p <export file>
C. cpconfig

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. cpinfo -recover

Answer: A

QUESTION 17
When restoring R76 using the command upgrade import, which of the following items are NOT
restored?

A. Global properties
B. Route tables
C. Licenses
D. SIC Certificates

Answer: B

QUESTION 18
Restoring a snapshot-created file on one machine that was created on another requires which of
the following to be the same on both machines?

A. Windows version, objects database, patch level, and interface configuration

B. Windows version, interface configuration, and patch level
C. State, Secure Platform version, and patch level
D. State, Secure Platform version, and objects database

Answer: C

QUESTION 19
When restoring a Security Management Server from a backup file, the restore package can be
retrieved from which source?

A. HTTP server, FTP server, or TFTP server

B. Disk, SCP server, or TFTP server
C. Local folder, TFTP server, or FTP server
D. Local folder, TFTP server, or Disk

Answer: C

QUESTION 20
When upgrading Check Point products in a distributed environment, in which order should you
upgrade these components?

1 GUI Client
2 Security Management Server
3 Security Gateway

A. 3, 2, 1
B. 1, 2, 3
C. 3, 1, 2
D. 2, 3, 1

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 21
When using migrate to upgrade a Secure Management Server, which of the following is included
in the migration?

A. SmartEvent database
B. SmartReporter database
C. classes.C file
D. System interface configuration

Answer: C

QUESTION 22
Typically, when you upgrade the Security Management Server, you install and configure a fresh
R76 installation on a new computer and then migrate the database from the original machine.
When doing this, what is required of the two machines? They must both have the same:

A. Products installed.
B. Interfaces configured.
C. State.
D. Patch level.

Answer: A

QUESTION 23
Typically, when you upgrade the Security Management Server, you install and configure a fresh
R76 installation on a new computer and then migrate the database from the original machine.
Which of the following statements are TRUE?

A. Both machines must have the same number of interfaces installed and configured before
migration can be attempted.
B. The new machine may not have more Check Point products installed than the original Security
Management Server.
C. All product databases are included in the migration.
D. The Security Management Server on the new machine must be the same or greater than the
version on the original machine.

Answer: D

QUESTION 24
Typically, when you upgrade the Security Management Server, you install and configure a fresh
R76 installation on a new computer and then migrate the database from the original machine.
What is the correct order of the steps below to successfully complete this procedure?

1) Export databases from source.

2) Connect target to network.
3) Prepare the source machine for export.
4) Import databases to target.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
5) Install new version on target.
6) Test target deployment.

A. 6, 5, 3, 1, 4, 2
B. 3, 1, 5, 4, 2, 6
C. 5, 2, 6, 3, 1, 4
D. 3, 5, 1, 4, 6, 2

Answer: D

QUESTION 25
During a Security Management Server migrate export, the system:

A. Creates a backup file that includes the SmartEvent database.

B. Creates a backup file that includes the SmartReporter database.
C. Creates a backup archive for all the Check Point configuration settings.
D. Saves all system settings and Check Point product configuration settings to a file.

Answer: C

QUESTION 26
If no flags are defined during a back up on the Security Management Server, where does the
system store the *.tgz file?

A. /var/opt/backups
B. /var/backups
C. /var/CPbackup/backups
D. /var/tmp/backups

Answer: C

QUESTION 27
Which is NOT a valid option when upgrading Cluster Deployments?

A. Full Connectivity Upgrade

B. Fast path Upgrade
C. Minimal Effort Upgrade
D. Zero Downtime

Answer: B

QUESTION 28
In a zero downtime firewall cluster environment what command do you run to avoid switching
problems around the cluster.

A. cphaconf set mc_relod

B. cphaconf set clear_subs
C. cphaconf set_ccp broadcast
D. cphaconf set_ccp multicast

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: C

QUESTION 29
In a "zero downtime" scenario, which command do you run manually after all cluster members
are upgraded?

A. cphaconf set_ccp broadcast

B. cphaconf set clear_subs
C. cphaconf set mc_relod
D. cphaconf set_ccp multicast

Answer: D

QUESTION 30
Which command provides cluster upgrade status?

A. cphaprob status
B. cphaprob ldstat
C. cphaprob fcustat
D. cphaprob tablestat

Answer: C

QUESTION 31
John is upgrading a cluster from NGX R65 to R76. John knows that you can verify the upgrade
process using the pre-upgrade verifier tool. When John is running Pre-Upgrade Verification, he
sees the warning message:

Title: Incompatible pattern.

What is happening?

A. R76 uses a new pattern matching engine. Incompatible patterns should be deleted before
upgrade process to complete it successfully.
B. Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will
be aborted.
C. Pre-Upgrade Verification tool only shows that message but it is only informational.
D. The actual configuration contains user defined patterns in IPS that are not supported in R76.
If the patterns are not fixed after upgrade, they will not be used with R76 Security Gateways.

Answer: D

QUESTION 32
The User Directory Software Blade is used to integrate which of the following with a R76 Security
Gateway?

A. LDAP server
B. RADIUS server

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. Account Management Client server
D. User Authorityserver

Answer: A

QUESTION 33
Your users are defined in a Windows 2008 Active Directory server.
You must add LDAP users to a Client Authentication rule.
Which kind of user group do you need in the Client Authentication rule in R76?

A. LDAP group
B. External-user group
C. A group with a generic user
D. All Users

Answer: A

QUESTION 34
Which of the following commands do you run on the AD server to identify the DN name before
configuring LDAP integration with the Security Gateway?

A. query ldap - name administrator

B. dsquery user - name administrator
C. ldapquery - name administrator
D. cpquery - name administrator

Answer: B

QUESTION 35
In Smart Directory, what is each LDAP server called?

A. Account Server
B. Account Unit
C. LDAP Server
D. LDAP Unit

Answer: B

QUESTION 36
What is the default port number for standard TCP connections with the LDAP server?

A. 398
B. 636
C. 389
D. 363

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 37
What is the default port number for Secure Sockets Layer connections with the LDAP Server?

A. 363
B. 389
C. 398
D. 636

Answer: D

QUESTION 38
When defining an Organizational Unit, which of the following are NOT valid object categories?

A. Domains
B. Resources
C. Users
D. Services

Answer: A

QUESTION 39
When defining Smart Directoryfor High Availability (HA), which of the following should you do?

A. Replicate the same information on multiple Active Directory servers.

B. Configure Secure Internal Communications with each server and fetch branches from each.
C. Configure a Smart DirectoryCluster object.
D. Configure the Smart Directoryas a single object using the LDAP cluster IP.
Actual HA functionality is configured on the servers.

Answer: A

QUESTION 40
The set of rules that governs the types of objects in the directory and their associated attributes is
called the:

A. LDAP Policy
B. Schema
C. Access Control List
D. Smart Database

Answer: B

QUESTION 41
When using Smart Dashboard to manage existing users in Smart Directory, when are the
changes applied?

A. Instantaneously
B. At policy installation
C. Never, you cannot manage users through Smart Dashboard

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. At database synchronization

Answer: A

QUESTION 42
Where multiple Smart Directory servers exist in an organization, a query from one of the clients
for user information is made to the servers based on a priority. By what category can this priority
be defined?

A. Gateway or Domain
B. Location or Account Unit
C. Location or Domain
D. Gateway or Account Unit

Answer: D

QUESTION 43
Each entry in Smart Directory has a unique _______________ ?

A. Distinguished Name
B. Organizational Unit
C. Port Number Association
D. Schema

Answer: A

QUESTION 44
With the User Directory Software Blade, you can create R76 user definitions on a(n) _________
Server.

A. SecureID
B. LDAP
C. NT Domain
D. Radius

Answer: B

QUESTION 45
Which describes the function of the account unit?

A. An Account Unit is the Check Point account that Smart Directoryuses to access an (LDAP) server
B. An Account Unit is a system account on the Check Point gateway that Smart Directory uses to
access an (LDAP) server
C. An Account Unit is the administration account on the LDAP server that Smart Directory uses to
access to (LDAP) server
D. An Account Unit is the interface which allows interaction between the Security Management
server and Security Gateways, and the Smart Directory(LDAP) server.

Answer: D

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 46
An organization may be distributed across several Smart Directory(LDAP) servers.
What provision do you make to enable a Gateway to use all available resources? Each Smart
Directory(LDAP) server must be:

A. a member in the LDAP group.

B. a member in a group that is associated with one Account Unit.
C. represented by a separate Account Unit.
D. represented by a separate Account Unit that is a member in the LDAP group.

Answer: C

QUESTION 47
Which is NOT a method through which Identity Awareness receives its identities?

A. GPO
B. Captive Portal
C. AD Query
D. Identity Agent

Answer: A

QUESTION 48
If using AD Query for seamless identity data reception from Microsoft Active Directory (AD),
which of the following methods is NOT Check Point recommended?

A. Leveraging identity in Internet application control

B. Identity-based auditing and logging
C. Basic identity enforcement in the internal network
D. Identity-based enforcement for non-AD users (non-Windows and guest users)

Answer: D

QUESTION 49
When using Captive Portal to send unidentified users to a Web portal for authentication, which of
the following is NOT a recommended use for this method?

A. Identity-based enforcement for non-AD users (non-Windows and guest users)

B. For deployment of Identity Agents
C. Basic identity enforcement in the internal network
D. Leveraging identity in Internet application control

Answer: C

QUESTION 50
Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On
(SSO). Which of the following is NOT a recommended use for this method?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. When accuracy in detecting identity is crucial
B. Identity based enforcement for non-AD users (non-Windows and guest users)
C. Protecting highly sensitive servers
D. Leveraging identity for Data Center protection

Answer: B

QUESTION 51
Which of the following access options would you NOT use when configuring Captive Portal?

A. Through the Firewall policy

B. From the Internet
C. Through all interfaces
D. Through internal interfaces

Answer: B

QUESTION 52
Where do you verify that Smart Directory is enabled?

A. Global properties > Authentication> Use Smart Directory(LDAP) for Security Gateways is
checked
B. Gateway properties> Smart Directory (LDAP) > Use Smart Directory(LDAP) for Security
Gateways is checked
C. Gateway properties > Authentication> Use Smart Directory(LDAP) for Security Gateways is
checked
D. Global properties > Smart Directory (LDAP) > Use Smart Directory(LDAP) for Security Gateways
is checked

Answer: D

QUESTION 53
If you are experiencing LDAP issues, which of the following should you check?

A. Secure Internal Communications (SIC)

B. Domain name resolution
C. Overlapping VPN Domains
D. Connectivity between the R76 Gateway and LDAP server

Answer: D

QUESTION 54
How are cached usernames and passwords cleared from the memory of a R76 Security
Gateway?

A. By using the Clear User Cache button in Smart Dashboard

B. By retrieving LDAP user information using the command fw fetchldap
C. Usernames and passwords only clear from memory after they time out

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. By installing a Security Policy

Answer: D

QUESTION 55
When an Endpoint user is able to authenticate but receives a message from the client that it is
unable to enforce the desktop policy, what is the most likely scenario?

A. The user's rights prevent access to the protected network.

B. A Desktop Policy is not configured.
C. The gateway could not locate the user in Smart Directoryand is allowing the connection with
limitations based on a generic profile.
D. The user is attempting to connect with the wrong Endpoint client.

Answer: D

QUESTION 56
When using a template to define a Smart Directory, where should the user's password be
defined? In the:

A. Template object
B. VPN Community object
C. User object
D. LDAP object

Answer: C

QUESTION 57
When configuring an LDAP Group object, which option should you select if you want the gateway
to reference the groups defined on the LDAP server for authentication purposes?

A. All Account-Unit's Users

B. Only Group in Branch
C. Group Agnostic
D. OU Accept and select appropriate domain

Answer: B

QUESTION 58
When configuring an LDAP Group object, which option should you select if you do NOT want the
gateway to reference the groups defined on the LDAP server for authentication purposes?

A. OU Accept and select appropriate domain

B. Only Sub Tree
C. Only Group in Branch
D. Group Agnostic

Answer: B

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 59
When configuring an LDAP Group object, which option should you select if you want the gateway
to reference the groups defined on the LDAP server for authentication purposes?

A. Only Group in Branch

B. Only Sub Tree
C. OU Auth and select Group Name
D. All Account-Unit's Users

Answer: A

QUESTION 60
The process that performs the authentication for Smart Dashboardis:

A. fwm
B. vpnd
C. cvpnd
D. cpd

Answer: A

QUESTION 61
The process that performs the authentication for Remote Access is:

A. cpd
B. vpnd
C. fwm
D. cvpnd

Answer: B

QUESTION 62
The process that performs the authentication for SSL VPN Users is:

A. cvpnd
B. cpd
C. fwm
D. vpnd

Answer: A

QUESTION 63
The process that performs the authentication for legacy session authentication is:

A. cvpnd
B. fwm
C. vpnd

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. fwssd

Answer: D

QUESTION 64
While authorization for users managed by Smart Directoryis performed by the gateway, the
authentication is mostly performed by the infrastructure in which of the following?

A. ldapd
B. cpauth
C. cpShared
D. ldapauth

Answer: B

QUESTION 65
When troubleshooting user authentication, you may see the following entries in a debug of the
user authentication process. In which order are these messages likely to appear?

A. make_au, au_auth, au_fetchuser, au_auth_auth, cpLdapCheck, cpLdapGetUser

B. cpLdapGetUser, au_fetchuser, cpLdapCheck, make_au, au_auth, au_auth_auth
C. make_au, au_auth, au_fetchuser, cpLdapGetUser, cpLdapCheck, au_auth_auth
D. au_fetchuser, make_au, au_auth, cpLdapGetUser, au_auth_auth, cpLdapCheck

Answer: C

QUESTION 66
Which of the following is NOT a ClusterXL mode?

A. Multicast
B. Legacy
C. Broadcast
D. New

Answer: C

QUESTION 67
In an R76 Cluster, some features such as VPN only function properly when:

A. All cluster members have the same policy

B. All cluster members have the same Hot Fix Accumulator pack installed
C. All cluster members' clocks are synchronized
D. All cluster members have the same number of interfaces configured

Answer: C

QUESTION 68
In ClusterXL R76; when configuring a cluster synchronization network on a VLAN interface what

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
is the supported configuration?

A. It is supported on VLAN tag 4095

B. It is supported on VLAN tag 4096
C. It is supported on the lowest VLAN tag of the VLAN interface
D. It is not supported on a VLAN tag

Answer: C

QUESTION 69
Which process is responsible for delta synchronization in ClusterXL?

A. fw kernel on the security gateway

B. fwd process on the security gateway
C. cpd process on the security gateway
D. Clustering process on the security gateway

Answer: A

QUESTION 70
Which process is responsible for full synchronization in ClusterXL?

A. fwd on the Security Gateway

B. fw kernel on the Security Gateway
C. Clustering on the Security Gateway
D. cpd on the Security Gateway

Answer: A

QUESTION 71
Which process is responsible for kernel table information sharing across all cluster members?

A. fwd daemon using an encrypted TCP connection

B. CPHA using an encrypted TCP connection
C. fw kernel using an encrypted TCP connection
D. cpd using an encrypted TCP connection

Answer: A

QUESTION 72
By default, a standby Security Management Server is automatically synchronized by an active
Security Management Server, when:

A. The user data base is installed.

B. The standby Security Management Server starts for the first time.
C. The Security Policy is installed.
D. The Security Policy is saved.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: C

QUESTION 73
The ________ Check Point ClusterXL mode must synchronize the physical interface IP and MAC
addresses on all clustered interfaces.

A. New Mode HA
B. Pivot Mode Load Sharing
C. Multicast Mode Load Sharing
D. Legacy Mode HA

Answer: D

QUESTION 74
__________ is a proprietary Check Point protocol. It is the basis for Check Point ClusterXL inter-
module communication.

A. HA OPCODE
B. RDP
C. CKPP
D. CCP

Answer: D

QUESTION 75
After you add new interfaces to a cluster, how can you check if the new interfaces and the
associated virtual IP address are recognized by ClusterXL?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. By running the command cphaprob state on both members
B. By running the command cpconfig on both members
C. By running the command cphaprob -I list on both members
D. By running the command cphaprob -a if on both members

Answer: D

QUESTION 76
Which of the following is a supported Sticky Decision Function of Sticky Connections for Load
Sharing?

A. Multi-connection support for VPN-1 cluster members

B. Support for all VPN deployments (except those with third-party VPN peers)
C. Support forSecure Client/Secure mote/SSL Network Extender encrypted connections
D. Support for Performance Pack acceleration

Answer: C

QUESTION 77
Included in the customer's network are some firewall systems with the Performance Pack in use.
The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He is not
sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.

A. Sticky Decision Function is not supported when employing either Performance Pack or a
hardware-based accelerator card.
Enabling the Sticky Decision Function disables these acceleration products.
B. ClusterXL always supports the Sticky Decision Function in the Load Sharing mode.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. The customer can use the firewalls with Performance Pack inside the cluster, which should
support the Sticky Decision Function.
It is just necessary to enable the Sticky Decision Function in the SmartDashboard cluster object in
the ClusterXL page, Advanced Load Sharing Configuration window.
D. The customer can use the firewalls with Performance Pack inside the cluster, which should
support the Sticky Decision Function.
It is just necessary to configure it with the cluster XL_SDF_enable command.

Answer: A

QUESTION 78
A connection is said to be Sticky when:

A. The connection information sticks in the connection table even after the connection has ended.
B. A copy of each packet in the connection sticks in the connection table until a corresponding reply
packet is received from the other side.
C. A connection is not terminated by either side by FIN or RST packet.
D. All the connection packets are handled, in either direction, by a single cluster member.

Answer: D

QUESTION 79
How does a cluster member take over the VIP after a failover event?

A. Broadcast storm
B. iflist -renew
C. Ping the sync interface
D. Gratuitous ARP

Answer: D

QUESTION 80
Check Point Clustering protocol, works on:

A. UDP 500
B. UDP 8116
C. TCP 8116
D. TCP 19864

Answer: B

QUESTION 81
A customer is calling saying one member's status is Down. What will you check?

A. cphaprob list (verify what critical device is down)

B. fw ctl pstat (check sync)
C. fw ctl debug -m cluster + forward (forwarding layer debug)
D. tcpdump/snoop (CCP traffic)

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: A

QUESTION 82
A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not
SYN. Complete the following sentence. I will recommend:

A. turning on SDF (Sticky Decision Function)

B. turning off SDF (Sticky Decision Function)
C. changing the load on each member
D. configuring flush and ack

Answer: A

QUESTION 83
Which of the following commands can be used to troubleshoot ClusterXL sync issues?

A. fw debug cxl connections > file_name

B. fw tab -s -t connections > file_name
C. fw tab -u connections > file_name
D. fw ctl -s -t connections > file_name

Answer: B

QUESTION 84
Which of the following commands shows full synchronization status?

A. fw hastat
B. cphaprob -i list
C. cphaprob -a if
D. fw ctl iflist

Answer: B

QUESTION 85
John is configuring a new R76 Gateway cluster but he can not configure the cluster as Third
Party IP Clustering because this option is not available in Gateway Cluster Properties.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
What's happening?

A. Third Party Clustering is not available for R76 Security Gateways.

B. John is not using third party hardware as IP Clustering is part of Check Point's IP Appliance.
C. ClusterXL needs to be unselected to permit 3rd party clustering configuration.
D. John has an invalid ClusterXL license.

Answer: C

QUESTION 86
Which of the following commands shows full synchronization status?

A. cphaprob -a if
B. fw ctl iflist
C. fw hastat
D. fw ctl pstat

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 87
In ClusterXL, _______ is defined by default as a critical device.

A. fwd
B. fwm
C. assld
D. cpp

Answer: A

QUESTION 88
Refer to Exhibit below:

Match the ClusterXL modes with their configurations.

A. A - 3, B - 2, C - 4, D - 1
B. A - 2, B - 3, C - 1, D - 4
C. A - 2, B - 3, C - 4, D - 1
D. A - 3, B - 2, C - 1, D - 4

Answer: D

QUESTION 89
In ClusterXL, _______ is defined by default as a critical device.

A. fw.d
B. protect.exe
C. PROT_SRV.EXE
D. Filter

Answer: D

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 90
When synchronizing clusters, which of the following statements is NOT true?

A. The state of connections using resources is maintained by a Security Server, so these

connections cannot be synchronized.
B. In the case of a failover, accounting information on the failed member may be lost despite a
properly working synchronization.
C. Only cluster members running on the same OS platform can be synchronized.
D. Client Authentication or Session Authentication connections through a cluster member will be lost
if the cluster member fails.

Answer: D

QUESTION 91
When synchronizing clusters, which of the following statements is NOT true?

A. User Authentication connections will be lost by the cluster.

B. An SMTP resource connection using CVP will be maintained by the cluster.
C. In the case of a failover, accounting information on the failed member may be lost despite a
properly working synchronization.
D. Only cluster members running on the same OS platform can be synchronized.

Answer: B

QUESTION 92
When a failed cluster member recovers, which of the following actions is NOT taken by the
recovering member?

A. It will try to take the policy from one of the other cluster members.
B. It will not check for any updated policy and load the last installed policy with a warning message
indicating that the Security Policy needs to be installed from the Security Management Server.
C. If the Security Management Server has a newer policy, it will be retrieved, else the local policy will
be loaded.
D. It compares its local policy to the one on the Security Management Server.

Answer: B

QUESTION 93
Organizations are sometimes faced with the need to locate cluster members in different
geographic locations that are distant from each other. A typical example is replicated data centers
whose location is widely separated for disaster recovery purposes.
What are the restrictions of this solution?

A. There are no restrictions.

B. There is one restriction:
The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).
C. There is one restriction:
The synchronization network must guarantee no more than 100 ms latency.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. There are two restrictions:
1. The synchronization network must guarantee no more than 100ms latency and no more than 5%
packet loss.
2. The synchronization network may only include switches and hubs.

Answer: D

QUESTION 94
You are the MegaCorp Security Administrator. This company uses a firewall cluster, consisting of
two cluster members. The cluster generally works well but one day you find that the cluster is
behaving strangely. You assume that there is a connectivity problem with the cluster
synchronization cluster link (cross-over cable).
Which of the following commands is the best for testing the connectivity of the crossover cable?

A. telnet <IP address of the synchronization interface on the other cluster member>
B. ifconfig -a
C. ping <IP address of the synchronization interface on the other cluster member>
D. arping <IP address of the synchronization interface on the other cluster member>

Answer: D

QUESTION 95
You have a High Availability ClusterXL configuration. Machines are not synchronized.
What happens to connections on failover?

A. Connections cannot be established until cluster members are fully synchronized.

B. It is not possible to configure High Availability that is not synchronized.
C. Old connections are lost but can be reestablished.
D. Old connections are lost but are automatically recovered whenever the failed machine recovers.

Answer: C

QUESTION 96
What command will allow you to disable sync on a cluster firewall member?

A. fw ctl syncstat stop

B. fw ctl setsync off
C. fw ctl setsync 0
D. fw ctl syncstat off

Answer: B

QUESTION 97
When using ClusterXL in Load Sharing, what is the default method?

A. IPs, Ports, SPIs

B. IPs
C. IPs, Ports
D. IPs, SPIs

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: A

QUESTION 98
If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one
member goes down?

A. The connections are dropped as Load Sharing does not support High Availability.
B. The processing of all connections handled by the faulty machine is dropped, so all connections
need to be re-established through the other machine(s).
C. There is no state synchronization on Load Sharing, only on High Availability.
D. The processing of all connections handled by the faulty machine is immediately taken over by the
other member(s).

Answer: D

QUESTION 99
In the following cluster configuration; if you reboot sglondon_1 which device will be active when
sglondon_1 is back up and running? Why?

A. Sglondon_1, because it is up again, sglondon_2 took over during reboot

B. Sglondon_2 because I has highest IP
C. Sglondon_2 because it has highest priority
D. Sglondon_1 because it the first configured object with the lowest IP

Answer: C

QUESTION 100
What is a "sticky" connection?

A. A Sticky Connection is one in which a reply packet returns through the same gateway as the
original packet.
B. A Sticky Connection is a VPN connection that remains up until you manually bring it down.
C. A Sticky Connection is a connection that remains the same.
D. A Sticky Connection is a connection that always chooses the same gateway to set up the initial
connection.

Answer: A

QUESTION 101
Your network includes ClusterXL running Multicast mode on two members, as shown in this
topology: Your network is expanding, and you need to add new interfaces:

10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B.

The virtual IP address for interface 10.10.10.0/24 is 10.10.10.3.

What is the correct procedure to add these interfaces?

A. 1. Use the ifconfig command to configure and enable the new interface.
2. Run cpstop and cpstart on both members at the same time.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 3. Update the topology in the cluster object for the cluster and both members.
4. Install the Security Policy.
B. 1. Disable "Cluster membership" from one Gateway via cpconfig.
2. Configure the new interface via sysconfig from the "non-member" Gateway.
3. RE. enable "Cluster membership" on the Gateway.
4. Perform the same step on the other Gateway.
5. Update the topology in the cluster object for the cluster and members.
6. Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2. Run cpstart on the member. Repeat the same steps on another member.
3. Update the new topology in the cluster object for the cluster and members.
4. Install the Security Policy.
D. 1. Use sysconfig to configure the new interfaces on both members.
2. Update the topology in the cluster object for the cluster and both members.
3. Install the Security Policy.

Answer: C

QUESTION 102
Match the Best Management High Availability synchronization-status descriptions for your
Security Management Server (SMS):

A. A - 3, B - 1, C - 2, D - 4
B. A - 3, B - 1, C - 4, D - 2
C. A - 4, B - 3, C - 1, D - 2
D. A - 3, B - 2, C - 1, D - 4

Answer: A

QUESTION 103
Review the R76 configuration.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Is it correct for Management High Availability?

A. No, the Security Management Servers must reside on the same network.
B. No, the Security Management Servers must be installed on the same operating system.
C. No, the Security Management Servers do not have the same number of NICs.
D. No, a R71 Security Management Server cannot run on Red Hat Linux 9.0.

Answer: B

QUESTION 104
Check Point New Mode HA is a(n) _________ solution.

A. primary-domain
B. hot-standby
C. acceleration
D. load-balancing

Answer: B

QUESTION 105
What is the behavior of ClusterXL in a High Availability environment?

A. The active member responds to the virtual address and is the only member that passes traffic.
B. The active member responds to the virtual address and, using sync network forwarding, both
members pass traffic.
C. Both members respond to the virtual address but only the active member is able to pass traffic.
D. Both members respond to the virtual address and both members pass traffic.

Answer: A

QUESTION 106
Review the cphaprob state command output from one New Mode High Availability ClusterXL

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
cluster member.

Which member will be active after member 192.168.1.2 fails over and is rebooted?

A. 192.168.1.2
B. Both members' state will be in collision.
C. 192.168.1.1
D. Both members' state will be active.

Answer: C

QUESTION 107
Review the cphaprob state command output from a New Mode High Availability cluster member.

Which machine has the highest priority?

A. 192.168.1.2, because its state is active

B. 192.168.1.1, because its number is 1
C. 192.168.1.1, because it is <local>
D. This output does not indicate which machine has the highest priority.

Answer: B

QUESTION 108
By default Check Point High Availability components send updates about their state every:

A. 5 seconds.
B. 0.5 second.
C. 0.1 second.
D. 1 second.

Answer: C

QUESTION 109
You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to
R76. cphaprob stat shows:

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Which of the following is not a possible cause of this?

A. You have a different number of cores defined for CoreXL between the two members
B. Member 1 has CoreXL disabled and member 2 does not
C. Member 1 is at a lower version than member 2
D. You have not run cpconfig on member 2 yet.

Answer: D

QUESTION 110
In Management High Availability, what is an Active SMS?

A. Active Security Master Server

B. Active Smart Management Server
C. Active Security Management Server
D. Active Smart Master Server

Answer: C

QUESTION 111
For Management High Availability, if an Active SMS goes down, does the Standby SMS
automatically take over?

A. Yes, if you set up ClusterXL

B. Yes, if you set up SecureXL
C. No, the transition should be initiated manually
D. Yes, if you set up VRRP

Answer: C

QUESTION 112
For Management High Availability synchronization, what does the Advance status mean?

A. The peer SMS has not been synchronized properly.

B. The peer SMS is properly synchronized.
C. The active SMS and its peer have different installed policies and databases.
D. The peer SMS is more up-to-date.

Answer: D

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 113
Which of the following would be a result of having more than one active Security Management
Server in a Management High Availability (HA) configuration?

A. The need to manually synchronize the secondary Security Management Server with the Primary
Security Management Server is eliminated.
B. Allows for faster seamless failover: from active-to-active instead of standby-to-active.
C. An error notification will popup during Smart Dashboard login if the two machines can
communicate indicating Collision status.
D. Creates a High Availability implementation between the Gateways installed on the Security
Management Servers.

Answer: C

QUESTION 114
You want to verify that your Check Point cluster is working correctly.
Which command line tool can you use?

A. cphastart -status
B. cphainfo -s
C. cphaprob state
D. cphaconf state

Answer: C

QUESTION 115
How can you view the virtual cluster interfaces of a Cluster XL environment?

A. cphaprob -ia if
B. cphaprob -a if
C. cphaprob -a list
D. cphaprob -ia list

Answer: B

QUESTION 116
How can you view the critical devices on a cluster member in a Cluster XL environment?

A. cphaprob -ia list

B. cphaprob -a if
C. cphaprob -a list
D. cphaprob -ia if

Answer: A

QUESTION 117
When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets
being handled by cluster members?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. All members receive all packets.
The Security Management Server decides which member will process the packets.
Other members delete the packets from memory.
B. All cluster members process all packets and members synchronize with each other.
C. All members receive all packets.
All members run an algorithm which determines which member processes packets further and
which members delete the packet from memory.
D. Only one member at a time is active.
The active cluster member processes all packets.

Answer: C

QUESTION 118
Which of the following does NOT happen when using Pivot Mode in ClusterXL?

A. The Security Gateway analyzes the packet and forwards it to the Pivot.
B. The packet is forwarded through the same physical interface from which it originally came, not on
the sync interface.
C. The Pivot's Load Sharing decision function decides which cluster member should handle the
packet.
D. The Pivot forwards the packet to the appropriate cluster member.

Answer: A

QUESTION 119
When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which
valid Load Sharing method will consider VPN information?

A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces

B. Load Sharing based on SPIs
C. Load Sharing based on ports, VTI, and IP addresses
D. Load Sharing based on IP addresses, ports, and security parameter indexes

Answer: D

QUESTION 120
By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other
cluster members.

A. Broadcast
B. Unicast
C. Multicast
D. Shoutcast

Answer: C

QUESTION 121
To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. set_ccp cpcluster broadcast
B. ccp broadcast
C. clusterconfig set_ccp broadcast
D. cphaconf set_ccp broadcast

Answer: D

QUESTION 122
What cluster mode is represented in this case?

A. Load Sharing (multicast mode)

B. HA (New mode).
C. 3rd party cluster
D. Load Sharing Unicast (Pivot) mode

Answer: B

QUESTION 123
What cluster mode is represented in this case?

A. 3rd party cluster

B. Load Sharing (multicast mode)
C. Load Sharing Unicast (Pivot) mode
D. HA (New mode)

Answer: B

QUESTION 124
Which of the listed load-balancing methods is NOT valid?

A. Random
B. Domain
C. They are all valid
D. Round Trip

Answer: C

QUESTION 125
Which method of load balancing describes "Round Robin"?

A. Assigns service requests to the next server in a series.

B. Assigns service requests to servers at random.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. Measures the load on each server to determine which server has the most available resources.
D. Ensures that incoming requests are handled by the server with the fastest response time.

Answer: A

QUESTION 126
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two
members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies.

Review the ARP table from the internal Windows host 10.4.8.108.
According to the output, which member is the standby machine?

A. 10.4.8.3
B. The standby machine cannot be determined by this test.
C. 10.4.8.1
D. 10.4.8.2

Answer: C

QUESTION 127
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3.
An internal host 10.4.8.108 successfully pings its Cluster and receives replies.
Review the ARP table from the internal Windows host 10.4.8.108.
Based on this information, what is the active cluster member's IP address?

A. The active cluster member's IP address cannot be determined by this ARP cache.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. 10.4.8.3
C. 10.4.8.1
D. 10.4.8.2

Answer: D

QUESTION 128
State Synchronization is enabled on both members in a cluster, and the Security Policy is
successfully installed. No protocols or services have been unselected for selective sync.
Review the fw tab -t connections -s output from both members.

Is State Synchronization working properly between the two members?

A. Members A and B are not synchronized, because #VALS in the connections table are not close.
B. Members A and B are not synchronized, because #PEAK for both members is not close in the
connections table.
C. Members A and B are synchronized, because #SLINKS are identical in the connections table.
D. Members A and B are synchronized, because ID for both members is identical in the connections
table.

Answer: A

QUESTION 129
You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76
installed in a distributed deployment. Can they be members of a Gateway Cluster?

A. No, because the Security Gateways must be installed in a stand-alone installation.

B. No, because IP does not have a cluster option.
C. Yes, as long as they have the same IPSO and Check Point versions.
D. No, because the appliances must be of the same model (both should be IP565 or IP395).

Answer: C

QUESTION 130
You want to upgrade a cluster with two members to VPN-1 NGX. The Smart CenterServer and
both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix.
What is the correct upgrade procedure?

1. Change the version, in the General Properties of the gateway-cluster

object.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
2. Upgrade the Smart CenterServer, and reboot after upgrade.
3. Run cpstop on one member, while leaving the other member running.
Upgrade one member at a time, and reboot after upgrade.
4. Reinstall the Security Policy.

A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4
E. 1, 2, 3, 4

Answer: D

QUESTION 131
Included in the client's network are some switches, which rely on IGMP snooping.
You must find a solution to work with these switches.
Which of the following answers does NOT lead to a successful solution?

A. Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.

B. Configure static CAMs to allow multicast traffic on specific ports.
C. ClusterXL supports IGMP snooping by default. There is no need to configure anything.
D. Disable IGMP registration in switches that rely on IGMP packets

Answer: C

QUESTION 132
The customer wishes to install a cluster. In his network, there is a switch which is incapable of
forwarding multicast. Is it possible to install a cluster in this situation?

A. Yes, you can toggle on ClusterXL between broadcast and multicast by setting the multicast mode
using the command cphaconf set_ccp multicast on|ff. The default setting is broadcast.
B. Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf
set_ccp broadcast/multicast.
C. No, the customer needs to replace the switch with a new switch, which supports multicast
forwarding.
D. Yes, the ClusterXL changes automatically to the broadcast mode if the multicast is not forwarded.

Answer: B

QUESTION 133
What could be a reason why synchronization between primary and secondary Security
Management Servers does not occur?

A. You did not activate synchronization within Global Properties.

B. You are using different time zones.
C. You have installed both Security Management Servers on different server systems (e. g. one
machine on HP hardware and the other one on DELL).
D. If the set of installed products differ from each other, the Security Management Servers do not
synchronize the database to each other.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 134
What is the proper command for importing users into the R76 User Database?

A. fwm dbimport
B. fwm importusrs
C. fwm import
D. fwm importdb

Answer: A

QUESTION 135
In a R76 Management High Availability (HA) configuration, you can configure synchronization to
occur automatically, when:

1. The Security Policy is installed.

2. The Security Policy is saved.
3. The Security Administrator logs in to the secondary Smart
CenterServer, and changes its status to active.
4. A scheduled event occurs.
5. The user database is installed.

Select the BEST response for the synchronization trigger.

A. 1, 2, 4
B. 1, 2, 3, 4
C. 1, 2, 5
D. 1, 3, 4

Answer: A

QUESTION 136
What is a requirement for setting up R76 Management High Availability?

A. All Security Management Servers must have the same number of NICs.
B. All Security Management Servers must have the same operating system.
C. State synchronization must be enabled on the secondary Security Management Server.
D. All Security Management Servers must reside in the same LAN.

Answer: B

QUESTION 137
You are preparing computers for a new ClusterXL deployment.
For your cluster, you plan to use three machines with the following configurations:

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Are these machines correctly configured for a ClusterXL deployment?

A. No, the Security Gateway cannot be installed on the Security Management Server.
B. No, the Security Management Server is not running the same operating system as the cluster
members.
C. Yes, these machines are configured correctly for a ClusterXL deployment.
D. No, Cluster Member 3 does not have the required memory.

Answer: A

QUESTION 138
You are preparing computers for a new ClusterXL deployment.
For your cluster, you plan to use four machines with the following configurations:

Cluster Member 1: OS:Secure Platform, NICs: QuadCard, memory: 1 GB, Security Gateway only,
version: R76
Cluster Member 2: OS:Secure Platform, NICs: 4 Intel 3Com, memory: 1 GB, Security Gateway
only, version: R76
Cluster Member 3: OS:Secure Platform, NICs: 4 other manufacturers, memory: 512 MB, Security
Gateway only, version: R76
Security Management Server: MS Windows 2003, NIC. Intel NIC (1), Security Gateway and
primary Security Management Server installed, version: R76

Are these machines correctly configured for a ClusterXL deployment?

A. No, the Security Gateway cannot be installed on the Security Management Pro Server.
B. No, Cluster Member 3 does not have the required memory.
C. Yes, these machines are configured correctly for a ClusterXL deployment.
D. No, the Security Management Server is not running the same operating system as the cluster
members.

Answer: C

QUESTION 139
What is the reason for the following error?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. A third-party cluster solution is implemented.
B. Cluster membership is not enabled on the gateway.
C. Objects.C does not contain a cluster object.
D. Device Name contains non-ASCII characters.

Answer: B

QUESTION 140
You are establishing a ClusterXL environment, with the following topology:

External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream
router connects to the same VLAN switch. Internal interfaces 172.16.10.1 and 172.16.10.2
connect to a hub. 10.10.10.0 is the synchronization network. The Security Management Server is
located on the internal network with IP 172.16.10.3.
What is the problem with this configuration?

A. Cluster members cannot use the VLAN switch. They must use hubs.
B. The Cluster interface names must be identical across all cluster members.
C. There is an IP address conflict.
D. The Security Management Server must be in the dedicated synchronization network, not the
internal network.

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 141
You find that Gateway fw2 can NOT be added to the cluster object.
What are possible reasons for that?

A. (i) or (ii)
B. (ii) or (iii)
C. (i) or (iii)
D. All

Answer: C

QUESTION 142
In which ClusterXL Load Sharing mode, does the pivot machine get chosen automatically by
ClusterXL?

A. Hot Standby Load Sharing

B. Unicast Load Sharing
C. Multicast Load Sharing
D. CCP Load Sharing

Answer: B

QUESTION 143
What configuration change must you make to change an existing ClusterXL cluster object from
Multicast to Unicast mode?

A. Reset Secure Internal Communications (SIC) on the cluster-member objects.

Reinstall the Security Policy.
B. Run cpstop and cpstart, to re-enable High Availability on both objects.
Select Pivot mode in cpconfig.
C. Change the cluster mode to Unicast on the cluster object.
Reinstall the Security Policy.
D. Change the cluster mode to Unicast on each of the cluster-member objects.

Answer: C

QUESTION 144
In a R76 ClusterXL Load Sharing configuration, which type of ARP related problem can force the
use of Unicast Mode (Pivot) configuration due to incompatibility on some adjacent routers and
switches?

A. Multicast MAC address response to a Unicast IP request

B. Unicast MAC address response to a Multicast IP request

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. Multicast MAC address response to a RARP request
D. MGCP MAC address response to a Multicast IP request

Answer: A

QUESTION 145
In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal interfaces
on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives
replies. The following is the ARP table from the internal Windows host 10.4.8.108.

Review the exhibit and identify the member serving as the pivot machine.

A. 10.4.8.3
B. 10.4.8.2
C. The pivot machine cannot be determined by this test.
D. 10.4.8.1

Answer: B

QUESTION 146
Which of the following commands will stop acceleration on a Security Gateway running onSecure
Platform?

A. splat_accel off
B. perf_pack off
C. fw accel off
D. fwaccel off

Answer: D

QUESTION 147
How do new connections get established through a Security Gateway with SecureXL enabled?

A. New connections are always inspected by the firewall and if they are accepted, the subsequent
packets of the same connection will be passed through SecureXL
B. The new connection will be first inspected by SecureXL and if it does not match the drop table of
SecureXL, then it will be passed to the firewall module for a rule match.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. New connection packets never reach the SecureXL module.
D. If the connection matches a connection or drop template in SecureXL, it will either be established
or dropped without performing a rule match, else it will be passed to the firewall module for a rule
match.

Answer: D

QUESTION 148
Which of the following commands can be used to bind a NIC to a single processor when using a
Performance Pack onSecure Platform?

A. sim affinity
B. splat proc
C. set proc
D. fw fat path nic

Answer: A

QUESTION 149
Review the Rule Base displayed.
For which rules will the connection templates be generated in SecureXL?

A. Rule nos. 2 and 5

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. Rule no. 2 only
C. All rules except rule no. 3
D. Rule nos. 2 to 5

Answer: B

QUESTION 150
Your customer asks you about the Performance Pack.
You explain to him that a Performance Pack is a software acceleration product which improves
the performance of the Security Gateway.
You may enable or disable this acceleration by either:

1) thecommand:cpconfig

What is the difference between these two commands?

A. The fwaccel command determines the default setting.

The command cpconfig can dynamically change the setting, but after the reboot it reverts to the
default setting.
B. Both commands function identically.
C. The command cpconfig works on the Security Platform only.
The command fwaccel can be used on all platforms.
D. The cpconfig command enables acceleration.
The command fwaccel can dynamically change the setting, but after the reboot it reverts to the
default setting.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 151
Your customer complains of the weak performance of his systems. He has heard that Connection
Templates accelerate traffic. How do you explain to the customer about template restrictions and
how to verify that they are enabled?

A. To enhance connection-establishment acceleration, a mechanism attempts to "group together" all

connections that match a particular service and whose sole discriminating element is the source
port.
To test if connection templates are enabled, use the command fwaccel stat.
B. To enhance connection-establishment acceleration, a mechanism attempts to "group together" all
connections that match a particular service and whose sole discriminating element is the
destination port.
To test if connection templates are enabled, use the command fwacel templates.
C. To enhance connection-establishment acceleration, a mechanism attempts to "group together" all
connections that match a particular service and whose sole discriminating element is the
destination port.
To test if connection templates are enabled, use the command fw ctl templates.
D. To enhance connection-establishment acceleration, a mechanism attempts to "group together" all
connections that match a particular service and whose sole discriminating element is the source
port.
To test if connection templates are enabled, use the command fw ctl templates.

Answer: A

QUESTION 152
Frank is concerned with performance and wants to configure the affinities settings.
His gateway does not have the Performance Pack running.
What would Frank need to perform in order configure those settings?

A. Edit $FWDIR/conf/fwaffinity.conf and change the settings.

B. Edit affinity.conf and change the settings.
C. Run fw affinity and change the settings.
D. Run sim affinity and change the settings.

Answer: A

QUESTION 153
You are concerned that the processor for your firewall running NGX R71 Secure Platformmay be
overloaded. What file would you view to determine the speed of your processor(s)?

A. cat /etc/cpuinfo
B. cat /proc/cpuinfo
C. cat /var/opt/CPsuite-R71/fw1/conf/cpuinfo
D. cat /etc/sysconfig/cpuinfo

Answer: B

QUESTION 154

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Which of the following is NOT a restriction for connection template generation?

A. SYN Defender
B. ISN Spoofing
C. UDP services with no protocol type or source port mentioned in advanced properties
D. VPN Connections

Answer: C

QUESTION 155
In CoreXL, what process is responsible for processing incoming traffic from the network
interfaces, securely accelerating authorized packets, and distributing non-accelerated packets
among kernel instances?

A. NAD (Network Accelerator Daemon)

B. SND (Secure Network Distributor)
C. SSD (Secure System Distributor)
D. SNP (System Networking Process)

Answer: B

QUESTION 156
Due to some recent performance issues, you are asked to add additional processors to your
firewall. If you already have CoreXL enabled, how are you able to increase Kernel instances?

A. Once CoreXL is installed you cannot enable additional Kernel instances without reinstalling R76.
B. In Smart Update, right-click on Firewall Object and choose Add Kernel Instances.
C. Use cpconfig to reconfigure CoreXL.
D. Kernel instances are automatically added after process installed and no additional configuration is
needed.

Answer: C

QUESTION 157
Which of the following platforms does NOT support SecureXL?

A. Power-1 Appliance
B. IP Appliance
C. UTM-1 Appliance
D. UNIX

Answer: D

QUESTION 158
Which of the following is NOT supported by CoreXL?

A. Smart ViewTracker
B. Route-based VPN
C. IPS

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. IPV4

Answer: B

QUESTION 159
If the number of kernel instances for CoreXL shown is 6, how many cores are in the physical
machine?

A. 6
B. 8
C. 4
D. 12

Answer: B

QUESTION 160
Which of the following is NOT accelerated by SecureXL?

A. Telnet
B. FTP
C. SSH
D. HTTPS

Answer: B

QUESTION 161
To verify SecureXL statistics you would use the command ________?

A. fwaccel stats
B. fw ctl pstat
C. fwaccel top
D. cphaprob stat

Answer: A

QUESTION 162
How can you disable SecureXL via the command line (it does not need to survive a reboot)?

A. cphaprob off
B. fw ctl accel off
C. securexl off
D. fwaccel off

Answer: D

QUESTION 163
Which of these is a type of acceleration in SecureXL?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. FTP
B. connection rate
C. GRE
D. QoS

Answer: B

QUESTION 164
The CoreXL SND (Secure Network Distributor) is responsible for:

A. distributing non-accelerated packets among kernel instances

B. accelerating VPN traffic
C. shutting down cores when they are not needed
D. changing routes to distribute the load across multiple firewalls

Answer: A

QUESTION 165
How can you verify that SecureXL is running?

A. cpstat os
B. fw ver
C. fwaccel stat
D. securexl stat

Answer: C

QUESTION 166
Which of the following services will cause SecureXL templates to be disabled?

A. TELNET
B. FTP
C. HTTPS
D. LDAP

Answer: B

QUESTION 167
How do you enable SecureXL (command line) onGAiA?

A. fw securexl on
B. fw accel on
C. fwaccel on
D. fwsecurexl on

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 168
The following graphic illustrates which command being issued on Secure Platform?

A. fwaccel stats
B. fw accel stats
C. fw securexl stats
D. fwsecurexl stats

Answer: A

QUESTION 169
After Travis added new processing cores on his server, CoreXL did not use them.
What would be the most plausible reason why? Travis did not:

A. Edit the Gateway Properties and increase the kernel instances.

B. Run cpconfig to increase the number of CPU cores.
C. Edit the Gateway Properties and increase the number of CPU cores.
D. Run cpconfig to increase the kernel instances.

Answer: D

QUESTION 170
Steve tries to configure Directional VPN Rule Match in the Rule Base.
But the Match column does not have the option to see the Directional Match.
Steve sees the following screen.
What is the problem?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Steve must enable directional_match(true) in the objects_5_0.C file on SmartCenter Server.
B. Steve must enable Advanced Routing on each Security Gateway.
C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Steve must enable a dynamic routing protocol, such as OSPF, on the Gateways.
E. Steve must enable VPN Directional Match on the gateway object's VPN tab.

Answer: C

QUESTION 171
A Smart ProvisioningGateway could be a member of which VPN communities?

(i) Center In Star Topology

(ii) Satellite in Star Topology
(iii) Carter in Remote Access Community
(iv) Meshed Community

A. (ii) and (iii)

B. All
C. (i), (ii) and (iii)
D. (ii) only

Answer: A

QUESTION 172
What process manages the dynamic routing protocols (OSPF, RIP, etc.) on SecurePlatform Pro?

A. Gated
B. There's no separate process, but the Linux default router can take care of that.
C. Routerd
D. Arouted

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: A

QUESTION 173
What is the command to enter the router shell?

A. gated
B. routerd
C. clirouter
D. router

Answer: D

QUESTION 174
Which statement is TRUE for route-based VPN's?

A. Route-based VPN's replace domain-based VPN's.

B. Route-based VPN's are a form of partial overlap VPN Domain.
C. Dynamic-routing protocols are not required.
D. IP Pool NAT must be configured on each Gateway.

Answer: C

QUESTION 175
VPN routing can also be configured by editing which file?

A. $FWDIR\conf\vpn_route.c
B. $FWDIR\bin\vpn_route.conf
C. $FWDIR\conf\vpn_route.conf
D. $FWDIR\VPN\route_conf.c

Answer: C

QUESTION 176
If both domain-based and route-based VPN's are configured, which will take precedence?

A. Must be chosen/configured manually by the Administrator in the Policy > Global Properties
B. Must be chosen/configured manually by the Administrator in the VPN community object
C. Domain-based
D. Route-based

Answer: C

QUESTION 177
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?

A. They are only supported on the IPSO Operating System.

B. VTIs cannot be assigned a proxy interface.
C. VTIs can only be physical, not loopback.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. Local IP addresses are not configured, remote IP addresses are configured.

Answer: A

QUESTION 178
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?

A. VTIs must be assigned a proxy interface.

B. VTIs can only be physical, not loopback.
C. VTIs are only supported onSecure Platform.
D. Local IP addresses are not configured, remote IP addresses are configured.

Answer: A

QUESTION 179
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?

A. Local IP addresses are not configured, remote IP addresses are configured

B. VTI specific additional local and remote IP addresses are not configured
C. VTIs are only supported onSecure Platform
D. VTIs cannot be assigned a proxy interface

Answer: B

QUESTION 180
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?

A. VTIs are assigned only local addresses, not remote addresses

B. VTIs are only supported on IPSO
C. VTIs cannot share IP addresses
D. VTIs cannot use an already existing physical-interface IP address

Answer: D

QUESTION 181
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?

A. VTIs can use an already existing physical-interface IP address

B. VTIs cannot share IP addresses
C. VTIs are supported on Secure PlatformPro
D. VTIs are assigned only local addresses, not remote addresses

Answer: C

QUESTION 182
When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what
issues need to be considered?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. 1, 3, and 4
B. 2 and 3
C. 1, 2, and 4
D. 1, 2, 3 and 4

Answer: D

QUESTION 183
How do you verify a VPN Tunnel Interface (VTI) is configured properly?

A. vpn shell display <VTI name> detailed

B. vpn shell show <VTI name> detailed
C. vpn shell show interface detailed <VTI name>
D. vpn shell display interface detailed <VTI name>

Answer: C

QUESTION 184
What is used to validate a digital certificate?

A. S/MIME
B. CRL
C. IPsec
D. PKCS

Answer: B

QUESTION 185
Which statement defines Public Key Infrastructure? Security is provided:

A. by Certificate Authorities, digital certificates, and two-way symmetric-key encryption.

B. by Certificate Authorities, digital certificates, and public key encryption.
C. via both private and public keys, without the use of digital Certificates.
D. by authentication.

Answer: B

QUESTION 186
Match the VPN-related terms with their definitions:

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. A-3,B-2, C-1, D-4
B. A-3, B-4, C-1, D-2
C. A-3, B-2, C-4, D-1
D. A-2, B-3, C-4, D-1

Answer: C

QUESTION 187
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an
external partner. Which of the following activities should you do first?

A. Manually import your partner's Access Control List.

B. Manually import your partner's Certificate Revocation List.
C. Exchange exported CA keys and use them to create a new server object to represent your
partner's Certificate Authority (CA).
D. Create a new logical-server object to represent your partner's CA.

Answer: C

QUESTION 188
You want VPN traffic to match packets from internal interfaces.
You also want the traffic to exit the Security Gateway bound for all site-to-site VPN Communities,
including Remote Access Communities. How should you configure the VPN match rule?

A. Communities > Communities

B. internal_clear > All_GwToGw
C. internal_clear > All_communities
D. Internal_clear > External_Clear

Answer: C

QUESTION 189
Which of the following statements is FALSE regarding OSPF configuration on Secure
PlatformPro?

A. router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all
Gateways.
B. router ospf 1 creates the Router ID for the Security Gateway and should be different for all
Gateways.
C. router ospf 1 creates an OSPF routing instance and this process ID should be different for each

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 Security Gateway.
D. router ospf 1 creates an OSPF routing instance and this process ID should be the same on all
Gateways.

Answer: D

QUESTION 190
If you need strong protection for the encryption of user data, what option would be the BEST
choice?

A. When you need strong encryption, IPsec is not the best choice.
SSL VPN's are a better choice.
B. UseDaffier-Hellman for key construction and pre-shared keys for Quick Mode.
Choose SHA in Quick Mode and encrypt with AES.
Use AH protocol. Switch to Aggressive Mode.
C. DisableDiffer-Hellman by using stronger certificate based key-derivation.
Use AES-256 bit on all encrypted channels and add PFS toQuick Mode.
Use double encryption by implementing AH and ESP as protocols.
D. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP
protocol.

Answer: D

QUESTION 191
Review the following list of actions that Security Gateway R76 can take when it controls packets.
The Policy Package has been configured for Simplified Mode VPN.
Select the response below that includes the available actions:

A. Accept, Drop, Encrypt, Session Auth

B. Accept, Drop, Reject, Client Auth
C. Accept, Hold, Reject, Proxy
D. Accept, Reject, Encrypt, Drop

Answer: B

QUESTION 192
Your organization maintains several IKE VPN's. Executives in your organization want to know
which mechanism Security Gateway R76 uses to guarantee the authenticity and integrity of
messages. Which technology should you explain to the executives?

A. Digital signatures
B. Certificate Revocation Lists
C. Key-exchange protocols
D. Application Intelligence

Answer: A

QUESTION 193
There are times when you want to use Link Selection to manage high-traffic VPN connections.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
With Link Selection you can:

A. Probe links for availability.

B. Use links based on Day/Time.
C. Assign links to specific VPN communities.
D. Use links based on authentication method.

Answer: A

QUESTION 194
There are times when you want to use Link Selection to manage high-traffic VPN connections.
With Link Selection you can:

A. Assign links to use Dynamic DNS.

B. Use links based on authentication method.
C. Use links based on Day/Time.
D. Use Load Sharing to distribute VPN traffic.

Answer: D

QUESTION 195
There are times when you want to use Link Selection to manage high-traffic VPN connections.
With Link Selection you can:

A. Assign links to specific VPN communities.

B. Assign links to use Dynamic DNS.
C. Use links based on services.
D. Prohibit Dynamic DNS.

Answer: C

QUESTION 196
There are times when you want to use Link Selection to manage high-traffic VPN connections.
With Link Selection you can:

A. Use links based on Day/Time.

B. Set up links for Remote Access.
C. Assign links to specific VPN communities.
D. Assign links to use Dynamic DNS.

Answer: B

QUESTION 197
What type of object may be explicitly defined as a MEP VPN?

A. Mesh VPN Community

B. Any VPN Community
C. Remote Access VPN Community

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. Star VPN Community

Answer: D

QUESTION 198
MEP VPN's use the Proprietary Probing Protocol to send special UDP RDP packets to port ____
to discover if an IP is accessible.

A. 259
B. 256
C. 264
D. 201

Answer: A

QUESTION 199
Which of the following statements is TRUE concerning MEP VPN's?

A. State synchronization betweenSecurityGateways is required.

B. MEP VPN's are not restricted to the location of the gateways.
C. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the
first connection fail.
D. MEP Security Gateways cannot be managed by separate Management Servers.

Answer: B

QUESTION 200
Which of the following statements is TRUE concerning MEP VPN's?

A. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the
first connection fail.
B. MEP Security Gateways can be managed by separate Management Servers.
C. MEP VPN's are restricted to the location of the gateways.
D. State synchronization betweenSecurityGateways is required.

Answer: B

QUESTION 201
Which of the following statements is TRUE concerning MEP VPN's?

A. State synchronization between Security Gateways is NOT required.

B. MEP Security Gateways cannot be managed by separate Management Servers.
C. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the
first connection fail.
D. MEP VPN's are restricted to the location of the gateways.

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 202
Which of the following statements is TRUE concerning MEP VPN's?

A. MEP Security Gateways cannot be managed by separate Management Servers.

B. MEP VPN's are restricted to the location of the gateways.
C. The VPN Client selects which Security Gateway takes over, should the first connection fail.
D. State synchronizationbetweenSecurityGateways is required.

Answer: C

QUESTION 203
You need to publish GaiA routes using the OSPF routing protocol. What is the correct command
structure, once entering the route command, to implement OSPF successfully?

A. Run cpconfig utility to enable ospf routing

B. ip route ospf
ospf network1
ospf network2
C. Enable
Configure terminal
Router ospf [id]
Network [network] [wildmask] area [id]
D. Use DBedit utility to either the objects_5_0.c file

Answer: C

QUESTION 204
At what router prompt would you save your OSPF configuration?

A. localhost.localdomain(config)#
B. localhost.localdomain(config-if)#
C. localhost.localdomain#
D. localhost.localdomain(config-router-ospf)#

Answer: C

QUESTION 205
What is the router command to save your OSPF configuration?

A. save memory
B. write config
C. save
D. write mem

Answer: D

QUESTION 206
What is the command to show OSPF adjacencies?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. show ospf interface
B. show ospf summary-address
C. show running-config
D. show ip ospf neighbor

Answer: D

QUESTION 207
A VPN Tunnel Interface (VTI) is defined onSecure PlatformPro as:

vpn shell interface add numbered 10.10.0.1 10.10.0.2 madrid.cp

What do you know about this VTI?

A. 10.10.0.1 is the local Gateway's internal interface, and 10.10.0.2 is the internal interface of the
remote Gateway.
B. The peer Security Gateway's name is madrid.cp.
C. The VTI name is madrid.cp.
D. The local Gateway's object name is madrid.cp.

Answer: B

QUESTION 208
Which of the following operating systems support numbered VTI's?

A. Secure PlatformPro
B. Solaris
C. IPSO 4.0 +
D. Windows Server 2008

Answer: A

QUESTION 209
Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?

A. Domain-based VPN
B. Route-based VPN
C. Subnet-based VPN
D. Host-based VPN

Answer: B

QUESTION 210
You have installed Secure Platform R76 as Security Gateway operating system. As company
requirements changed, you need the VTI features of R76. What should you do?

A. Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokia
appliances.
B. In Smart Dashboard click on the OS drop down menu and choose Secure PlatformPro.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 You have to reboot the Security Gateway in order for the change to take effect.
C. Type pro enable on your Security Gateway and reboot it.
D. You have to re-install your Security Gateway withSecure Platform Pro R76, as Secure Platform
R76 does not support VTIs.

Answer: C

QUESTION 211
Which operating system(s) support(s) unnumbered VPN Tunnel Interfaces (VTIs) for route-based
VPN's?

A. Solaris 9 and higher

B. IPSO 3.9 and higher
C. Red Hat Linux
D. Secure Platformfor NGX and higher

Answer: B

QUESTION 212
You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal
network as defined on the Topology tab setting All IP Addresses behind Gateway based on
Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created
static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go
through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?

A. Domain VPN takes precedence over the route-based VTI.

To make the VPN go through VTI, remove the Gateways out of the mesh community and replace
with a star community
B. Route-based VTI takes precedence over the Domain VPN.
Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway
IP.
C. Route-based VTI takes precedence over the Domain VPN.
To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the
VTI address to the peer instead of static routes
D. Domain VPN takes precedence over the route-based VTI.
To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain

Answer: D

QUESTION 213
When configuring a Permanent Tunnel between two gateways in a Meshed VPN community, in
what object is the tunnel managed?

A. VPN Community object

B. Each participating Security Gateway object
C. Security Management Server
D. Only the local Security Gateway object

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: A

QUESTION 214
Which of the following commands would you run to remove site-to-site IKE and IPSec Keys?

A. vpn tu
B. ikeoff
C. vpn export_p12
D. vpn accel off

Answer: A

QUESTION 215
Which of the following log files contains information about the negotiation process for encryption?

A. ike.elg
B. iked.elg
C. vpnd.elg
D. vpn.elg

Answer: A

QUESTION 216
Which of the following log files contains verbose information regarding the negotiation process
and other encryption failures?

A. iked.elg
B. ike.elg
C. vpn.elg
D. vpnd.elg

Answer: D

QUESTION 217
What is the most common cause for a Quick mode packet 1 failing with the error "No Proposal
Chosen" error?

A. The OS and patch level of one gateway does not match the other.
B. The previously established Permanent Tunnel has failed.
C. There is a network connectivity issue.
D. The encryption strength and hash settings of one peer does not match the other.

Answer: D

QUESTION 218
Which component receives events and assigns severity levels to the events; invokes any defined
automatic reactions, and adds the events to the Events Data Base?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Smart EventAnalysisData Server
B. Smart EventClient
C. Smart EventCorrelation Unit
D. Smart EventServer

Answer: D

QUESTION 219
The ______________ contains the Events Data Base.

A. Smart EventClient
B. Smart EventCorrelation Unit
C. Smart EventData Server
D. Smart EventServer

Answer: D

QUESTION 220
TheSmartEvent Correlation Unit:

A. adds events to the events database.

B. assigns a severity level to an event.
C. analyzes each IPS log entry as it enters the Log server.
D. displays the received events.

Answer: C

QUESTION 221
The SmartEvent Server:

A. analyzes each IPS log entry as it enters the Log server.

B. displays the received events.
C. forwards what is known as an event to the SmartEvent Server.
D. assigns a severity level to an event.

Answer: D

QUESTION 222
The SmartEvent Client:

A. analyzes each IPS log entry as it enters the Log server.

B. displays the received events.
C. adds events to the events database.
D. assigns a severity level to an event.

Answer: B

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 223
The SmartEvent Correlation Unit:

A. adds events to the events database.

B. displaya the received events.
C. looks for patterns according to the installed Event Policy.
D. assigns a severity level to an event.

Answer: C

QUESTION 224
The SmartEvent Correlation Unit:

A. adds events to the events database.

B. assigns a severity level to an event.
C. forwards what is identified as an event to the Smart Eventserver.
D. displays the received events.

Answer: C

QUESTION 225
The SmartEvent Server:

A. displays the received events

B. adds events to the events database
C. invokes defined automatic reactions
D. analyzes each IPS log entry as it enters the Log server

Answer: C

QUESTION 226
What are the 3 main components of the SmartEvent Software Blade?

A. i. ii.iii
B. iv, v, vi
C. i, iv, v
D. i, iii, iv

Answer: C

QUESTION 227

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
How many Events can be shown at one time in the Event preview pane?

A. 5,000
B. 30,000
C. 15,000
D. 1,000

Answer: B

QUESTION 228
You are reviewing computer information collected in ClientInfo. You can NOT:

A. Enter new credential for accessing the computer information.

B. Save the information in the active tab to an .exe file.
C. Copy the contents of the selected cells.
D. Run Google.com search using the contents of the selected cell.

Answer: B

QUESTION 229
Which of the following is NOT a SmartEvent Permission Profile type?

A. Events Database
B. View
C. No Access
D. Read/Write

Answer: B

QUESTION 230
What is the SmartEvent Correlation Unit's function?

A. Assign severity levels to events.

B. Display received threats and tune the Events Policy.
C. Analyze log entries, looking for Event Policy patterns.
D. Invoke and define automatic reactions and add events to the database.

Answer: C

QUESTION 231
What is the SmartEvent Analyzer's function?

A. Assign severity levels to events.

B. Analyze log entries, looking for Event Policy patterns.
C. Display received threats and tune the Events Policy.
D. Generate a threat analysis report from the Analyzer database.

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 232
What is the SmartEvent Client's function?

A. Display received threats and tune the Events Policy.

B. Generate a threat analysis report from the Reporter database.
C. Invoke and define automatic reactions and add events to the database.
D. Assign severity levels to events.

Answer: A

QUESTION 233
A tracked SmartEvent Candidate in a Candidate Pool becomes an Event.
What does NOT happen in the Analyzer Server?

A. SmartEvent provides the beginning and end time of the Event.

B. The Correlation Unit keeps adding matching logs to the Event.
C. The Event is kept open, but condenses many instances into one Event.
D. SmartEvent stops tracking logs related to the Candidate.

Answer: D

QUESTION 234
How many pre-defined exclusions are included by default in SmartEvent R76 as part of the
product installation?

A. 3
B. 0
C. 5
D. 10

Answer: A

QUESTION 235
What is the purpose of the pre-defined exclusions included with SmartEvent R76?

A. To avoid incorrect event generation by the default IPS event definition;

a scenario that may occur in deployments that include Security Gateways of versions prior to
R71.
B. To allow SmartEvent R76 to function properly with all other R71 devices.
C. To give samples of how to write your own exclusion.
D. As a base for starting and building exclusions.

Answer: A

QUESTION 236
What is the benefit to running SmartEvent in Learning Mode?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. There is no SmartEvent Learning Mode
B. To run SmartEvent with preloaded sample data in a test environment
C. To run SmartEvent, with a step-by-step online configuration guide for training/setup purposes
D. To generate a report with system Event Policy modification suggestions

Answer: D

QUESTION 237
______________ is NOT an SmartEvent event-triggered Automatic Reaction.

A. SNMP Trap
B. Mail
C. Block Access
D. External Script

Answer: C

QUESTION 238
For best performance in Event Correlation, you should use:

A. IP address ranges
B. Large groups
C. Nothing slows down Event Correlation
D. Many objects

Answer: A

QUESTION 239
What access level cannot be assigned to an Administrator in SmartEvent?

A. No Access
B. Write only
C. Read only
D. Events Database

Answer: B

QUESTION 240
_______________ manages Standard Reports and allows the administrator to specify automatic
uploads of reports to a central FTP server.

A. SmartDashboard Log Consolidator

B. SmartReporter
C. Security Management Server
D. SmartReporter Database

Answer: B

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 241
_____________ generates a SmartEvent Report from its SQL database.

A. Smart EventClient
B. Security Management Server
C. Smart Reporter
D. Smart DashboardLog Consolidator

Answer: C

QUESTION 242
Which Smart Reporter report type is generated from the Smart View Monitor history file?

A. Custom
B. Express
C. Traditional
D. Standard

Answer: B

QUESTION 243
Which Check Point product is used to create and save changes to a Log Consolidation Policy?

A. SmartReporter Client
B. Security Management Server
C. SmartDashboard Log Consolidator
D. SmartEvent Server

Answer: C

QUESTION 244
Which Check Point product implements a Consolidation Policy?

A. SmartReporter
B. SmartView Monitor
C. SmartLSM
D. SmartView Tracker

Answer: A

QUESTION 245
You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event
when 30 port scans have occurred within 60 seconds. You also want to detect two port scans
from a host within 10 seconds of each other. How would you accomplish this?

A. Define the two port-scan detections as an exception.

B. Select the two port-scan detections as a new event.
C. Select the two port-scan detections as a sub-event.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.

Answer: A

QUESTION 246
When do modifications to the Event Policy take effect?

A. When saved on the Correlation Units, and pushed as a policy.

B. As soon as the Policy Tab window is closed.
C. When saved on the SmartEvent Client, and installed on the SmartEvent Server.
D. When saved on the SmartEvent Server and installed to the Correlation Units.

Answer: D

QUESTION 247
To back up all events stored in the SmartEvent Server, you should back up the contents of which
folder(s)?

A. $RTDIR/distrib
B. $RTDIR/distrib_db and $FWDIR/events
C. $RTDIR/distrib and $RTDIR/events_db
D. $RTDIR/events_db

Answer: C

QUESTION 248
To clean the system of all events, you should delete the files in which folder(s)?

A. $RTDIR/distrib and $RTDIR/events_db

B. $RTDIR/events_db
C. $FWDIR/distrib_db and $FWDIR/events
D. $FWDIR/distrib

Answer: A

QUESTION 249
What Smart Console application allows you to change the Log Consolidation Policy?

A. Smart Dashboard
B. Smart Reporter
C. Smart Update
D. Smart Event Server

Answer: B

QUESTION 250
Where is it necessary to configure historical records in Smart View Monitor to generate Express
reports in SmartReporter?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. In SmartViewMonitor, under Global Properties > Log and Masters
B. In SmartReporter, under Express > Network Activity
C. In SmartDashboard, the Smart View Monitor page in the R76 Security Gateway object
D. In SmartReporter, under Standard > Custom

Answer: C

QUESTION 251
In a UNIX environment, Smart Reporter Data Base settings could be modified in:

A. $FWDIR/Eventia/conf/ini.C
B. $RTDIR/Database/conf/my.cnf
C. $CPDIR/Database/conf/conf.C
D. $ERDIR/conf/my.cnf

Answer: B

QUESTION 252
In a Windows environment, SmartReporter Data Base settings could be modified in:

A. %RTDIR%\Database\conf\my.ini
B. $ERDIR/conf/my.cnf
C. $CPDIR/Database/conf/conf.C
D. $FWDIR/Eventia/conf/ini.C

Answer: A

QUESTION 253
Which specific R76 GUI would you use to view the length of time a TCP connection was open?

A. SmartView Tracker
B. SmartView Status
C. SmartReporter
D. SmartView Monitor

Answer: A

QUESTION 254
Which of the following manages Standard Reports and allows the administrator to specify
automatic uploads of reports to a central FTP server?

A. Smart Dashboard Log Consolidator

B. Security Management Server
C. Smart Reporter Database
D. Smart Reporter

Answer: D

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 255
What is a task of the SmartEvent Correlation Unit?

A. Add events to the events database.

B. Look for patterns according to the installed Event Policy.
C. Assign a severity level to an event
D. Display the received events.

Answer: B

QUESTION 256
Based on the following information, which of the statements below is FALSE?

A DLP Rule Base has the following conditions:

Data Type =Password Protected File
Source=My Organization
Destination=Outside My Organization
Protocol=Any
Action=Ask User
Exception: Data Type=Any,
Source=Research and Development (R&D)
Destination=Pratner1.com
Protocol=Any

All other rules are set to Detect.User Checkis enabled and installed on all client machines.

A. When a user from R&D sends an e-mail with a password protected PDF file as an attachment to
xyz@partner1 .com, he will be prompted byUser Check.
B. When a user from Finance sends an e-mail with an encrypted ZIP file as an attachment to.
He will be prompted byUser Check.
C. Another rule is added: Source = R&D, Destination = partner1.com, Protocol = Any, Action =
Inform. When a user from R&D sends an e-mail with an encrypted ZIP file as an attachment to,
he will be prompted byUser Check.
D. When a user from R&D sends an e-mail with an encrypted ZIP file as an attachment to , he will
NOT be prompted byUser Check.

Answer: B

QUESTION 257
You use the snapshot feature to store your Connecter SSL VPN configuration.
What do you expect to find?

A. Nothing; snapshot is not supported in Connector SSL VPN.

B. The management configuration of the current product, on a management or stand-alone machine
C. A complete image of the local file system
D. Specified directories of the local file system.

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 258
When running DLP Wizard for the first time, which of the following is a mandatory configuration?

A. Mail Server
B. E-mail Domain in My Organization
C. DLP Portal URL
D. Active Directory

Answer: B

QUESTION 259
When using Connecter with Endpoint Security Policies, what option is not available when
configuring DAT enforcement?

A. Maximum DAT file version

B. Maximum DAT file age
C. Minimum DAT file version
D. Oldest DAT file timestamp

Answer: A

QUESTION 260
Which specific R76 GUI would you use to view the length of time a TCP connection was open?

A. Smart Reporter
B. Smart View Monitor
C. Smart View Status
D. Smart View Tracker

Answer: D

QUESTION 261
What is not available for Express Reports compared to Standard Reports?

A. Filter
B. Period
C. Content
D. Schedule

Answer: A

QUESTION 262
Based on the following information, which of the statements below is TRUE?

A DLP Rule Base has the following conditions:

Data Type = Large file (> 500KB)
Source = My Organization
Destination = Free Web Mails
Protocol = Any

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Action = Ask User

All other rules are set to Detect.User Checkis enabled and installed on all client machines.

A. When a user uploads a 600 KB file to his Yahoo account via Web Mail (via his browser), he will
be prompted byUser Check
B. When a user sends an e-mail with a small body and 5 attachments, each of 200 KB to, he will be
prompted byUser Check.
C. When a user sends an e-mail with an attachment larger than 500 KB to, he will be prompted
byUser Check.
D. When a user sends an e-mail with an attachment larger than 500KB to, he will be prompted
byUser Check.

Answer: A

QUESTION 263
Which of the following statements is FALSE about the DLP Software Blade and Active Directory
(AD) or LDAP?

A. When a user authenticates in the DLP Portal to view all his unhandled incidents, the portal
authenticates the user using only AD/LDAP.
B. Check PointUser Checkclient authentication is based on AD.
C. For SMTP traffic, each recipient e-mail address is translated using AD/LDAP to a user name and
group that is checked vs. the destination column of the DLP rule base.
D. For SMTP traffic, the sender e-mail address is translated using AD/LDAP to a user name and
group that is checked vs. the source column of the DLP rule base.

Answer: A

QUESTION 264
You are running R71 and using the new IPS Software Blade.
To maintain the highest level of security, you are doing IPS updates regularly.
What kind of problems can be caused by the automatic updates?

A. None; updates will not add any new security checks causing problematicbehavioron the systems.
B. None, all new updates will be implemented in Detect only mode to avoid unwanted traffic
interruptions. They have to be activated manually later.
C. None, all the checks will be activated from the beginning, but will only detect attacks and not
disturb any non-malicious traffic in the network.
D. All checks will be activated from the beginning and might cause unwanted traffic outage due to
false positives of the new checks and non-RFC compliant self-written applications.

Answer: B

QUESTION 265
Given the following protection detailed and the enforcing gateways list, is the Tool many DNS
queries with the RD flag set protection enabled on the Gateway R76?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Please choose the answer with the correct justification.

A. yes because it is set to prevent on the Default_Protrction, which R76 gateway has applied.
B. No because the protection is only supported on IPS-1 Sensor
C. No enough information to determine one way or other

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. No, because the Too many DNS queries with the flag set protection is not a valid protection in
R76

Answer: B

QUESTION 266
Which of the following deployment scenarios CANNOT be managed by Check Point QoS?

A. Two lines connected to a single router, and the router is connected directly to the Gateway
B. Two lines connected to separate routers, and each router is connected to separate interfaces on
the Gateway
C. One LAN line and one DMZ line connected to separate Gateway interfaces
D. Two lines connected directly to the Gateway through a hub

Answer: A

QUESTION 267
Which technology is responsible for assembling packet streams and passing ordered data to the
protocol parsers in IPS?

A. Pattern Matcher
B. Content Management Infrastructure
C. Accelerated INSPECT
D. Packet Streaming Layer

Answer: D

QUESTION 268
You configure a Check Point QoS Rule Base with two rules:

an H.323 rule with a weight of 10, and the Default Rule with a weight of 10.

The H.323 rule includes a per-connection guarantee of 384 Kbps. and a per-connection limit of
512 Kbps. The per-connection guarantee is for four connections, and no additional connections
are allowed in the Action properties. If traffic is passing through the QoS Module matches both
rules, which of the following statements is TRUE?

A. Each H.323 connection will receive at least 512 Kbps of bandwidth.

B. The H.323 rule will consume no more than 2048 Kbps of available bandwidth.
C. 50% of available bandwidth will be allocated to the Default Rule.
D. Neither rule will be allocated more than 10% of available bandwidth.

Answer: B

QUESTION 269
Which of the following is the default port for Management Portal?

A. 4434
B. 443

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. 444
D. 4433

Answer: D

QUESTION 270
How is SmartWorkflow enabled?

A. In SmartView Monitor, click on Smart Workflow/ Enable SmartWorkflow.

The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode.
Once a mode is selected, the wizard finishes.
B. In SmartViewTracker, click on Smart Workflow/ Enable SmartWorkflow.
The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode
Once a mode is selected, the wizard finishes.
C. In SmartDashboard, click on Smart Workflow/ Enable SmartWorkflow.
The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode.
Once a mode is selected, the wizard finishes.
D. In SmartEvent, click on Smart Workflow/ Enable SmartWorkflow.
The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode.
Once a mode is selected, the wizard finishes.

Answer: C

QUESTION 271
What could the following regular expression be used for in a DLP rule?

\$([0-9]*,[0-9] [0-9] [0-9]. [0-9] [0-9]

Select the best answer

A. As a Data Type to prevent programmers from leaking code outside the company
B. As a compound data type representation.
C. As a Data Type to prevent employees from sending an email that contains a complete price-list of
nine products.
D. As a Data Type to prevent the Finance Department from leaking salary information to employees

Answer: D

QUESTION 272
UserA is able to create a SmartLSM Security Cluster Profile , you must select the correct
justification.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. False. The user must have at least Read permissions for the SmartLSM Gateways Database
B. True Only Object Database Read/Write permissions are required to create SmartLSM Profiles
C. False The user must have Read/Write permissions for the SmartLSM Gateways Database.
D. Not enough information to determine.
You must know the user's Provisioning permissions to determine whether they are able to create
a SmartLSM Security Cluster Profile

Answer: D

QUESTION 273
Which Check Point QoS feature is used to dynamically allocate relative portions of available
bandwidth?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Guarantees
B. Weighted Fair Queuing
C. Low Latency Queuing
D. Differentiated Services

Answer: B

QUESTION 274
John is the MegaCorp Security Administrator, and is using Check Point R71. Malcolm is the
Security Administrator of a partner company and is using a different vendor's product and both
have to build a VPN tunnel between their companies. Both are using clusters with Load Sharing
for their firewalls and John is using ClusterXL as a Check Point clustering solution.
While trying to establish the VPN, they are constantly noticing problems and the tunnel is not
stable and then Malcolm notices that there seems to be 2 SPIs with the same IP from the Check
Point site. How can they solve this problem and stabilize the tunnel?

A. This can be solved by running the command Sticky VPN on the Check Point CLI.
This keeps the VPN Sticky to one member and the problem is resolved.
B. This is surely a problem in the ISPs network and not related to the VPN configuration.
C. This can be solved when using clusters; they have to use single firewalls.
D. This can easily be solved by using the Sticky decision function in ClusterXL.

Answer: D

QUESTION 275
Laura notices the Microsoft Visual Basic Bits Protection is set to inactive. She wants to set the
Microsoft Visual Basic Kill Bits Protection and all other Low Performance Impact Protections to
Prevent. She asks her manager for approval and stated she can turn theses on.
But he wants Laura to make sure no high Performance Impacted Protections are turned on while
changing this setting.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Using the out below, how would Laura change the Default_Protection on Performance Impact
Protections classified as low from inactive to prevent until meeting her other criteria?

A. Go to Profiles / Default_Protection and uncheck Do not activate protections with performance

impact to medium or above
B. Go to Profiles / Default_Protection and select Do not activate protections with performance impact
to low or above
C. Go to Profiles / Default_Protection and select Do not activate protections with performance impact
to medium or above
D. Go to Profiles / Default_Protection and uncheck Do not activate protections with performance
impact to high or above

Answer: C

QUESTION 276
The following graphic illustrates which command being issued on SecurePlatform?

A. The administrator will have to open the old session and make the changes, no note is added
automatically, however, the manager adds his notes stating the changes required.
B. The same session is modified with a note automatically added stating under repair.
C. The old status is removed and a new session is created with the same name, but with a note
stating new session after repair.
D. A new session is created by the name Repairing Session <old id> and the old session status is

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 updated to Repaired with a note stating Repaired by Session < new id>

Answer: D

QUESTION 277
Refer to the to the network topology below.

You have IPS software Blades active on security Gateways sglondon, sgla, and sgny, but still
experience attacks on the Web server in the New York DMZ. How is this possible?

A. All of these options are possible.

B. Attacker may have used a touch of evasion techniques like using escape sequences instead of
clear text commands. It is also possible that there are entry points not shown in the network
layout, like rouge access points.
C. Since other Gateways do not have IPS activated, attacks may originate from their networks
without any noticing
D. An IPS may combine different technologies, but is dependent on regular signature updates and
well-turned automatically algorithms.
Even if this is accomplished, no technology can offer 100% protection.

Answer: A

QUESTION 278
How is change approved for implementation in SmartWorkflow?

A. The change is submitted for approval and is automatically installed by the approver once Approve
is clicked

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. The change is submitted for approval and is automatically installed by the original submitter the
next time he logs in after approval of the 3nge
C. The change is submitted for approval and is manually installed by the original submitter the next
time he logs in after approval of the change.
D. The change is submitted for approval and is manually installed by the approver once Approve is
clicked

Answer: C

QUESTION 279
Provisioning Profiles can NOT be applied to:

A. UTM-1 EDGE Appliances

B. UTM-1 Appliances
C. IP Appliances
D. Power-1 Appliances

Answer: C

QUESTION 280
What is the lowest possible version a Security Gateway may be running in order to use it as an
LSM enabled Gateway?

A. NG-AI R55 HFAJ7

B. NGX R60
C. NGXR65HFA_50
D. NGX R71

Answer: A

QUESTION 281
One profile in SmartProvisioning can update:

A. Potentially hundreds and thousands of gateways.

B. Only Clustered Gateways.
C. Specific gateways.
D. Profiles are not used for updating, just reporting.

Answer: A

QUESTION 282
Check Point recommends deploying SSL VPN:

A. In parallel to the firewall

B. In a DMZ
C. In front of the firewall with a LAN connection
D. On the Primary cluster member

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 283
What are the SmartProvisioning Provisioning Profile indicators?

A. OK, Needs Attention, Uninitialized, Unknown

B. OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown
C. OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date
D. OK, In Use. Out of date, not used

Answer: B

QUESTION 284
Which of the following can NOT be modified by editing the cp_httpd_admin.conf file?

A. Toggling HTTP or HTTPS protocol use

B. The web server port
C. Modifying Web server certificate attributes
D. Administrative Access Level

Answer: D

QUESTION 285
SmartWorkflow has been enabled with the following configuration:
If a security administrator opens a new session and after making changes to policy, submits the
session for approval will be displayed as:

A. Approved
B. In progress
C. Not Approved
D. Awaiting Approval

Answer: B

QUESTION 286
If traffic requires preferential treatment by other routers on the network, in addition to the QoS
module, which Check Point QoS feature should be used?

A. Guarantees
B. Differentiated Services
C. Weighted Fair Queuing
D. Low Latency Queuing

Answer: B

QUESTION 287
In Company XYZ, the DLP Administrator defined a new Keywords Data Type that contains a list
of secret project names; i.e., Ayalon, Yarkon, Yarden. The threshold is set to At least 2 keywords
or phrases. Based on this information, which of the following scenarios will be a match to the Rule

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Base?

A. A PDF file that contains the following text

Yarkon1 can be the code name for the new product.
Yardens list of protected sites
B. An MS Excel file that contains the following text Mort resources for Yarkon project..
Are you certain this is about Yarden?
C. A word file that contains the following text will match:
Ayalon
ayalon
AYALON
D. A password protected MS Excel file that contains the following text Ayalon
Yarkon
Yarden

Answer: B

QUESTION 288
Which Name Resolution protocols are supported in SSL VPN?

A. DNS, hosts, Imhosts, WINS

B. DNS, hosts, Imhosts
C. DNS, hosts, WINS
D. DNS, hosts

Answer: D

QUESTION 289
Which statement about LDAP and Active Directory (AD) with SSL VPN is TRUE?

A. SSL VPN does not support LDAP password remediation.

B. SSL VPN is capable of administering or creating users and groups directly on an LDAP server.
C. SSL VPN never stores the user records of LDAP/AD groups.
D. By default. SSL VPN sends username and password credentials to LDAP servers in UTF-8
encoding

Answer: B

QUESTION 290
Which Check Point QoS feature marks the ToS byte in the IP header?

A. Differentiated Services
B. Guarantees
C. Weighted Fair Queuing
D. Low Latency Queuing

Answer: A

QUESTION 291

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
How does ClusterXL Unicast mode handle new traffic?

A. All members receive all packets.

The Security Management Server decides which member will process the packets.
Other members delete the packets from memory.
B. The pivot machine receives and inspects all new packets then synchronizes the connections with
other members
C. The pivot machine receives all the packets and runs an algorithm to determine which member
should process the packets
D. All cluster members' process all packets and members synchronize with each other.
The pivot is responsible for the master sync catalog

Answer: C

QUESTION 292
Which of the following explains Role Segregation?

A. Administrators have different abilities than managers within SmartWorkflow.

B. Different tasks within SmartDashboard are divided according to firewall administrator
permissions.
C. Changes made by an administrator in a SmartWorkflow session must have managerial approval
prior to commitment.
D. SmartWorkflow can be configured so that managers can only view their assigned sessions

Answer: C

QUESTION 293
A user cannot authenticate to SSL VPN. You have verified the user is assigned a user group and
reproduced the problem, confirming a failed-login session. You do not see an indication of this
attempt in the traffic log. The user is not using a client certificate for login.
To debug this error, where in the authentication process could the solution be found?

A. apache
B. admin
C. cvpnd
D. cpauth

Answer: C

QUESTION 294
Which Protection Mode does not exist in IPS?

A. Allow
B. Detect
C. Prevent
D. Inactive

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 295
Using SmartProvisioning Profiles, which of the following could be configured for bothSecure
PlatformAND UTM-1 Edge devices?

(i) Backup
(ii) Routing
(iii) Interfaces
(iv) Hosts
(v) NTP server
(vi) DNS

A. (ii), (iii), (iv) and (vi)

B. (i), (iii), (iv) and (vi)
C. none of these options are available for both.
D. (i), (ii) and (iv)

Answer: C

QUESTION 296
Which of the following actions is most likely to improve the performance of Check Point QoS?

A. Put the most frequently used rules at the bottom of the QoS Rule Base.
B. Define Check Point QoS only on the external interfaces of the QoS Module.
C. Turn per rule limits into per connection limits
D. Turn per rule guarantees into per connection guarantees.

Answer: B

QUESTION 297
Where is the encryption domain for a SmartLSM Security Gateway configured in R71?

A. Inside the SmartLSM Security Gateway object in the SmartDashboard GUI

B. Inside the SmartLSM Security Gateway profile in the SmartProvisioning GUI
C. Inside the SmartLSM Security Gateway object in the SmartProvisioning GUI
D. Inside the SmartLSM Security Gateway profile in the SmartDashboard GUI

Answer: B

QUESTION 298
John is the MultiCorp Security Administrator. If he suggests a change in the firewall configuration,
he must submit his proposal to David, a security manager. One day David is out of the office and
john submits his proposal to peter. Surprisingly, Peter is not able to approve the proposal
because the system does not permit him to do so?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Both David and Peter have accounts as administrators in the Security Management server and
both have the Read/Write ALL permission. What is the reason for this difference?

A. There were some Hardware/Software issues at Security Management server on the first day.
B. Peter was no logged on to system for a longer time
C. The attribute Manage Administrator was not assigned to Peter
D. The specific SmartWorkflow read/Write permission were assigned to David only.

Answer: C

QUESTION 299
What is NOT true about Management Portal?

A. Choosing Accept control connections in Implied Rules includes Management Portal access

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. Management Portal requires a license
C. Default Port for Management Portal access is 4433
D. Management Portal could be reconfigured for using HTTP instead of HTTPS

Answer: A

QUESTION 300
Mark the configuration options that are available for Data Loss Prevention in R71.

A. The DLP Gateway running only the Management Server on the same machine.
B. The DLP Gateway running only the Firewall Software Blade
C. The DLP as an integrated software blade which can be enabled on a Check Point Security
Gateway running other software blades such as firewall, IPS and Management.
D. A Dedicated DLP Gateway running only the DLP Software Blade.

Answer: D

QUESTION 301
What is the advantage for deploying SSL VPN in a DMZ, versus a LAN?

A. SSL VPN adds another layer of access security to internal resources, when it resides in a DMZ.
B. SSL Network Extender is ineffective in a LAN deployment.
C. Traffic is in clear text when forwarded to internal servers, but the back connection is encrypted for
remote users
D. Traffic is authenticated without hiding behind Connectra's IP address

Answer: A

QUESTION 302
Management Portal should be installed on:

(i) Management Server

(ii) Security Gateway
(iii) Dedicated Server

A. All are possible solutions

B. (ii) only
C. (iii) only
D. (i) or (ii) only

Answer: D

QUESTION 303
To change the default port of the Management Portal:

A. Edit the masters. conf file on the Portal server.

B. Modify the file cp_httpd_admin .conf.
C. Run sysconfig and change the management interface
D. Re-initialize SIC

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: B

QUESTION 304
What port is used for Administrator access for your SSL VPN?

A. 80
B. 4433
C. 4434
D. 443

Answer: B

QUESTION 305
Math the SmartDashboard session status icons with the appropriate SmartWorkflow session
status:

A. 1-A, 2-B, 3-C, 4-D, 5-E

B. 1-B, 2-A, 3-D, 4-E, 5-C
C. 1-C, 2-B, 3-A, 4-D, 5-E
D. 1-E, 2-D, 3-C, 4-B, 5-A

Answer: B

QUESTION 306
What is the command to upgrade a SecurePlatform NG with Application Intelligence (Al) R55
SmartCenter Server to VPN-1 NGX using a CD?

A. cd patch add
B. fwm upgrade_tool
C. cppkg add
D. patch add
E. patch add cd

Answer: E

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 307
You have a production implementation of Management High Availability, at version VPN-1 NG
with Application Intelligence R55.
You must upgrade your two SmartCenter Servers to VPN-1 NGX. What is the correct procedure?

A. 1. Synchronize the two SmartCenter Servers.

2. Upgrade the secondary SmartCenter Server.
3. Upgrade the primary SmartCenter Server.
4. Configure both SmartCenter Server host objects version to VPN-1 NGX.
5. Synchronize the Servers again.
B. 1. Synchronize the two SmartCenter Servers.
2. Perform an advanced upgrade on the primary SmartCenter Server.
3. Upgrade the secondary SmartCenter Server.
4. Configure both SmartCenter Server host objects to version VPN-1 NGX.
5. Synchronize the Servers again.
C. 1. Perform an advanced upgrade on the primary SmartCenter Server.
2. Configure the primary SmartCenter Server host object to version VPN-1 NGX.
3. Synchronize the primary with the secondary SmartCenter Server.
4. Upgrade the secondary SmartCenter Server.
5. Configure the secondary SmartCenter Server host object to version VPN-1 NGX.
6. Synchronize the Servers again.
D. 1. Synchronize the two SmartCenter Servers.
2. Perform an advanced upgrade on the primary SmartCenter Server.
3. Configure the primary SmartCenter Server host object to version VPN-1 NGX.
4. Synchronize the two Servers again.
5. Upgrade the secondary SmartCenter Server.
6. Configure the secondary SmartCenter Server host object to version VPN-1 NGX.
7. Synchronize the Servers again.

Answer: B

QUESTION 308
You set up a mesh VPN Community, so your internal networks can access your partner's
network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN
tunnel. All other traffic among your internal and partner networks is sent in clear text.
How do you configure the VPN Community?

A. Disable "accept all encrypted traffic", and put FTP and HTTP in the Excluded services in the
Community object.
Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN
field.
B. Disable "accept all encrypted traffic" in the Community, and add FTP and HTTP services to the
Security Policy, with that Community object in the VPN field.
C. Enable "accept all encrypted traffic", but put FTP and HTTP in the Excluded services in the
Community.
Add a rule in the Security Policy, with services FTP and http, and the Community object in the
VPN field.
D. Put FTP and HTTP in the Excluded services in the Community object.
Then add a rule in the Security Policy to allow Any as the service, with the Community object in
the VPN field.

Answer: B

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 309
How does a standby SmartCenter Server receive logs from all Security Gateways, when an
active SmartCenter Server fails over?

A. The remote Gateways must set up SIC with the secondary SmartCenter Server, for logging.
B. Establish Secure Internal Communications (SIC) between the primary and secondary Servers.
The secondary Server can then receive logs from the Gateways, when the active Server fails
over.
C. On the Log Servers screen (from the Logs and Masters tree on the gateway object's General
Properties screen), add the secondary SmartCenter Server object as the additional log server.
Reinstall the Security Policy.
D. Create a Check Point host object to represent the standby SmartCenter Server.
Then select "Secondary SmartCenter Server" and Log Server", from the list of Check Point
Products on the General properties screen.
E. The secondary Server's host name and IP address must be added to the Masters file, on the
remote Gateways.

Answer: C

QUESTION 310
You want only RAS signals to pass through H.323 Gatekeeper and other H.323 protocols,
passing directly between end points.
Which routing mode in the VoIP Domain Gatekeeper do you select?

A. Direct
B. Direct and Call Setup
C. Call Setup
D. Call Setup and Call Control

Answer: A

QUESTION 311
Which component functions as the Internal Certificate Authority for VPN-1 NGX?

A. VPN-1 Certificate Manager

B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway

Answer: B

QUESTION 312
You are configuring the VoIP Domain object for a Skinny Client Control Protocol (SCCP)
environment protected by VPN-1 NGX. Which VoIP Domain object type can you use?

A. CallManager
B. Gatekeeper

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. Gateway
D. Proxy
E. Transmission Router

Answer: A

QUESTION 313
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure
Configuration Verification status?

A. ICMP Port Unreachable

B. TCP keep alive
C. IKE Key Exchange
D. ICMP Destination Unreachable
E. UDP keep alive

Answer: E

QUESTION 314
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with
hosts in the external_net and internal_net from the Internet.
How is the Security Gateway VPN Domain created?

A. Internal Gateway VPN Domain = internal_net;

External VPN Domain = external net + external gateway object + internal_net.
B. Internal Gateway VPN Domain = internal_net.
External Gateway VPN Domain = external_net + internal gateway object
C. Internal Gateway VPN Domain = internal_net;
External Gateway VPN Domain = internal_net + external_net
D. Internal Gateway VPN Domain = internal_net.
External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 315
Which Security Servers can perform Content Security tasks, but CANNOT perform authentication
tasks?

A. Telnet
B. FTP
C. SMTP
D. HTTP

Answer: C

QUESTION 316
A cluster contains two members, with external interfaces 172.28.108.1 and 172.28.108.2. The
internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster's IP address is 172.28.108.3,
and the internal cluster's IP address is 10.4.8.3. The synchronization interfaces are 192.168.1.1
and 192.168.1.2. The Security Administrator discovers State Synchronization is not working
properly, cphaprob if command output displays as follows:
What is causing the State Synchronization problem?

A. Another cluster is using 192.168.1.3 as one of the unprotected interfaces.

B. Interfaces 192.168.1.1 and 192.168.1.2 have defined 192.168.1.3 as a sub. interface.
C. The synchronization interface on the cluster member object's Topology tab is enabled with
"Cluster Interface". Disable this interface.
D. The synchronization network has a cluster, with IP address 192.168.1.3 defined in the gateway-
cluster object. Remove the 192.168.1.3 VIP interface from the cluster topology.

Answer: D

QUESTION 317
How can you completely tear down a specific VPN tunnel in an intranet IKE VPN deployment?

A. Run the command vpn tu on the Security Gateway, and choose the option "Delete all IPSec+IKE
SAs for ALL peers and users".
B. Run the command vpn tu on the SmartCenter Server, and choose the option "Delete all
IPSec+IKE SAs for ALL peers and users".
C. Run the command vpn tu on the Security Gateway, and choose the option "Delete all IPSec+IKE
SAs for a given peer (GW)".
D. Run the command vpn tu on the Security Gateway, and choose the option "Delete all IPSec SAs
for a given user (Client)".
E. Run the command vpn tu on the Security Gateway, and choose the option "Delete all IPSec SAs
for ALL peers and users".

Answer: C

QUESTION 318
How can you prevent delay-sensitive applications, such as video and voice traffic, from being
dropped due to long queue using Check Point QoS solution?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Weighted Fair queuing
B. guaranteed per connection
C. Low latency class
D. guaranteed per VoIP rule

Answer: C

QUESTION 319
Stephanie wants to reduce the encryption overhead and improve performance for her mesh VPN
Community. The Advanced VPN Properties screen below displays adjusted page settings:

What can Stephanie do to achieve her goal?

A. Check the box "Use Perfect Forward Secrecy"

B. Change the setting "Use DiffiE. Hellman group" to "Group 5 (1536 bit)"
C. Check the box "Use aggressive mode"
D. Check the box "Support IP compression"
E. Reduce the setting "Renegotiate IKE security associations every" to "720"

Answer: D

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 320
You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX.
You have five systems to choose from for the new Gateway, and you must conform to the
following requirements:

Operating-system vendor's license agreement

Check Point's license agreement
Minimum operating-system hardware specification
Minimum Gateway hardware specification
Gateway installed on a supported operating system (OS)

Which machine meets ALL of the following requirements?

A. Processor: 1.1 GHz RAM: 512MB Hard disk: 10 GB OS: Windows 2000 Workstation
B. Processor: 2.0 GHz RAM: 512MB Hard disk: 10 GB OS: Windows ME
C. Processor: 1.5 GHz RAM: 256 MB Hard disk: 20 GB OS: Red Hat Linux 8.0
D. Processor: 1.67 GHz RAM: 128 MB Hard disk: 5 GB OS: FreeBSD
E. Processor: 2.2 GHz RAM: 256 MB Hard disk: 20 GB OS: Windows 2000 Server

Answer: E

QUESTION 321
Jerry is concerned that a denial-oF. service (DoS) attack may affect his VPN Communities. He
decides to implement IKE DoS protection. Jerry needs to minimize the performance impact of
implementing this new protection.
Which of the following configurations is MOST appropriate for Jerry?

A. Set Support IKE DoS protection from identified source to "Puzzles", and Support IKE DoS
protection from unidentified source to "Stateless".
B. Set Support IKE Dos Protection from identified source, and Support IKE DoS protection from
unidentified source to "Puzzles".
C. Set Support IKE DoS protection from identified source to "Stateless," and Support IKE DoS
protection from unidentified source to "Puzzles".
D. Set "Support IKE DoS protection" from identified source, and "Support IKE DoS protection" from
unidentified source to "Stateless".
E. Set Support IKE DoS protection from identified source to "Stateless", and Support IKE DoS
protection from unidentified source to "None".

Answer: D

QUESTION 322
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check
Point QoS bandwidth?

A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 323
Problems sometimes occur when distributing IPSec packets to a few machines in a Load Sharing
Multicast mode cluster, even though the machines have the same source and destination IP
addresses. What is the best Load Sharing method for preventing this type of problem?

A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces (SPI)
B. Load Sharing based on SPIs only
C. Load Sharing based on IP addresses only
D. Load Sharing based on SPIs and ports only
E. Load Sharing based on IP addresses and ports

Answer: E

QUESTION 324
Jacob is using a mesh VPN Community to create a sitE. to-site VPN. The VPN properties in this
mesh Community display in this graphic: Which of the following statements is TRUE?

A. If Jacob changes the setting, "Perform key exchange encryption with" from "3DES" to "DES", he
will enhance the VPN Community's security and reduce encryption overhead.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. Jacob must change the datA. integrity settings for this VPN Community.
MD5 is incompatible with AES.
C. If Jacob changes the setting "Perform IPSec data encryption with" from "AES-128" to "3DES", he
will increase the encryption overhead.
D. Jacob's VPN Community will perform IKE Phase 1 key-exchange encryption, using the longest
key VPN-1 NGX supports.

Answer: C

QUESTION 325
Rachel is the Security Administrator for a university. The university's FTP servers have old
hardware and software. Certain FTP commands cause the FTP servers to malfunction.
Upgrading the FTP servers is not an option at this time.
Which of the following options will allow Rachel to control which FTP commands pass through the
Security Gateway protecting the FTP servers?

A. Global Properties > Security Server > Allowed FTP Commands

B. SmartDefense > Application Intelligence > FTP Security Server
C. Rule Base > Action Field > Properties
D. Web Intelligence > Application Layer > FTP Settings
E. FTP Service Object > Advanced > Blocked FTP Commands

Answer: B

QUESTION 326
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point
QoS rule. What causes the Connection Rejection?

A. The guarantee of one of the rule's sub-rules exceeds the guarantee in the rule itself.
B. The number of guaranteed connections is exceeded.
The rule's action properties are not set to accept additional connections.
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the
Maximal Delay is set below requirements.
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.

Answer: B

QUESTION 327
Wayne configures an HTTP Security Server to work with the content vectoring protocol to screen
forbidden sites. He has created a URI resource object using CVP with the following settings:

Use CVP
Allow CVP server to modify content
Return data after content is approved

He adds two rules to his Rule Base: one to inspect HTTP traffic going to known forbidden sites,
the other to allow all other HTTP traffic.
Wayne sees HTTP traffic going to those problematic sites is not prohibited.
What could cause this behavior?

A. The Security Server Rule is after the general HTTP Accept Rule.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. The Security Server is not communicating with the CVP server.
C. The Security Server is not configured correctly.
D. The Security Server is communicating with the CVP server, but no restriction is defined in the
CVP server.

Answer: A

QUESTION 328
You want to block corporate internal-net and localnet from accessing Web sites containing
inappropriate content. You are using WebTrends for URL filtering.
You have disabled VPN- 1 Control connections in the Global properties.
Review the diagram and the Security Policies for GW_A and GW_B in the exhibit provided.

Corporate users and localnet users receive message "Web cannot be displayed". In SmartView
Tracker, you see the connections are dropped with message "content security is not reachable".
What is the problem, and how do you fix it?

A. The connection from GW_B to the internal WebTrends server is not allowed in the Policy.
Fix: Add a rule in GW_A's Policy to allow source WebTrends Server, destination GW_B, service
TCP port 18182, and action accept.
B. The connection from GW_B to the WebTrend server is not allowed in the Policy.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 Fix: Add a rule in GW_B's Policy with Source GW_B, destination WebTrends server, service TCP
port 18182, and action accept.
C. The connection from GW_Ato the WebTrends server is not allowed in the Policy.
Fix: Add a rule in GW_B's Policy with source WebTrends server, destination GW_A, service TCP
port 18182, and action accept.
D. The connection from GW_A to the WebTrends server is not allowed in the Policy.
Fix: Add a rule in GW_B's Policy with source GW_A, destination: WebTrends server, service TCP
port 18182, and action accept.
E. The connection from GW_A to the WebTrends server is not allowed in the Policy.
Fix: Add a rule in GW_A's Policy to allow source GW_A, destination WebTrends server, service
TCP port 18182, and action accept.

Answer: E

QUESTION 329
VPN-1 NGX includes a resource mechanism for working with the Common Internet File System
(CIFS). However, this service only provides a limited level of actions for CIFS security.
Which of the following services is NOT provided by a CIFS resource?

A. Log access shares

B. Block Remote Registry Access
C. Log mapped shares
D. Allow MS print shares

Answer: D

QUESTION 330
Your organization has many VPN-1 Edge gateways at various branch offices, to allow VPN-1
Secure Client users to access company resources. For security reasons, your organization's
Security Policy requires all Internet traffic initiated behind the VPN-1 Edge gateways first be
inspected by your headquarters' VPN-1 Pro Security Gateway.
How do you configure VPN routing in this star VPN Community?

A. To the Internet and other targets only

B. To the center and other satellites, through the center
C. To the center only
D. To the center; or through the center to other satellites, then to the Internet and other VPN targets

Answer: D

QUESTION 331
Robert has configured a Common Internet File System (CIFS) resource to allow access to the
public partition of his company's file server, on \\erisco\goldenapple\files\public.
Robert receives reports that users are unable to access the shared partition, unless they use the
file server's IP address.
Which of the following is a possible cause?

A. Mapped shares do not allow administrative locks.

B. The CIFS resource is not configured to use Windows name resolution
C. Access violations are not logged.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. Remote registry access is blocked.
E. Null CIFS sessions are blocked.

Answer: B

QUESTION 332
You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two
networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is
behind the peer's Gateway.
Which type of address translation should you use, to ensure the two networks access each other
through the VPN tunnel?

A. Manual NAT
B. Static NAT
C. Hide NAT
D. None
E. Hide NAT

Answer: D

QUESTION 333
Which is the BEST configuration option to protect internal users from malicious Java code,
without stripping Java scripts?

A. Use the URI resource to block Java code

B. Use CVP in the URI resource to block Java code
C. Use the URI resource to strip applet tags
D. Use the URI resource to strip ActiveX tags

Answer: A

QUESTION 334
Your VPN Community includes three Security Gateways. Each Gateway has its own internal
network defined as a VPN Domain. You must test the VPN-1 NGXroute-based VPN feature,
without stopping the VPN. What is the correct order of steps?

A. 1. Add a new interface on each Gateway.

2. Remove the newly added network from the current VPN Domain for each Gateway.
3. Create VTIs on each Gateway, to point to the other two peers
4. Enable advanced routing on all three Gateways.
B. 1. Add a new interface on each Gateway.
2. Remove the newly added network from the current VPN Domain in each gateway object.
3. Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers.
4. Add static routes on three Gateways, to route the new network to each peer's VTI interface.
C. 1. Add a new interface on each Gateway.
2. Add the newly added network into the existing VPN Domain for each Gateway.
3. Create VTIs on each gateway object, to point to the other two peers.
4. Enable advanced routing on all three Gateways.
D. 1. Add a new interface on each Gateway.
2. Add the newly added network into the existing VPN Domain for each gateway object.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 3. Create VTIs on each gateway object, to point to the other two peers.
4. Add static routes on three Gateways, to route the new networks to each peer's VTI interface.

Answer: B

QUESTION 335
Which Security Server can perform authentication tasks, but CANNOT perform content security
tasks?

A. Telnet
B. HTTP
C. rlogin
D. FTP
E. SMTP

Answer: C

QUESTION 336
You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro
Gateway. The Gateway also serves as a Policy Server.
When you run patch add cd from the NGX CD, what does this command allow you to upgrade?

A. Only VPN-1 Pro Security Gateway

B. Both the operating system (OS) and all Check Point products
C. All products, except the Policy Server
D. Only the patch utility is upgraded using this command
E. Only the OS

Answer: B

QUESTION 337
Which type of service should a Security Administrator use in a Rule Base to control access to
specific shared partitions on target machines?

A. Telnet
B. CIFS
C. HTTP
D. FTP
E. URI

Answer: B

QUESTION 338
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys.
Which of the following options will end the intruder's access, after the next Phase 2 exchange
occurs?

A. Phase 3 Key Revocation

B. Perfect Forward Secrecy

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. MD5 Hash Completion
D. SHA1 Hash Completion
E. DES Key Reset

Answer: B

QUESTION 339
How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_Ato
end point Net_B, through an NGX Security Gateway?

A. Net_A/Net_B/sip/accept
B. Net_A/Net_B/sip and sip_any/accept
C. Net_A/Net_B/VolP_any/accept
D. Net_A/Net_BM3lP/accept

Answer: A

QUESTION 340
Barak is a Security Administrator for an organization that has two sites usingpershared secrets in
its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is
opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three
Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security
Gateway. Barak decides to switch frompershared secrets to Certificates issued by the Internal
Certificate Authority (ICA).
After creating the Madrid gateway object with the proper VPN Domain, what are Barak's
remaining steps?

1. Disable "PrE. Shared Secret" on the London and Oslo gateway objects
2. Add the Madrid gateway object into the Oslo and London's mesh VPN
Community
3. Manually generate ICA Certificates for all three Security Gateways.
4. Configure "Traditional mode VPN configuration" in the Madrid gateway
object's VPN screen
5. Reinstall the Security Policy on all three Security Gateways.

A. 1, 2, 5
B. 1, 3, 4, 5
C. 1, 2, 3, 5
D. 1, 2, 4, 5
E. 1, 2, 3, 4

Answer: A

QUESTION 341
You have an internal FTP server, and you allow downloading, but not uploading.
Assume Network Address Translation is set up correctly, and you want to add an inbound rule
with:

Source: Any
Destination: FTP server
Service: FTP resources object.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
How do you configure the FTP resource object and the action column in the rule to achieve this
goal?

A. Enable only the "Get" method in the FTP Resource Properties, and use this method in the rule,
with action accept.
B. Enable only the "Get" method in the FTP Resource Properties and use it in the rule, with action
drop.
C. Enable both "Put" and "Get" methods in the FTP Resource Properties and use them in the rule,
with action drop.
D. Disable "Get" and "Put" methods in the FTP Resource Properties and use it in the rule, with
action accept.
E. Enable only the "Put" method in the FTP Resource Properties and use it in the rule, with action
accept.

Answer: A

QUESTION 342
Damon enables an SMTP resource for content protection.
He notices that mail seems to slow down on occasion, sometimes being delivered late.
Which of the following might improve throughput performance?

A. Configuring the SMTP resource to bypass the CVP resource

B. Increasing the Maximum number of mail messages in the Gateway's spool directory
C. Configuring the Content Vector Protocol (CVP) resource to forward the mail to the internal SMTP
server, without waiting for a response from the Security Gateway
D. Configuring the CVP resource to return the mail to the Gateway
E. Configuring the SMTP resource to only allow mail with Damon's company's domain name in the
header

Answer: C

QUESTION 343
Damon enables an SMTP resource for content protection.
He notices that mail seems to slow down on occasion, sometimes being delivered late.
Which of the following might improve throughput performance?

A. Configuring the SMTP resource to bypass the CVP resource

B. Increasing the Maximum number of mail messages in the Gateway's spool directory
C. Configuring the Content Vector Protocol (CVP) resource to forward the mail to the internal SMTP
server, without waiting for a response from the Security Gateway
D. Configuring the CVP resource to return the mail to the Gateway
E. Configuring the SMTP resource to only allow mail with Damon's company's domain name in the
header

Answer: C

QUESTION 344
What is the consequence of clearing the "Log VoIP Connection" box in Global Properties?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Dropped VoIP traffic is logged, but accepted VoIP traffic is not logged.
B. VoIP protocol-specific log fields are not included in SmartView Tracker entries.
C. The log field setting in rules for VoIP protocols are ignored.
D. IP addresses are used, instead of object names, in log entries that reference VoIP Domain
objects.
E. The SmartCenter Server stops importing logs from VoIP servers.

Answer: B

QUESTION 345
Your company has two headquarters, one in London, one in New York. Each headquarters
includes several branch offices. The branch offices only need to communicate with the
headquarters in their country, not with each other, and only the headquarters need to
communicate directly. What is the BEST configuration for VPN Communities among the branch
offices and their headquarters, and between the two headquarters?
VPN Communities comprised of:

A. Two stars and one mesh Community; each star Community is set up for each site, with
headquarters as the center of the Community, and branches as satellites.
The mesh Communities are between the New York and London headquarters
B. Three mesh Communities: one for London headquarters and its branches, one for New York
headquarters and its branches, and one for London and New York headquarters.
C. Two mesh Communities, one for each headquarters and their branch offices; and one star
Community, in which London is the center of the Community and New York, is the satellite.
D. Two mesh Communities, one for each headquarters and their branch offices; and one star
Community, where New York is the center of the Community and London is the satellite.

Answer: A

QUESTION 346
You are preparing to configure your VoIP Domain Gatekeeper object.
Which two other objects should you have created first?

A. An object to represent the IP phone network, AND an object to represent the host on which the
proxy is installed
B. An object to represent the PSTN phone network, AND an object to represent the IP phone
network
C. An object to represent the IP phone network, AND an object to represent the host on which the
gatekeeper is installed
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245
termination host
E. An object to represent the call manager, AND an object to represent the host on which the
transmission router is installed

Answer: C

QUESTION 347
Yoav is a Security Administrator preparing to implement a VPN solution for his multi-site
organization.
To comply with industry regulations, Yoav's VPN solution must meet the following requirements:

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Portability: Standard
Key management: Automatic, external PKI
Session keys: Changed at configured times during a connection's
lifetime
Key length: No less than 128-bit
Data integrity: Secure against inversion andbruteforce attacks

What is the most appropriate setting Yoav should choose?

A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash

Answer: D

QUESTION 348
Which of the following commands shows full synchronization status?

A. cphaprob.i list
B. cphastop
C. fw ctl pstat
D. cphaprob.a if
E. fwhastat

Answer: A

QUESTION 349
In a distributed VPN-1 Pro NGX environment, where is the Internal Certificate Authority (ICA)
installed?

A. On the Security Gateway

B. Certificate Manager Server
C. On the Policy Server
D. On the Smart View Monitor
E. On the primary SmartCenter Server

Answer: E

QUESTION 350
You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network.
The Registrar and proxy are installed on host 172.16.100.100.
To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet,
you have defined the following objects:

Network object: SIP-net: 172.16.100.0/24

SIP-gateway: 172.16.100.100
VoIP Domain object: VolP_domain_A
1.Endpoint domain: SIP-net
2.VoIP gateway installed at: SIP-gateway host object

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
How would you configure the rule?

A. SIP- G ateway/N et_B/s i p_a ny/a c c e pt

B. VolP_domain_A/Net_B/sip/accept
C. SIP-Gateway/Net_B/sip/accept
D. VolP_domain_A/Net_B/sip_any, and sip/accept
E. VolP_Gateway_MJet_B/sip_any/accept

Answer: B

QUESTION 351
What is the behavior of ClusterXL in a High Availability environment?

A. Both members respond to the virtual IP address, and both members pass traffic when using their
physical addresses.
B. Both members respond to the virtual IP address, but only the active member is able to pass
traffic.
C. The active member responds to the virtual IP address.nd both members pass traffic when using
their physical addresses.
D. The active member responds to the virtual IP address.nd is the only member that passes traffic
E. The passive member responds to the virtual IP address, and both members route traffic when
using their physical addresses.

Answer: D

QUESTION 352
The following rule contains an FTP resource object in the Service field:

Source: local_net
Destination: Any
Service: FTP-resource object
Action: Accept

How do you define the FTP Resource Properties > Match tab to prevent internal users from
receiving corporate files from external FTP servers, while allowing users to send files?

A. Enable "Put" and "Get" methods.

B. Disable the "Put" method globally.
C. Enable the "Put" method only on the Match tab.
D. Enable the "Get" method on the Match tab.
E. Disable "Get" and "Put" methods on the Match tab.

Answer: C

QUESTION 353
VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which
environment?

A. H.323

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. SIP
C. MEGACO
D. SCCP
E. MGCP

Answer: C

QUESTION 354
Cody is notified by blacklist.org that his site has been reported as a spam relay, due to his SMTP
Server being unprotected. Cody decides to implement an SMTP Security Server, to prevent the
server from being a spam relay.
Which of the following is the most efficient configuration method?

A. Configure the SMTP Security Server to perform MX resolving.

B. Configure the SMTP Security Server to perform filtering, based on IP address and SMTP
protocols.
C. Configure the SMTP Security Server to work with an OPSEC based product, for content
checking.
D. Configure the SMTP Security Server to apply a generic "from" address to all outgoing mail.
E. Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate
domain.

Answer: E

QUESTION 355
You want to upgrade a SecurePlatform NG with Application Intelligence (Al) R55 Gateway to
SecurePlatform NGX R60 via SmartUpdate.
Which package is needed in the repository before upgrading?

A. SVN Foundation and VPN-1 Express/Pro

B. VPN-1 and Firewall-1
C. SecurePlatform NGX R60
D. SVN Foundation 3
E. VPN-1 Pro/Express NGXR60

Answer: C

QUESTION 356
Your current stands alone VPN-1 NG with Application Intelligence (Al) R55 installation is running
on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the
existing machine will be the VPN-1 Pro Gateway. An additional machine will serve as the
SmartCenter Server. The new machine runs on a Windows Server 2003.
You need to upgrade the NG with Al R55 SmartCenter Server configuration to VPN-1 NGX.
How do you upgrade to VPN-1 NGX?

A. Insert the NGX CD in the existing NGwithAI R55 SecurePlatform machine, and answer yes to
backup the configuration.
Copy the backup file to the Windows Server 2003.
Continue the upgrade process.
Reboot after upgrade is finished.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the
sysconfig process.
Reboot again.
Use the NGX CD to install the primary SmartCenter on the Windows Server 2003.
Import the backup file.
B. Run the backup command in the existing SecurePlatform machine, to create a backup file.
Copy the file to the Windows Server 2003.
Uninstall all Check Point products on SecurePlatform by running rpm CPsuite.
R55 command.
Reboot.
Install new VPN-1 NGX on the existing SecurePlatform machine.
Run sysconfig, select VPN-1 Pro Gateway, and reboot.
Use VPN-1 NGX CD to install primary SmartCenter Server on the Windows Server 2003.
Import the backup file.
C. Copy the $FWDIR\conf and $FWDIR\lib files from the existing SecurePlatform machine.
Create a tar.gzfile, and copy it to the Windows Server 2003.
Use VPN-1 NGX CD on the existing SecurePlatform machine to do a new installation.
Reboot.
Run sysconfig and select VPN-1 Pro Gateway.
Reboot.
Use the NGX CD to install the primary SmartCenter Server on the Windows Server 2003.
On the Windows Server 2003, run upgradeimport command to import $FWDIR\conf and
$FWDIR\lib from the SecurePlatform machine.
D. Run backup command on the existing SecurePlatform machine to create a backup file.
Copy the file to the Windows Server 2003.
Uninstall the primary SmartCenter Server package from NG with Al R55 SecurePlatform using
sysconfig.
Reboot.
Install the NGX primary SmartCenter Server and import the backup file.
Open the NGX SmartUpdate, and select "upgrade all packages" on the NG with Al R55 Security
Gateway.

Answer: A

QUESTION 357
If you check the box "Use Aggressive Mode", in the IKE Properties dialog box:

A. The standardthreepacket IKE Phase 1 exchange is replaced by a six-packet exchange.

B. The standard six-packet IKE Phase 2 exchange is replaced by athreepacket exchange.
C. The standardthreepacket IKE Phase 2 exchange is replaced by a six-packet exchange.
D. The standard six-packet IKE Phase 1 exchange is replaced by athreepacket exchange.
E. The standard six-packet IKE Phase 1 exchange is replaced by atwelvepacket exchange.

Answer: D

QUESTION 358
DShield is a Check Point feature used to block which of the following threats?

A. Cross Site Scripting

B. SQL injection
C. DDOS
D. Buffer overflows

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
E. Trojan horses

Answer: C

QUESTION 359
How do you control the maximum mail messages in a spool directory?

A. In the Security Server window in Global Properties

B. In SmartDefense SMTP settings
C. In the smtp.conf file on the SmartCenter Server
D. In the gateway object's SMTP settings in the Advanced window
E. In the SMTP resource object

Answer: D

QUESTION 360
Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN- 1
NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his
organization's three SIP gateways. Greg then creates a simple group to contain the VoIP Domain
SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not
listed. What is the problem?

A. The related end points domain specifies an address range.

B. VoIP Domain SIP objects cannot be placed in simple groups.
C. The installed VoIP gateways specify host objects.
D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is
eligible to be added to the group.
E. The VoIP Domain SIP object's name contains restricted characters.

Answer: B

QUESTION 361
You plan to install a VPN-1 Pro Gateway for VPN-1 NGX at your company's headquarters.
You have a single Sun SPARC Solaris 9 machine for VPN-1 Pro enterprise implementation.
You need this machine to inspect traffic and keep configuration files.
Which Check Point software package do you install?

A. VPN-1 Pro Gateway and primary SmartCenter Server

B. Policy Server and primary SmartCenter Server
C. ClusterXL and SmartCenter Server
D. VPN-1 Pro Gateway
E. SmartCenter Server

Answer: A

QUESTION 362
Which service type does NOT invoke a Security Server?

A. HTTP

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. FTP
C. Telnet
D. CIFS
E. SMTP

Answer: D

QUESTION 363
Your current VPN-1 NG with Application Intelligence (Al) R55standalone VPN-1 Pro Gateway and
SmartCenter Server run on SecurePlatform.
You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will
be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only.
You need to migrate the NG with Al R55 SmartCenter Server configuration, including such items
as Internal Certificate Authority files, databases, and Security Policies.
How do you request a new license for this VPN-1 NGX upgrade?

A. Request a VPN-1 NGX SmartCenter Server license, using the new machine's IP address.
Request a new local license for the NGX VPN-1 Pro Gateway.
B. Request a VPN-1 NGX SmartCenter Server license, using the new machine's IP address.
Request a new central license for the NGX VPN-1 Pro Gateway.
C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with Al SmartCenter
Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
D. Request a VPN-1 NGX SmartCenter Server license, using the NG with Al SmartCenter Server IP
address. Request a new central license for the NGX VPN-1 Pro Gateway, licensed for the
existing SmartCenter Server IP address.

Answer: D

QUESTION 364
What is a requirement for setting up Management High Availability?

A. All SmartCenter Servers must reside in the same Local Area Network (LAN).
B. All SmartCenter Servers must have the same amount of memory.
C. You can only have one Secondary SmartCenter Server.
D. All SmartCenter Servers must have the BIOS release.
E. All SmartCenter Servers must have the same operating system.

Answer: E

QUESTION 365
Which of the following TCP port numbers is used to connect the VPN-1 Gateway to the Content
Vector Protocol (CVP) server?

A. 18182
B. 18180
C. 18181
D. 7242
E. 1456

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 366
Which operating system is NOT supported by VPN-1 Secure Client?

A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 8.0
E. MacOSX

Answer: A

QUESTION 367
The following configuration is for VPN-1 NGX:1s this configuration correct for Management High
Availability (HA)?

A. No, the SmartCenter Servers must be installed on the same operating system.
B. No, a VPN-1 NGX SmartCenter Server cannot run on Red Hat Linux 7.3.
C. No, the SmartCenter Servers must reside on the same network.
D. No, A VPN-1 NGX SmartCenter Server can only be in a Management HA configuration, if the
operating system is Solaris.
E. No, the SmartCenter Servers do not have the same number of NICs.

Answer: A

QUESTION 368
Which VPN Community object is used to configure VPN routing within the SmartDashboard?

A. Star
B. Mesh
C. Remote Access
D. Map

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 369
You receive an alert indicating a suspicious FTP connection is trying to connect to one of your
internal hosts. How do you block the connection in real time and verify the connection is
successfully blocked?

A. Highlight the suspicious connection in SmartView Tracker > Active mode.

Block the connection using the Tools > Block Intruder menu.
Use the Active mode to confirm that the suspicious connection does not reappear.
B. Highlight the suspicious connection in SmartView Tracker > Log mode.
Block the connection using Tools > Block Intruder menu.
Use Log mode to confirm that the suspicious connection does not reappear.
C. Highlight the suspicious connection in SmartView Tracker > Active mode.
Block the connection using Tools > Block Intruder menu.
Use Active mode to confirm that the suspicious connection is dropped.
D. Highlight the suspicious connection in SmartView Tracker > Log mode.
Block the connection using Tools > Block Intruder menu.
Use the Log mode to confirm that the suspicious connection is dropped.

Answer: A

QUESTION 370
Which of the following QoS rule action properties is an Advanced action type, only available in
Traditional mode?

A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee

Answer: A

QUESTION 371
Which OPSEC server is used to prevent users from accessing certain Web sites?

A. LEA
B. URI
C. UFP
D. AMON
E. CVP

Answer: C

QUESTION 372
Regarding QoS guarantees and limits, which of the following statements is FALSE?

A. If both a limit and a guarantee per rule are defined in a QoS rule, then the limit must be smaller
than the guarantee.
B. If both a rule limit and a per connection limit are defined for a rule, the per connection limit must

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 not be greater than the rule limit.
C. A rule guarantee must not be less than the sum the guarantees defined in its sub-rules.
D. If a guarantee is defined in a sub-rule, then a guarantee must be defined for the rule above it.

Answer: A

QUESTION 373
When you add a resource service to a rule, which ONE of the following actions occur?

A. VPN-1 Secure Client users attempting to connect to the object defined in the Destination column
of the rule will receive a new Desktop Policy from the resource.
B. All packets that match the resource in the rule will be dropped.
C. All packets matching the resource service rule are analyzed or authenticated, based on the
resource properties.
D. Users attempting to connect to the destination of the rule will be required to authenticate.
E. All packets matching that rule are either encrypted or decrypted by the defined resource.

Answer: C

QUESTION 374
From the following output of cphaprob state,

Which ClusterXL mode is this?

A. Load Balancing Mode

B. Multicast mode
C. Unicast mode
D. New mode
E. Legacy mode

Answer: C

QUESTION 375
Your network traffic requires preferential treatment by other routers on the network, in addition to
the QoS Module, which Check Point QoS feature should you use?

A. Guarantees
B. Limits
C. Differentiated Services
D. Weighted Fair Queuing
E. Low Latency Queuing

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 376
When upgrading to NGX R65, which Check Point products do not require a license upgrade to be
current?

A. VPN-1 NGX (R64) and later

B. VPN-1 NGX (R60) and later
C. VPN-1 NG with Application Intelligence (R54) and later
D. None, all versions require a license upgrade

Answer: B

QUESTION 377
Which of these components does NOT require a VPN-1 NGX R65 license?

A. SmartConsole
B. Check Point Gateway
C. SmartCenter Server
D. SmartUpdate upgrading/patching

Answer: A

QUESTION 378
Which of the following is a TRUE statement concerning contract verification?

A. Your contract file is stored on the User Center and fetched by the Gateway as needed.
B. Your contract file is stored on the SmartConsole and downloaded to the SmartCenter Server.
C. Your contract file is stored on the SmartConsole and downloaded to the Gateway.
D. Your contract file is stored on the SmartCenter Server and downloaded to the Security Gateway.

Answer: D

QUESTION 379
Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway
and SmartCenter Server runs on SecurePlatform.
You plan to implement VPN-1 NGX R65 in a distributed environment, where the new machine will
be the SmartCenter Server, and the existing machine will be the VPN-1 Pro Gateway only.
You need to migrate the NG with AI R55 SmartCenter Server configuration, including licensing.
How do you handle licensing for this NGX R65 upgrade?

A. Request an NGX R65 SmartCenter Server license, using the new server's IP address.
Request a new central NGX R65 VPN-1 Gateway license also licensed to the new SmartCenter
Server's IP address.
B. Leave the current license on the gateway to be upgraded during the software upgrade.
Purchase a new license for the VPN-1 NGX R65 SmartCenter Server.
C. Request an NGX R65 SmartCenter Server license, using the existing gateway machine's IP
address.
Request a new local license for the NGX R65 VPN-1 Gateway using the new server's IP address.
D. Request an NGX R65 SmartCenter Server license, using the new server's IP address.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 Request a new central NGX R65 VPN-1 Gateway license for the existing gateway server's IP
address.

Answer: A

QUESTION 380
You are running the license_upgrade tool on your SecurePlatform Gateway.
Which of the following can you NOT do with the upgrade tool?

A. Simulate the license-upgrade process.

B. View the licenses in the SmartUpdate License Repository.
C. Perform the actual license-upgrade process.
D. View the status of currently installed licenses.

Answer: B

QUESTION 381
What action can be run from SmartUpdate NGX R65?

A. remote_uninstall_verifier
B. upgrade_export
C. mds_backup
D. cpinfo

Answer: D

QUESTION 382
What tools CANNOT be launched from SmartUpdate NGX R65?

A. cpinfo
B. SecurePlatform Web UI
C. Nokia Voyager
D. snapshot

Answer: D

QUESTION 383
Choose all correct statements. SmartUpdate, located on a VPN-1 NGX SmartCenter Server,
allows you to:

(1) Remotely perform a first time installation of VPN-1 NGX on a new

machine
(2) Determine OS patch levels on remote machines
(3) Update installed Check Point and any OPSEC certified software
remotely
(4) Update installed Check Point software remotely
(5) Track installed versions of Check Point and OPSEC products
(6) Centrally manage licenses

A. 4, 5, & 6

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. 2, 4, 5, & 6
C. 1 & 4
D. 1, 3, 4, & 6

Answer: B

QUESTION 384
You are a Security Administrator preparing to deploy a new HFA (Hot fix Accumulator) to ten
Security Gateways at five geographically separated locations.
What is the BEST method to implement this HFA?

A. Send a Certified Security Engineer to each site to perform the update

B. Use SmartUpdate to install the packages to each of the Security Gateways remotely
C. Use a SSH connection to SCP the HFA to each Security Gateway.
Once copied locally, initiate a remote installation command and monitor the installation progress
with SmartView Monitor.
D. Send a CDROM with the HFA to each location and have local personnel install it

Answer: B

QUESTION 385
You are using SmartUpdate to fetch data and perform a remote upgrade of an NGX Security
Gateway.
Which of the following statements is FALSE?

A. If SmartDashboard is open during package upload and upgrade, the upgrade will fail.
B. A remote installation can be performed without the SVN Foundation package installed on a
remote NG with Application Intelligence Security Gateway
C. SmartUpdate can query the SmartCenter Server and VPN-1 Gateway for product information
D. SmartUpdate can query license information running locally on the VPN-1 Gateway

Answer: B

QUESTION 386
What port is used for communication to the UserCenter with SmartUpdate?

A. HTTP
B. HTTPS
C. TCP 8080
D. CPMI

Answer: B

QUESTION 387
What physical machine must have access to the UserCenter public IP when checking for new
packages with SmartUpdate?

A. VPN-1 Security Gateway getting the new upgrade package

B. SmartUpdate installed SmartCenter Server PC

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. SmartUpdate Repository SQL database Server
D. SmartUpdate GUI PC

Answer: D

QUESTION 388
What action CANNOT be run from SmartUpdate NGX R65?

A. Get all Gateway Data

B. Reboot gateway
C. Preinstall verifier
D. Fetch sync status

Answer: D

QUESTION 389
You want to upgrade an NG with Application Intelligence R55 Security Gateway running on
SecurePlatform to VPN-1 NGX R65 via SmartUpdate.
Which package(s) is(are) needed in the Repository prior to upgrade?

A. SecurePlatform NGX R65 package

B. VPN-1 Power/UTM NGX R65 package
C. SecurePlatform and VPN-1 Power/UTM NGX R65 packages
D. SVN Foundation and VPN-1 Power/UTM packages

Answer: A

QUESTION 390
Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import
process?

A. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.
B. It will conflict with any future upgrades run from SmartUpdate.
C. SmartUpdate will start a new installation process if the machine is rebooted.
D. It contains your security configuration, which could be exploited.

Answer: D

QUESTION 391
Concerning these products: SecurePlatform, VPN-1 Pro Gateway, UserAuthority Server, Nokia
OS, UTM-1, Eventia Reporter, and Performance Pack, which statement is TRUE?

A. All but the Nokia OS can be upgraded to VPN-1 NGX R65 with SmartUpdate.
B. All but Performance Pack can be upgraded to VPN-1 NGX R65 with SmartUpdate.
C. All can be upgraded to VPN-1 NGX R65 with SmartUpdate.
D. All but the UTM-1 can be upgraded to VPN-1 NGX R65 with SmartUpdate.

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 392
If a SmartUpdate upgrade or distribution operation fails on SecurePlatform, how is the system
recovered?

A. SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade.
B. The Administrator must remove the rpm packages manually, and reattempt the upgrade.
C. The Administrator can only revert to a previously created snapshot (if there is one) with the
command cprinstall snapshot <object name><filename>.
D. The Administrator must reinstall the last version via the command cprinstall revert <object
name><file name>.

Answer: A

QUESTION 393
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.

A. After selecting "Packages: Add... from CD", the entire contents of the CD are copied to the
packages directory on the selected remote Security Gateway.
B. After selecting "Packages: Add... from CD", the entire contents of the CD are copied to the
Package Repository on the SmartCenter Server.
C. After selecting "Packages: Add... from CD", the selected package is copied to the packages
directory on the selected remote Security Gateway.
D. After selecting "Packages: Add... from CD", the selected package is copied to the Package
Repository on the SmartCenter Server.

Answer: D

QUESTION 394
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.

A. After selecting "Packages > Distribute..." and choosing the target gateway, the selected package
is copied from the Package Repository on the SmartCenter to the Security Gateway but the
installation IS
NOT performed.
B. After selecting "Packages > Distribute..." and choosing the target gateway, the SmartUpdate
wizard walks the Administrator through a Distributed Installation.
C. After selecting "Packages > Distribute..." and choosing the target gateway, the selected package
is copied from the Package Repository on the SmartCenter to the Security Gateway and the
installation IS performed.
D. After selecting "Packages > Distribute..." and choosing the target gateway, the selected package
is copied from the CDROM of the SmartUpdate PC directly to the Security Gateway and the
installation IS performed.

Answer: A

QUESTION 395
What happens in relation to the CRL cache after a cpstop;spstart has been initiated?

A. The gateway continues to use the old CRL even if it is not valid, until a new CRL is cached

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. The gateway continues to use the old CRL, as long as it is valid.
C. The gateway issues a crl_zap on startup, which empties the cache and forces Certificate retrieval.
D. The gateway retrieves a new CRL on startup, then discards the old CRL as invalid.

Answer: B

QUESTION 396
Public-key cryptography is considered which of the following?

A. two-key/symmetric
B. one-key/asymmetric
C. two-key/asymmetric
D. one-key/symmetric

Answer: C

QUESTION 397
What is the greatest benefit derived from VPNs compared to frame relay, leased lines any other
types of dedicated networks?

A. lower cost
B. stronger authentication
C. Less failure/downtime
D. Greater performance

Answer: A

QUESTION 398
What is the bit size of DES?

A. 56
B. 112
C. 168
D. 128
E. 32
F. 64

Answer: A

QUESTION 399
In cryptography, the Rivest, Shamir, Adelman (RSA) scheme has which of the following? Select
all that apply.

A. A symmetric-cipher system
B. A secret-key encryption-algorithm system
C. A public-key encryption-algorithm system
D. An asymmetric-cipher system

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: CD

QUESTION 400
Which of the following are supported with the office mode? Select all that apply.

A. SecureClient
B. L2TP
C. Transparent Mode
D. Gopher
E. SSL Network Extender

Answer: ABE

QUESTION 401
Which network port does PPTP use for communication?

A. 1723/tcp
B. 1723/udp
C. 25/udp
D. 25/tco

Answer: A

QUESTION 402
VPN access control would fall under which VPN component?

A. QoS
B. Performance
C. Management
D. Security

Answer: D

QUESTION 403
In ClusterXL, which of the following processes are defined by default as critical devices?

A. fwm
B. cphad
C. fwd
D. fwd.proc

Answer: B

QUESTION 404
If a digital signature is used to achieve both data-integrity checking and verification of sender,
digital signatures are only used when implementing:

A. A symmetric-encryption algorithm

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. CBL-DES
C. Triple DES
D. An asymmetric-encryption algorithm

Answer: D

QUESTION 405
Which of the following is supported with Office Mode?

A. Secure mote
B. Secure Client
C. SSL Network Extender
D. Connect Mode

Answer: A

QUESTION 406
When synchronizing clusters, which of the following statements are true? Select all that apply.

A. Only cluster members running on the same OS platform can be synchronized.

B. Client Auth or Session Auth connections through a cluster member will be lost of the cluster
member fails.
C. The state of connections using resources is maintained by a Security Server, so these
connections cannot be synchronized.
D. In the case of a failover, accounting information on the failed member may be lost despite a
properly

Answer: ABC

QUESTION 407
VPN traffic control would fall under which VPN component?

A. Performance
B. Management
C. Security
D. QoS

Answer: D

QUESTION 408
Which of the following is an example of the hash function?

A. DES and CBC

B. DAC and MAC
C. SHA and 3DES
D. MD5 and SHA-1

Answer: D

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 409
When configuring site-to-site VPN High Availability (HA) with MEP, which of the following is
correct?

A. MEP Gateways cannot be geographically separated machines.

B. The decision on which MEP Gateway to use is made on the MEP Gateway's side of the tunnel.
C. MEP Gateways must be managed by the same SmartCenter Server.
D. If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the
next connection.

Answer: D

QUESTION 410
Consider the following actions that VPN-1 NGX can take when it control packets. The Policy
Package has been configured for Traditional Mode VPN.
Identify the options that includes the available actions. Select four.

A. Allow
B. Reject
C. Client auth
D. Decrypt
E. Accept
F. Drop
G. Encrypt
H. Hold
I. Proxy

Answer: BEFG

QUESTION 411
Which of the following does IPSec use during IPSec key negotiation?

A. IPSec SA
B. RSA Exchange
C. ISAKMP SA
D. Diffie-Hellman exchange

Answer: D

QUESTION 412
Which of the following SSL Network Extender server-side prerequisites are correct? Select all
that apply.

A. The VPN1-Gateway must be configured to work with Visitor Mode

B. The specific VPN-1 Security Gateway must be configured as a member of the VPN-1 Remote
Access Community.
C. There are distinctly separate access rules required forSecure Clientusers vs. SSL Network
Extender users.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. To use Integrity Clientless Security (ICS), you must install the ICS server or configuration tool.

Answer: ABD

QUESTION 413
After installing VPN-1 Pro NGQ R65, you discover that one port on your Intel Quad NIC on the
Security Gateway is not fetched by a get topology request. What is the most likely cause and
solution?

A. The NIC is faulty. Replace it and reinstall.

B. Make sure the driver for you particular NIC is available, and reinstall.
You will be prompted for the driver.
C. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the
Web UI,
D. Your NIC driver is installed but was not recognized. Apply the latestSecure PlatformR65 Hotfix
Accumulator (HFA).

Answer: C

QUESTION 414
Which of the following provides a unique user ID for a digital Certificate?

A. Username
B. User-message digest
C. User e-mail
D. User organization

Answer: B

QUESTION 415
For object-based VPN routing to succeed, what must be configured?

A. A single rule in the Rule Base must cover traffic in both directions, inbound and outbound on the
central (HUB) Security Gateway.
B. No rules need to be created, implied rules that cover inbound and outbound traffic on the central
(HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control
Connections.
C. At least two rules in the Rule Base must created, one to cover traffic inbound and the other to
cover traffic outbound on the central (HUB) Security Gateway.
D. VPN routing is not configured in the Rule Base or Community objects. Only the native- routing
mechanism on each Gateway can direct the traffic via its VTI configured interfaces.

Answer: C

QUESTION 416
What proprietary Check Point protocol is the basis of the functionality of Check Point ClusterXL
inter-module communication?

A. RDP

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. IPSec
C. CCP
D. HA OPCODE
E. CKPP

Answer: C

QUESTION 417
Which of the following is part of the PKI? Select all that apply.

A. User certificate
B. Attribute Certificate
C. Certificate Revocation Lists
D. Public-key certificate

Answer: ACD

QUESTION 418
Which of the following are valid PKI architectures?

A. mesh architecture
B. Bridge architecture
C. Gateway architecture
D. Hierarchical architecture

Answer: ACD

QUESTION 419
Which of the following are valid reasons for beginning with a fresh installation VPN-1 NGX R65,
instead of upgrading a previous version to VPN-1 NGX R65? Select all that apply.

A. You see a more logical way to organize your rules and objects
B. You want to keep your Check Point configuration.
C. Your Security Policy includes rules and objects whose purpose you do not know.
D. Objects and rules' naming conventions have changed over time.

Answer: ACD

QUESTION 420
Public keys and digital certificates provide which of the following? Select three.

A. Non repudiation
B. Data integrity
C. Availability
D. Authentication

Answer: ABD

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 421
Which of the following uses the same key to decrypt as it does to encrypt?

A. dynamic encryption
B. Certificate-based encryption
C. static encryption
D. Symmetric encryption
E. Asymmetric encryption

Answer: D

QUESTION 422
Central License management allows a Security Administrator to perform which of the following?
Select all that apply.

A. Attach and/or delete only NGX Central licenses to a remote module (not Local licenses)
B. Check for expired licenses
C. Add or remove a license to or from the license repository
D. Sort licenses and view license properties
E. Delete both NGX Local licenses and Central licenses from a remote module
F. Attach both NGX Central and Local licenses to a remote module

Answer: ABCD

QUESTION 423
How should Check Point packages be uninstalled?

A. In the same order in which the installation wrapper initially installed from.
B. In the opposite order in which the installation wrapper initially installed them.
C. In any order, CPsuite must be the last package uninstalled
D. In any order as long as all packages are removed

Answer: B

QUESTION 424
Which encryption scheme provides in-place encryption?

A. DES
B. SKIP
C. AES
D. IKE

Answer: B

QUESTION 425
What is the command to upgrade an NG with Application Intelligence R55 Smart Centerrunning
onSecure Platformto VPN-1 NGX R65?

A. fw install_mgmt

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. upgrade_mgmt
C. patch add cd
D. fwm upgrade_tool

Answer: C

QUESTION 426
What can be said about RSA algorithms? Select all that apply.

A. Long keys can be used in RSA for enhances security

B. Short keys can be used for RSA efficiency.
C. RSA is faster to compute than DES
D. RSA's key length is variable.

Answer: ABD

QUESTION 427
What is the most typical type of configuration for VPNs with several externally managed
Gateways?

A. star community
B. mesh community
C. domain community
D. Hybrid community
E. SAT community

Answer: A

QUESTION 428
What is the maximum number of cores supported by CoreXL?

A. 4
B. 8
C. 12
D. 6

Answer: B

QUESTION 429
Which Check Point QoS feature allows a Security Administrator to define special classes of
service for delay-sensitive applications?

A. Guarantees
B. Weighted Fair Queuing
C. Differentiated Services
D. Low Latency Queuing

Answer: D

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 430
Which statement is TRUE for route-based VPNs?

A. Route-based VPNs replace domain-based VPNs.

B. Route-based VPNs are a form of partial overlap VPN Domain.
C. IP Pool NAT must be configured on each gateway.
D. Dynamic-routing protocols are not required.

Answer: D

QUESTION 431
Which operating system(s) support(s) unnumbered VPN Tunnel Interfaces (VTIs) for route- based
VPNs?

A. Red Hat Linux

B. SecurePlatform for NCjX and higher
C. Solaris 9 and higher
D. IPSO 3.9 and higher

Answer: D

QUESTION 432
Which of the following items can be provisioned via a Profile throughSmart Provisioning?

i) Backup Schedule
ii) DNS Entries
iii) Hosts Table
iv) Domain Name
v) Interface IP's

A. i, ii, iii, iv, v

B. i, ii, iii, iv
C. i
D. i, ii, iv

Answer: B

QUESTION 433
What does it mean when a Security Gateway is labeled Untrusted in the SmartProvisioning
Status view?

A. SIC has not been established between the Security Gateway and the Security Management.
B. SmartProvisioning is not enabled on the Security Gateway,
C. cpd is not running at the Security Gateway.
D. The Security Gateway is down.

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 434
Using the Backup Target functionality in SmartProvisioning, what targets are available?

i) FTP
ii) TFTP
iii) SFTP
iv) SCP
v) Locally

A. i
B. i, ii, iv
C. ii, iv, v
D. i, ii, iii, iv

Answer: C

QUESTION 435
The We-Make-Widgets company has purchased twenty UTM-1 Edge appliances for their remote
offices. Kim decides the best way to manage those appliances is to use SmartProvisioning and
create a profile they can all use. List the order of steps Kim would go through to add the Dallas
Edge appliance to the Remote Office profile using the output below.

1. Enter the name of the profile called "Remote Offices"

2. Change the provisioning profile to "Remote Offices"
3. Click File, then select New, then Provisioning Profile
4. Click on the Devices Tab
5. Highlight the Dallas Edge appliance, click Edit, then edit Gateway
6. Click on the Profiles Tab

A. 6, 3, 1, 4, 5, 2
B. 4, 1, 3, 6, 5, 2
C. 6, 1, 3, 4, 5, 2
D. 4, 3, 1, 6, 5, 2

Answer: A

QUESTION 436
SmartProvisioning can provision the Operating System and network settings on which of the
following?

A. IPSO 4.2 Security Gateways

B. Edge firmware 6.x and above
C. R65 HFA 40 Security Gateways arid above
D. NGX Security Appliances

Answer: C

QUESTION 437
Which of the following load-balancing methods is not valid?

A. Domain

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. They are all valid
C. Round trip
D. Random

Answer: B

QUESTION 438
The relay mail server configured under Email Notifications is used by the DLP Gateway to:
(Choose the BEST answer.)

A. IfUser Checkis configured, there is no need to configure this relay server if there are no Ask User
rules and there is no need to notify any Data Owners.
B. Send e-mail notifications to users and Data Owners.
C. Define My Organization / DLP Gateway and scan only e-mails that originate from this relay
server.
D. Synchronize with other mail servers in the network.

Answer: B

QUESTION 439
For a dedicated DLP Gateway that runs in inline bridge mode, why is it important to properly
define the topology?

A. Topology definition is necessary for correct anti-spoofing.

B. Topology is used for Hide NAT.
C. By default. My Organization is defined by the internal interfaces of a DLP Gateway.
D. Topology definition is used for VPN communities definition.

Answer: C

QUESTION 440
Which protocol is not supported for DLP?

A. ftp
B. https
C. http
D. smtp

Answer: B

QUESTION 441
What happens when an Administrator activates the DLP Portal for Self Incident Handling and
enters its fully qualified domain name (DNS name)?

A. Connections created between the user and the DLP Gateway when clicking links within e-mail
notifications to send or discard quarantined e-mails (matched for an Ask User rule) are encrypted.
B. The daemon running DLP Portal starts to run and can cater requests from users' browsers
(following links from e-mail notifications) and from Check PointUser Check.
C. The DLP Gateway can now notify Data Owners about DLP incidents.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. User Checkis activated.

Answer: B

QUESTION 442
You just upgraded to R71 and are using the IPS Software Blade.
You want to enable all critical protections while keeping the rate of false positive very low.
How can you achieve this?

A. new IPS system is based on policies, but it has no ability to calculate or change the confidence
level, so it always has a high rate of false positives.
B. As in SmartDefense, this can be achieved by activating all the critical checks manually.
C. The new IPS system is based on policies and gives you the ability to activate al checks with
critical severity and a high confidence level.
D. This can't be achieved; activating any IPS system always causes a high rate of false positives.

Answer: C

QUESTION 443
You enable Sweep Scan Protection and Host port scan in IPS to determine if a large amount of
traffic from a specific internal IP address is a network attack, or a user's system is infected with a
worm. Will you get all the information you need from these actions?

A. Yes. IPS will limit the traffic impact from the scans, and identify if the pattern of the traffic matches
any known worms.
B. No. These IPS protections will only block the traffic, but it will not provide a detailed analysis of
the traffic.
C. No. To verify if this is a worm or an active attack, you must also enable TCP attack defenses.
D. No. The logs and alert can provide some level of information, but determining whether the attack
is intentional or a worm, requires further research.

Answer: D

QUESTION 444
You need to verify the effectiveness of your IPS configuration for your Web server farm.
You have a colleague run penetration tests to confirm that the Web servers are secure against
traffic hijacks.
Of the following, which would be the best configuration to protect from a traffic hijack attempt?

A. Enable the Web intelligence > SQL injection setting.

B. Activate the Cross-Site Scripting property.
C. Configure TCP defenses such as Small PMTU size.
D. Create resource objects for the Web farm servers and configure rules for the Web farm.

Answer: B

QUESTION 445
You need to determine if your company's Web servers are accessed an excessive number of
times from the same host. How would you configure this in the IPS tab?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Successive alerts
B. Successive DoS attacks
C. Successive multiple connections
D. HTTP protocol inspection

Answer: C

QUESTION 446
You are responsible for the IPS configuration of your Check Point firewall. Inside the Denial of
service section you need to set the protection parameters against the Teardrop attack tool with
high severity. How would you characterize this attack tool? Give the BEST answer.

A. Hackers can send high volumes of non-TCP traffic in an effort to fill up a firewall State Table.
This results in a Denial of Service by preventing the firewall from accepting new connections.
Teardrop is a widely available attack tool that exploits this vulnerability.
B. A remote attacker may attack a system by sending a specially crafted RPC request to execute
arbitrary code on a vulnerable system.
Teardrop is a widely available attack tool that exploits this vulnerability.
C. Some implementations of TCP/IP are vulnerable to packets that are crafted in a particular way (a
SYN packet in which the source address and port are the same as the destination, i.e., spoofed).
Teardrop is a widely available attack tool that exploits this vulnerability
D. Some implementations of the TCP/IP IP fragmentation re-assembly code do not properly handle
overlapping IP fragments.
Sending two IP fragments, the latter entirely contained inside the former, causes the server to
allocate too much memory and crash.
Teardrop is a widely available attack tool that exploits this vulnerability.

Answer: D

QUESTION 447
Which application is used to create a File-Share Application?

A. SmartDashboard (SSL VPN Tab)

B. SmartPortal WebUI (File-Share Tab)
C. SSL VPN Portal WebUI (File-Share Tab)
D. Provider-1 MDG (Global VPNs Tab)

Answer: A

QUESTION 448
Which procedure will create an Internal User?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. In the Users and Administrators tab, right click Users and click SSL VPN User
B. In the General Properties of the gateway, click the SSL VPN check box. The SSL VPN Blade
Wizard will launch and Step 2 will allow adding new users who will be imported from a RADIUS
server.
C. From the SSL VPN tab, click Users and Authentication I Internal Users I Users and click New
User I Default
D. In the Users and Administrators tab, click User Groups I Clientless-vpn-user and add the SSL
VPN user to the Clientless-vpn-user group

Answer: C

QUESTION 449
With is the SmartEvent Correlation Unit's function?

A. Assign severity levels to events.

B. Display received threats and tune the Events Policy
C. Invoke and define automatic reactions and add events to the database.
D. Analyze log entries, looking for Event Policy patterns.

Answer: D

QUESTION 450
Which version is the minimum requirement for SmartProvisioning?

A. R65 HFA 40
B. R70
C. R71
D. R70.20

Answer: A

QUESTION 451
If SmartWorkflow is configured to work without Sessions or Role Segregation, how does the
SmartDashboard function?

A. The SmartDashboard functions as if SmartWorkflow is not enabled but an automatic session

exists in the background and full SmartViewt racker and audit trail functionality will be available.
B. The SmartDashboard will function without SmartWorkflow, with no session and no audit trail
functionality.
C. The SmartDashboard will have no session but SmartView Tracker and audit trail will be available.
D. All functions of SmartWorkflow will be available on a per rule basis.

Answer: A

QUESTION 452
A Security Administrator opens a new session, makes changes to the policy and submits the
session for approval. The Security Manager may approve the session or request repair. If a
manager opens a new session and submits it for approval, can he approve his session as a

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Security Manager?

A. It depends on the SmartWorkflow settings in Global Properties.

B. Yes, he can always approve his own session.
C. No, he can never approve his own session.
D. It depends on the type of changes made in the session.

Answer: A

QUESTION 453
Assuming all connections that are allocated bandwidth in your Check Point QoS Rule Base are
open, what would be the corresponding bandwidth percentage of the Kazaa Rule in the following
example?

A. 5%
B. 20%
C. 8%
D. 14%

Answer: D

QUESTION 454
SmartProvisioning uses different types of profiles to manage and provision the gateways.
These types are:

A. SmartLSM Security Profiles and Provisioning Profiles

B. Provisioning Profiles and Gateways Profiles
C. SmartLSM Security Profiles and SmartDashboard Profiles
D. SmartConsole Profiles and SmartFilter Profiles

Answer: A

QUESTION 455
What is the best method for scheduling backup's on multiple firewalls?

A. WebUI

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. SmartProvisioning
C. Smart Dashboard
D. SmartUpdate

Answer: B

QUESTION 456
When two or more DLP rules are matched, the action taken is the most restrictive action.
Rank the following items from the lowest restriction level (1) to the highest (4).

1. Ask User
2. Prevent
3. Detect
4. Inform User

A. 3,4,1,2
B. 3,1,4,2
C. 4,3,1,2
D. 4,1,3,2

Answer: B

QUESTION 457
When using IPS, what does Geo protection do?

A. To block traffic from and to a specific country

B. To block traffic from and to a specific person
C. To block traffic from and to a specific company
D. To block traffic from and to a specific city

Answer: A

QUESTION 458
The Management Portal allows all of the following EXCEPT:

A. Manage firewall logs

B. Schedule policy installation
C. View administrator activity
D. View the status of Check Point products

Answer: B

QUESTION 459
Where is the ideal place to deploy your SSL VPN?

A. Deployed in DMZ
B. SSL VPN enabled on the gateway
C. In front of the external interface on the gateway
D. Anywhere

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: A

QUESTION 460
How many events are shown by default in the Event preview pane?

A. 30,000
B. 5,000
C. 1,000
D. 15,000

Answer: B

QUESTION 461
What is the significance of the depicted icon in the SmartWorkflow toolbar?

A. Submit for Approval

B. Check the consistency of SmartWorkflow sessions.
C. Overall status information: Everything is OK.
D. Session has been approved.

Answer: A

QUESTION 462
When selecting a backup target using SmartProvisioning, which target is NOT available?

A. Locally on device
B. FTP
C. SCP
D. TFTP

Answer: B

QUESTION 463
Which of the following can NOT approve a change in a SmartWorkflow session?

A. FirewallAdministrators
B. FirewallManagers
C. Provider-1Super users
D. CustomerSuper users

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 464
Which of the following files is used to allow only specific IPs or networks to access the
Management Portal?

A. hosts. Allow
B. portal.ips
C. cpportal_allowips
D. allowedips.portal

Answer: A

QUESTION 465
Which of the following can NOT be done on the Management Portal?

A. Set the Management Portal to use HTTP instead of HTTPS

B. Configure Management Portal to bypass authentication when connecting from a specific IP
address
C. Restrict hosts / networks that can access the portal
D. Run the Management Portal on a port other than the default port 4433

Answer: D

QUESTION 466
When configuring a Web Application for SSL VPN remote access, you have given the following
definition for the application along with its protection level.

Which of the following is the best match for the above application?

A. dmz.example.com/extranet
B. www.dmz.example/extranet
C. www.example.com/intranet
D. hr.dmz.example.com/intranet

Answer: C

QUESTION 467
The Management Portal Software Blade allows users to

A. View Security Policies

B. Monitor traffic flows
C. Add/Delete rules

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. Create/Modify objects

Answer: A

QUESTION 468
What command will stop all (and only) Management Portal services?

A. cpstop
B. spstop
C. sportalstop
D. smartportalstop

Answer: D

QUESTION 469
Which file can you modify to change settings of the Management Portal?
For example: changing the webserver port or to use HTTP instead of HTTPS.

A. cp_http.conf
B. cp_httpd.conf
C. cp_http_admin.conf
D. cp_httpd_admin.conf

Answer: D

QUESTION 470
Which of the following is NOT a supported browser for Management Portal?

A. Internet Explorer
B. Safari
C. Firefox
D. Mozilla

Answer: B

QUESTION 471
When a security administrator logs in to SmartDashboard and selects Continue without session
from the followingwindow,whatkind of access will be granted to him in SmartDashboard?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. He will get read-only access to the policy, network objects and session management.
B. He will get read-only access to the policy and network objects; however, he can still manage the
sessions, i.e. Approve, Request Repair etc.
C. A new session will automatically be created with a default session name along with date and time.
All changes made by the manager will be saved in this new session.
D. No access will be granted, he will be logged out of SmartDashboard.

Answer: B

QUESTION 472
When does the SmartWorkflow Policy Installation window appear?

A. When the administrator installs an approved policy

B. When the manager approves a session
C. When the administrator installs an unapproved policy
D. When the administrator submits a session for approval

Answer: C

QUESTION 473
What happens to the session information after they are approved and a policy installation is
done?

A. Session information is never deleted from the database.

B. It depends on the SmartWorkflow settings in Global Properties.
C. An option is given to retain the session information, default being deletion of session information
from the database.
D. Session information can only be deleted before a policy is installed.

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 474
Your customer wishes to install the SmartWorkflow Software Blade on a R70 Security
Management server (Secure Platform).
Which is the correct method?

A. When you install the R70.1 package on an R70 Security Management server, it will be upgraded
to version R70.1 with SmartWorkflow.
B. The SmartWorkflow works directly on the version R70.
Install the SmartWorkflow as an add-on.
The version of the Management server remains R70.
C. You must upgrade the Management Server to the version R70.1 first before you start the
installation of the SmartWorkflow Software Blade plug-in.
D. The SmartWorkflow Software Blade is included in the standard R70 version.
You need to enable it via cpconfig.

Answer: A

QUESTION 475
You have to uninstall the Check Point SmartWorkflow Software Blade on a Secure Platform
system. How can you perform this procedure?

A. To uninstall the SmartWorkflow Software Blade you can connect to the Secure Platform Web UI
( <IP of the Security Management Server>) and select: Device > Upgrade.
You will be asked if you want uninstall the SmartWorkflow Software Blade.
B. To uninstall the SmartWorkflow Software Blade you must first connect to your Security
Management System on command line level.
Then in the directory /opt/CPUninstall/Check_Point_Workflow, run the
command ./UnixInstallScript -u.
Afterwards, follow the screen instructions and change to the directory
/opt/CPUninstall/R70_HFA_10 and repeat the previous command.
C. To uninstall the SmartWorkflow Software Blade, you use SmartUpdate.
Click on the symbol of the Security Management Server, right-click, select Get Gateway Data,
select SmartWorkflow, right -click uninstall SmartWorkflow.
You will see the progress in the Opera rationStatus windows.
D. To uninstall the SmartWorkflow Software Blade, you must first connect to your Security
Management System on the command line level.
Then in the directory /opt/CPuninstall/Check_Point_Workflow, run the
command ./UnixInstallScript -u.

Answer: B

QUESTION 476
You start the configuration of SmartWorkflow. SmartWorkflow is enabled, but you are not able to
select Open New Session because it is greyed out.
What must be done to open a new session? Choose the BEST answer.

A. Sessions in the Manage menu of SmartDashboard must be selected and enabled.

B. The use of sessions must be enabled by the CLI command: SWF_session start.
C. A rule which allows the SmartWorkflow traffic must be placed on the top of the Rule Base.
D. The Work with sessions in Global Properties must be set.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 477
David is the MultiCorp Security Manager and approves the proposals submitted by the Security
Administrator Peter. One day, David believes he has detected a vulnerability in the Security
Policy. He submits a change proposal and tries to approve his own submission.
The system does not allow him to perform this procedure.

What is the reason for this behavior?

A. The company does not allow David to submit and also approve the same policy change.
David was assigned the Approve only permission (instead of Submit and Approve).
B. The company does not allow David to submit and approve the same policy change.
The setting Manager cannot approve their submitted sessions in Global Properties was set to On.
C. The company does not allow David to submit and approve the same policy change.
The setting Manager cannot approve their submitted sessions in the SmartWorkflow section of
the Firewall object properties was set to On.
D. The proposal contains some logical contradictions.
The Check Point verification control does not permit this change to be carried out.

Answer: B

QUESTION 478
Your customer asks you about Check Point SmartWorkflow. His company must comply with
various laws and regulations and therefore it is important for him to be able to see the changes
made to a specific object.
How can the customer receive the required information?

A. The customer can check compliance.

This function compares the logs with the compliance requirements and automatically reports
which part of the selected compliance is fulfilled and which is not.
B. The customer can use the Check Point's SmartViewTracker to view the required information.
He selects the log category Changed Objects.
C. The customer can use the Record Details.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 This feature enables administrators to track changes that have been made to objects over an
extended period of time.
These changes are recorded in SmartView Tracker as audit logs.
D. The customer can use the Check Point's SmartView Tracker directly to receive the required
information.
He selects the log category SmartWorkflow.

Answer: C

QUESTION 479
Your customer wishes to use SmartWorkflow Software Blade, but he also wishes to install a
policy during an emergency without an approval. Is it possible?

A. Yes, it is possible but the administrator must receive special administrator permission, i.e., Can
install in emergency.
You can use the new GUI to set the administration security setting.
B. Yes, it is possible, but this feature must be configured in the Global Properties.
The administrator must provide a special password and the reason for this emergency
installation.
C. Yes, it is possible, but this feature must be configured in Global Properties and the administrator
must provide a special password.
D. No, if a customer uses the SmartWorkflow Software Blade, a policy must be approved.

Answer: B

QUESTION 480
Your customer wishes to install SmartWorkflowon top of R70 Security Management Server
(Windows system). What is the required disk space?

A. 1256 MB
B. 1 GB
C. 512 MB
D. 880 MB

Answer: D

QUESTION 481
In SmartWorkflow, what is NOT a valid possibility?

A. Task Flow without Session and without Role Segregation

B. Task Flow without Session but with Role Segregation
C. Task Flow with Session but without Role Segregation
D. Task Flow with Session and with Role Segregation

Answer: B

QUESTION 482
What is a possible reason for the grayed out Restore Version button in the screenshot of the
Database Revision Control while trying to restore Old Structure?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Old Structurewas not approved in SmartWorkflow.
B. No SmartWorkflow session is started.
C. With SmartWorkflow active, only SmartWorkflow revisions could be restored.
D. Self-created versions cannot be restored if there are newer versions created in SmartWorkflow.

Answer: B

QUESTION 483
After repairing a SmartWorkflow session:

A. The session moves to status Repaired and a new session can be started.
B. The session moves to status Awaiting Repair and must be resubmitted.
C. The session is continued with status Not approved and a new session must be started.
D. The session is discarded and a new session is automatically started.

Answer: A

QUESTION 484
Which changes are tracked by SmartWorkflow?

A. SmartDashboard, SmartView Tracker and SmartView Monitor logins and logouts

B. Security Policies and the Rule Base, Network Objects, Network Services, VPN Communities.
C. Users, Administrators, Groups and VPN Communities
D. Security Policies and the Rule Base, Network Objects, Network Services, Resources, Users,
Administrators, Groups, VPN Communities and Servers and OPSEC Applications.

Answer: D

QUESTION 485
How is the SmartWorkflow Session Information Pane enabled?

A. In SmartViewTracker, click onSmartWorkflow> Show Session Information Pane

B. In SmartDashboard, click on View > SmartWorkflow > Show Session Information Pane
C. In SmartDashboard, click on SmartWorkflow> Show Session Information Pane
D. In cpconfig, choose Enable Session Information Pane from the menu

Answer: C

QUESTION 486
How is Smart Workflow disabled?

A. In cpconfig, choose Disable SmartWorkflow from the menu

B. In SmartViewTracker, click on SmartWorkflow> Disable SmartWorkflow
C. In Smart Dashboard, click on View > SmartWorkflow > Disable SmartWorkflow
D. Open SmartWorkflow as admin. Create new session and name it Disable SmartWorkflow.
In SmartDashboard click SmartWorkflow > Disable SmartWorkflow, click OK in the warning box,
click Save and Continue

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 487
When using SmartWorkflow, how many sessions can be in progress at the same time?

A. 2
B. As many as you want
C. 1
D. 3

Answer: C

QUESTION 488
In the following command,

LSMcli [-d] <server><user><pswd><action> "server"

should be replaced with:

A. Hostname of ROBO gateway

B. Hostname DAIP device
C. IP address of the Security Management server
D. GUIclient

Answer: C

QUESTION 489
Susan needs to change the DNS settings on her Secure Platform Gateway.
Using the output below,

Which Gateway could she edit directly from the Devices view using Edit Gateway, then selecting
the DNS tab?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Seoul-Edge
B. Prague-GW
C. Berlin-GW
D. Paris-GW

Answer: D

QUESTION 490
The London office just upgraded their DNS servers so their Gateway needs to be updated with
the new settings. What would be the BEST way for Henry to change the DNS settings for
London's Gateway?

A. Edit the Canada Profile

B. Edit the Gateway's DNS settings from the Edit Gateway, then selecting the DNS tab
C. DNS settings for that Gateway cannot be changed
D. Edit the Europe Profile

Answer: D

QUESTION 491
While using the SmartProvisioning Wizard to create a new profile, you cannot continue because
there are no devices to select. What is a possible reason for this?

i) All devices already have a profile assigned to them

ii) Provisioning Blade is not enabled on the devices
iii) No UTM- 1/Power- 1/Secure Platform devices are defined in Smart
Dashboard
iv) SIC is not established on the devices.

A. (ii), (iii) or (iv)

B. (ii) only
C. (iii) or (iv)
D. (i) or (iii)

Answer: D

QUESTION 492
You logged in to your firewall and discovered that the scheduled backup has been modified.
Which of the below options is NOT a reason for the change?

A. Another administrator pushed a SmartProvisioning profile to the firewall

B. Another administrator issued a new backup command through the command line
C. Another administrator logged in to the WebUI and changed the setting without your knowledge
D. Another administrator updated the Backup Schedule using SmartUpdate

Answer: D

QUESTION 493

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Your company is planning on moving their server farm to a new datacenter which requires IP
changes to important network services including DNS, DHCP, and TFTP. Rather than manually
logging in to all your firewalls and modifying the settings individually, you decide to purchase and
enable SmartProvisioning. Assuming all your firewalls are on SPLAT, what is the minimum
version required to update the firewalls' DNS and backup settings via SmartProvisioning?

A. R62
B. R60 HFA 02
C. R65 HFA 40
D. R71

Answer: C

QUESTION 494
Which of the following software blades can be used to provide centralized backup management?

A. SmartDashboard
B. Smart Provisioning
C. Smart Gateway
D. Smart Backup

Answer: B

QUESTION 495
The Smart Provisioning management concept is based on:

A. Zones
B. Groups
C. Regions
D. Profiles

Answer: D

QUESTION 496
Where do Gateways managed by SmartProvisioning fetch their assigned profiles?

A. The SmartView Monitor

B. The standalone SmartProvisioning server
C. The Security Management server or CMA
D. They are fetched locally from the individual device

Answer: C

QUESTION 497
Smart Provisioning is an integral part of the Security Management or Provider-1 CMA.
To enable Smart Provisioning on the Security Management server:

A. Obtain a Smart Provisioning license, add the License to the Security Management server or CMA,
turn on Smart Provisioning on each Gateway to be controlled.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. Obtain a Smart Provisioning license, add the License to the Security Management server or CMA,
disable SecureXL.
C. Obtain a Smart Provisioning license, add the License to the Security Management server or CMA.
D. Obtain a Smart Provisioning license, add the License to the Security Management server or CMA,
select the box under Policy for Smart Provisioning.

Answer: C

QUESTION 498
What are the Smart Provisioning Policy Status indicators?

A. OK, Down, Up, Synchronized

B. OK, Waiting, Out of Sync, Not Installed, Not communicating
C. OK, Unknown, Not Installed, May be out of date
D. OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date

Answer: D

QUESTION 499
When Converting Gateways to Smart LSM Security Gateways, you can:

A. do nothing, the conversion is automatic.

B. delete the device and re-install it in Smart Provisioning.
C. reset SIC and re-establish communication with the new Smart Provisioning.
D. convert a Security Gateway or UTM-1 Edge Gateway managed with Smart Dashboardto a Smart
LSM Security Gateway managed with Smart Provisioning.

Answer: D

QUESTION 500
Domain name can NOT be changed in Smart Provisioning and Domain Name is grayed out.
What is a possible reason for this?

A. There is no Smart Provisioning license installed.

B. Profile is not assigned to any Gateway.
C. Override profile setting on device level is set to Mandatory.
D. Domain name settings are always fetched from firewall object.

Answer: C

QUESTION 501
Which of the following is a supported deployment for Connectra?

A. IPSO 4.9 build 88

B. VMWare ESX
C. Solaris 10
D. Windows server 2007

Answer: B

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 502
To force clients to use Integrity Secure Workspace when accessing sensitive applications, the
Administrator can configure Connectra:

A. Via protection levels

B. To implement Integrity Clientless Security
C. To force the user to re-authenticate at login
D. Without a special setting. Secure Workspace is automatically configured.

Answer: A

QUESTION 503
Which of the following statements about SSL VPN is TRUE?

A. Traffic is not encrypted in a LAN deployment, where clear text requests are forwarded to internal
servers.
B. All traffic is always encrypted.
C. Traffic is encrypted, when it is initiated from a LAN.
D. Administration traffic is not encrypted.

Answer: A

QUESTION 504
SSL termination takes place:

A. In a LAN deployment on a Security Gateway

B. In a DMZ and LAN deployment scenario on a Security Gateway
C. In a DMZ and LAN deployment scenario on a Connecter Gateway
D. In a DMZ deployment on aConnecterGateway

Answer: B

QUESTION 505
Which port is typically used by SSL Network Extender, if the Connecter Portal will also be used
on the same IP address?

A. SSL (TCP/900)
B. SSL (TCP/443)
C. SSL (TCP/444)
D. SSL (TCP/80)

Answer: C

QUESTION 506
For an initial installation of Connecter, which of the following statements is TRUE?

A. You must configure the Connecter username and password before running the First Time Wizard.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. It is possible to run the First Time Wizard from Expert Mode on theConnecterserver.
C. It is not possible to use the sysconfig and cpconfig utilities, until the First Time Wizard in the
Administration Web GUI is successfully completed.
D. It is not necessary to set up the Rule Base before completing Connector'sinstallation.

Answer: C

QUESTION 507
Why would an old Connecter Gateway IP be displayed to remote SSL Network Extender users,
after changing it to a different IP? You must:

A. Restart service CPwebis

B. Update Connector's certificate to reflect the newly assigned IP address
C. Make the change using sysconfig instead of the admin portal
D. Install a new license corresponding to the newly configured IP

Answer: B

QUESTION 508
To configure a client to properly log in to the user portal using a certificate, the Administrator
MUST:

A. Create an internal user in the admin portal.

B. Install an R71 internal Certificate Authority certificate.
C. Create a client certificate from Smart Dashboard.
D. Store the client certificate on the SSL VPN Gateway.

Answer: A

QUESTION 509
Can end users be forced to authenticate by using client certificates and username/password
credentials?

A. Yes, but by manually changing the parameter: Is Password Warning to true in the
$FWDIR/conf/objects_5_0.C file, to allow for LDAP password remediation;
and through the use of multiple-challenge login pages.
B. No, R71 only supports authentication by client certificates.
C. Yes, by editing the protection-level settings.
D. SSL VPN only supports server certificates.

Answer: C

QUESTION 510
A user attempts to initialize a network application using SSL Network Extender.
The application fails to start. What is the MOST LIKELY solution?

A. Select the option Auto-detect client capabilities.

B. Select the option Enable SSL Network Extender Application Mode only.
C. Select the option Turn off all SSL tunneling clients.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. Select the option Enable SSL Network Extender Network Mode only.

Answer: B

QUESTION 511
To configure a Security Management Server for an SSL VPN Gateway, you can set up log
forwarding from that Gateway. All of the following tasks must be performed to accomplish this,
EXCEPT:

A. Defining a remote log server in the "Remote Log Server" box.

B. Establishing SIC between the Security Management Server and the SSL VPN Gateway.
C. Initiating the put key process in order to facilitate Secure Internal Communications (SIC).
D. Providing the Security Management Server's IP address.

Answer: A

QUESTION 512
Among the authentication schemes SSL VPN employs for users, which scheme does Check
Point recommend so all servers are replicated?

A. User certificates
B. LDAP
C. Username and password
D. RADIUS

Answer: D

QUESTION 513
You have configured an LDAP account unit and confirmed the Apply & Fetch Branches option
works in SSL VPN, but end users still cannot be authenticated.
What is the MOST LIKELY cause?

A. The Administrator's login is incorrect.

B. The LDAP server is incorrectly configured.
C. The user is not defined in Active Directory.
D. The LDAP account unit's login Distinguished Name is incorrectly configured.

Answer: D

QUESTION 514
You are a SSL VPN administrator. Your users complain that their Outlook Web Access is running
extremely slowly, and their overall browsing experience continues to worsen.
You suspect it could be a logging problem.
Which of the following logs does Check Point recommend you turn off?

A. Alert
B. Event
C. Trace
D. Traffic

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: C

QUESTION 515
When connecting to the SSL VPN portal, you receive a pop-up message indicating that the server
hostname does not match the certificate hostname, and the certificate is not signed by a known
Certificate Authority (CA). How would you solve this problem?

A. Acquire and install an SSL server certificate from a known CA.

B. Ignore the message. It only occurs before the portal synchronizes with the GUI.
C. Resolve the certificate-hostname conflict between the Connectra portal and the administration
GUI.
D. The administration GUI is pointing to the wrong certificate-hostname location.

Answer: A

QUESTION 516
You are usingtrace loggerto debug SSL VPN's server side and obtain a textual traffic dump.
Which type of traffic will you NOT see in the output?

A. Traffic outbound from the internal networks

B. Traffic to the portal
C. Traffic outbound to the external networks
D. Traffic inbound from the external networks

Answer: B

QUESTION 517
You are a SSL VPN Administrator. Your users complain that their Outlook Web Access is running
extremely slowly, and their overall browsing experience continues to worsen.
You suspect it could be a logging problem.
Which of the following log files does Check Point recommend you purge?

A. httpd*.log
B. event_ws.log
C. mod_ws_owd.log
D. alert_owd.log

Answer: A

QUESTION 518
Network applications accessed using SSL Network Extender have been found to fail after one of
their TCP connections has been left idle for more than one hour.
You determine that you must enable sending reset (RST) packets upon TCP time-out expiration.
Where is it necessary to change the setting?

A. $FWDIR/conf/objects_5_0.C
B. $FWDIR/conf/objects.C
C. $WEBISDIR/conf/cpadmin.elg

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. $CVPNDIR/conf/cvpnd.C

Answer: A

QUESTION 519
Even after configuring central logging onConnecter,Connecterlogs are not displaying in Smart
View Tracker. What could be the cause of this problem?

A. You must reestablish logging fromConnecterto the Management Server, using a dummy log-
server object.
B. R70 does not support a host object with the same IP address as a Management Server used as
secondary log server or management station.
C. You must install the Management Server database.
D. You must install the Security Policy, and try again.

Answer: C

QUESTION 520
Which procedure enables the SSL VPN blade on the gateway?

A. Log into Smart Dashboard, Create a new rule with the source and destination addresses of the
needed remote network, set the action to Encrypt and push the policy to that gateway.
B. Log into Smart Dashboard, edit the properties of the Gateway, and select the SSL VPN check
box.
C. Log into Smart Dashboard, Select the VPN Communities tab and add the gateway to the
appropriate community.
D. Log into Web UI on the gateway and check the SSL VPN Blade check box.

Answer: B

QUESTION 521
Which internal user authentication protocols are supported in SSL VPN?

A. Check Point Password, SecurID, LDAP, RADIUS, TACACS

B. Check Point Password, SecurID, L2TP, RADIUS, TACACS
C. Check Point Password, SecurID, Active Directory, RADIUS, TACACS
D. Point Password, SecurID, OS Password, RADIUS, TACACS

Answer: D

QUESTION 522
Which Remote Desktop protocols are supported natively in SSL VPN?

A. Microsoft RDP only

B. AT&T VNC and Microsoft RDP
C. Citrix ICA and Microsoft RDP
D. AT&T VNC, Citrix ICA and Microsoft RDP

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 523
Your customer asks you about the Performance Pack.
You explain to him that a Performance Pack is a software acceleration product which improves
the performance of the Security Gateway.
There are two ways to enable or disable this acceleration.
The first one is to use the command cpconfig (see the Figure 1).
The second one is to use the command fwaccel on off (see the Figure 2).
What is the difference between those two commands?

A. The command cpconfig works on the Security Platform only.

The command fwaccel can be used on all platforms.
B. The fwaccel command determines the default setting.
The command cpconfig can dynamically change the setting, but after the reboot it reverts to the
default setting.
C. Both commands have the same function.
D. The cpconfig command enables acceleration.
The command fwaccel can dynamically change the setting, but after the reboot it reverts to the
default setting.

Answer: D

QUESTION 524
Which command can be used to verify SecureXL statistics?

A. fwaccel top
B. fwaccel stats
C. fw ctl pstat
D. cphaprob stat

Answer: B

QUESTION 525
In ClusterXL, which of the following are defined by default as a critical device?

A. PROT_SRV.EXE
B. Filter
C. fw.d
D. protect.exe

Answer: B

QUESTION 526
You are trying to configure Directional VPN Rule Match in the Rule Base.
But the Match column does not have the option to see the Directional Match.
You see the following window.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
What must you enable to see the Directional Match?

A. VPN Directional Match on the Gateway object's VPN tab

B. Advanced Routing on each Security Gateway
C. VPN Directional Match on the VPN advanced window, in Global Properties
D. directional_match(true) in the objects_5_0.C file on Security Management Server

Answer: C

QUESTION 527
Which of these four Check Point QoS technologies prevents the transmission of redundant
packets when multiple copies of a packet are concurrently queued on the same flow?

A. Weighted Flow Random Early Drop (WFRED)

B. Intelligent Queuing Engine
C. Retransmission Detection Early Drop (RDED)
D. Stateful Inspection

Answer: C

QUESTION 528
Using the output below,why is the QoS rule not limiting the internal users to 2000 Bps of GNU
tella traffic?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Rule Guarantee needs to be changed to Rule Limit
B. Rule Weight needs to be changed to 10
C. The Source and Destination columns need to be reversed
D. Encrypted traffic needs to be added to the Action field

Answer: A

QUESTION 529
Which technology would describe RDED for Qos?

A. A mechanism for reducing the number of retransmits and retransmit storms.

B. A mechanism for managing packet buffers.
C. A mechanism to accurately classify traffic and place it in the proper transmission queue.
D. A mechanism to derive complete state and context information for all network traffic.

Answer: A

QUESTION 530
Please review the following QoS policy:

Assume you have 200 Kbps bandwidth available at all times.

Which statement would describe this policy?

A. The un-named rule has a total Guarantee of 5 Kbps, which should be 50 and lower the other
Guarantees.
B. Guarantee values are set too high, you have no bandwidth available for anything else besides
traffic describe in first rules.
C. All traffic matching the default rule will have priority
D. All traffic will receive sufficient bandwidth because the default rule has a low weight value.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: B

QUESTION 531
How do you block some seldom-used FTP commands, such as CWD, and FIND from passing
through the Gateway?

A. Add the restricted commands to the aftpd.conf file in the Security Management Server.
B. Modify the desired profile in the FTP commands under Protection Details in the IPS tab.
C. Configure the restricted FTP commands in the Security Servers screen of the Global Properties.
D. Enable FTP Bounce checking / Application Intelligence / Protocol Protections from the IPS tab.

Answer: B

QUESTION 532
Using IPS, how do you notify the Security Administrator that malware is scanning specific ports?
By enabling:

A. Malware Scan protection

B. Sweep Scan protection
C. Host Port Scan
D. Malicious Code Protector

Answer: B

QUESTION 533
What is the meaning of the option Connect to the Internet?

A. SmartDashboard will retrieve information from Check Point over the Internet.
No information will be sent.
B. SmartDashboard will retrieve information from Check Point over the Internet.
Your information will be sent anonymously to Check Point.
C. SmartDashboard will retrieve information from Check Point over the Internet using your User
Center login.
D. SmartDashboard will retrieve information from Check Point over the Internet.

Answer: C

QUESTION 534
Refer to the network topology below.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
You have IPS Software Blades active on the Security Gateways sglondon, sgla, and sgny, but
still experience attacks on the Web server in the New York DMZ. How is this possible?

A. All of these options are possible.

B. The attacker may have used a bunch of evasion techniques like using escape sequences instead
of cleartext commands.
It is also possible that there are entry points not shown in the network layout, like rogue access
points.
C. Since other Gateways do not have IPS activated, attacks may originate from their networks
without anyone noticing.
D. An IPS may combine different detection technologies, but is dependent on regular signature
updates and well-tuned anomaly algorithms.
Even if this is accomplished, no technology can offer 100% protection.

Answer: A

QUESTION 535
Your online bookstore has customers connecting to a variety of Web servers to place or change
orders and check order status. You ran penetration tests through the Security Gateway to
determine if the Web servers were protected from a recent series of cross-site scripting attacks.
The penetration testing indicated the Web servers were still vulnerable.
You have checked every box in the Web Intelligence tab, and installed the Security Policy.
What else might you do to reduce the vulnerability?

A. Configure the Security Gateway protecting the Web servers as a Web server.
B. Check the Products / Web Server box on the host node objects representing your Web servers.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. Add Port (TCP 443) as an additional port on the Web Server tab for the host node.
D. The penetration software you are using is malfunctioning and is reporting a false- positive.

Answer: B

QUESTION 536
The TotallyCoolSecurity Company has a large security staff. Bob configured a new IPS
Chicago_Profile for fw-chicago using Detect mode. After reviewing logs, Matt noticed that fw-
Chicago is not detecting any of the IPS protections that Bob had previously setup.
Analyze the output below and determine how Matt can correct the problem.

A. Matt should assign the fw-chicago Security Gateway to the Chicago_Profile.

B. Matt should change the Chicago_Profile to use Protect mode because Detect mode will not work.
C. Matt should re-create the Chicago_Profile and select Activate protections manually instead of per
the IPS Policy.
D. Matt should activate the Chicago_Profile as it is currently not activated.

Answer: A

QUESTION 537
Using the output below,what does the red flag indicate for the MS08-067 Protection?

A. It indicates this is for follow up

B. It indicates this protection is for a new 0-day vulnerability
C. It indicates this protection's severity level was modified from the default setting by the
administrator
D. It indicates this protection is a critical

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 538
If Victor wanted to edit new Signature Protections, what tab would he need to access in
SmartDashboard?

A. QoS Tab
B. SmartDefense Tab
C. IPSec VPN Tab
D. IPS Tab

Answer: D

QUESTION 539
In R71, how would you define a rule to block all traffic sent to or from Germany?

A. This action is not possible.

B. Create a policy rule with destination being a custom dynamic object representing Germany and
action block.
You must also create a rule in the opposite direction.
C. Create a country specific policy within IPS Geo Protections with Germany as the country, block as
the action, and from and to country for direction.
D. Go to Policy / Global Properties / Geographical Protection Enforcement and add Germany to the
blocked countries list.

Answer: C

QUESTION 540
In a particular IPS protection in R76 in the Logging Settings, what does the Capture Packets
option do?

A. This is not a valid selection in R76

B. Attaches a packet capture of the traffic that matches this particular protection to each log that the
protection generates.
C. Starts a packet capture at the time of policy install to capture all of the traffic until this protection is
hit.
D. Collects all of the logs for packets that have matched this protection within the last 30 days

Answer: B

QUESTION 541
When deploying a dedicated DLP Gateway behind a perimeter firewall on an interface leading to
the internal network (there is only one internal network):

A. The DLP Gateway can inspect SMTP traffic if a MS Exchange server is located on the internal
network, and it either sends e-mails directly to the Internet using SMTP or sends e-mails to the
Internet in SMTP via a mail relay that is located on the perimeter's firewall DMZ network.
B. The DLP Gateway can inspect internal e-mails (e-mails between two users on the internal
network) if the organization's internal mail server is located in the internal network and users are
configured to send e-mails to this mail server using SMTP.
C. User's HTTPS and FTP traffic can be inspected by the R71 DLP Gateway.
D. The DLP Gateway can inspect e-mails (e-mails between two users on an internal or external

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 network) if the organization's internal mail server is located on another network (not the internal
network; for instance the DMZ or a different internal network) and users are configured to send e-
mails to this mail server using SMTP.

Answer: A

QUESTION 542
For proper system operation, the Administrator has to configure the DLP Portal and define its
DNS name for which of the following conditions?

A. If the DLP Policy is applied to HTTP traffic.

B. If there are one or more Inform Rules.
C. If there are one or more Ask User rules.
D. If the action of all rules is Detect and no Data Owners are configured.

Answer: C

QUESTION 543
In R76, My Organization e-mail addresses or domains are used for:

A. Scanning e-mails only if its sender e-mail address is part of this definition, by default.
B. Defining the e-mail address of the SMTP relay server.
C. FTP traffic sent from a user where his e-mail is part of this definition scanned by DLP, by default.
D. HTTP traffic sent from a user where his e-mail is part of this definition scanned by DLP, by
default.

Answer: A

QUESTION 544
Which of the following is NOT TRUE regarding HTTPS traffic being passed through a DLP
gateway?

A. You must edit the $FWDIR/conf/fwauthd.conf file in order for HTTPS traffic to be passed to your
Web Proxy through a DLP gateway.
B. HTTPS traffic is not scanned by DLP
C. Only one proxy can be configured for DLP
D. You must configure the DLP gateway to allow HTTP/HTTPS traffic through the proxy if you have
a web proxy between the DLP gateway and the internet.

Answer: A

QUESTION 545
In Company XYZ, the DLP Administrator defined a new template Data Type that is based on an
empty PDF form for an insurance claim.
Which of the following statements about this new data type are CORRECT?

A. Only completed insurance claim forms of PDF file-type that were based on the empty PDF form
will be matched by this Data Type.
B. If the empty PDF insurance claim form is sent, it will NOT be matched by this Data Type.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. Word, Excel, PDF filled in insurance claim forms that were based on the empty PDF insurance
claim form will be matched by this Data Type.
D. The Data Type will match only files where the name and file size is similar to that of the original
insurance claim forms in PDF format.

Answer: C

QUESTION 546
Which DLP action would describe the following action:

The data transmission event is logged in SmartView Tracker.

Administrators with permission can view the data that was sent. The traffic is passed.

A. Detect
B. Ask User
C. Inform User
D. Prevent

Answer: A

QUESTION 547
All of the following are used by the DLP engine to match a message during a scan, EXCEPT:

A. Message Body
B. Protocol
C. Data Type
D. Destination

Answer: A

QUESTION 548
Which of the following components contains the Events Data Base?

A. SmartEvent Data Server

B. SmartEvent Server
C. SmartEvent Correlation Unit
D. SmartEvent Client

Answer: B

QUESTION 549
What is a task of the SmartEvent Server?

A. Assign a severity level to an event.

B. Display the received events.
C. Analyze each IPS log entry as it enters the Log server.
D. Forward what is known as an event to the SmartEvent Server.

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 550
What is a task of the SmartEvent Client?

A. Add events to the events database.

B. Display the received events.
C. Assign a severity level to an event.
D. Analyze each IPS log entry as it enters the Log server.

Answer: B

QUESTION 551
Which of the following functions CANNOT be performed in Client Infoon computer information
collected?

A. Copy the contents of the selected cells.

B. Save the information in the active tab to an .exe file.
C. Enter new credential for accessing the computer information.
D. Run Google.com search using the contents of the selected cell.

Answer: B

QUESTION 552
What is the SmartEvent Analyzer's function?

A. Analyze log entries, looking for Event Policy patterns.

B. Generate a threat analysis report from the Analyzer database.
C. Display received threats and tune the Events Policy.
D. Assign severity levels to events.

Answer: D

QUESTION 553
How many pre-defined exclusions are included by default in SmartEvent R71 as part of the
product installation?

A. 3
B. 0
C. 10
D. 5

Answer: A

QUESTION 554
What is the purpose of the pre-defined exclusions included with SmartEvent R71?

A. To give samples of how to write your own exclusion.

B. To avoid incorrect event generation by the default IPS event definition; a scenario that may occur

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 in deployments that include Security Gateways of versions prior to R71.
C. To allow SmartEvent R71 to function properly with all other R71 release devices.
D. As a base for starting and building exclusions.

Answer: B

QUESTION 555
You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event
when 30 port scans have occurred within 60 seconds. You also want to detect two port scans
from a host within 10 seconds of each other. How would you accomplish this?

A. Select the two port-scan detections as a sub-event.

B. Define the two port-scan detections as an exception.
C. You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.
D. Select the two port-scan detections as a new event.

Answer: B

QUESTION 556
What is the benefit to running SmartEvent in Learning Mode?

A. To run SmartEvent, with a step-by-step online configuration guide for training/setup purposes
B. There is no SmartEvent Learning Mode
C. To run SmartEvent with preloaded sample data in a test environment
D. To generate a report with system Event Policy modification suggestions

Answer: D

QUESTION 557
To backup all events stored in the SmartEvent Server, you should back up the contents of which
folder(s)?

A. $RTDIR/distrib_db and $FWDIR/events

B. $RTDIR/events_db
C. $RTDIR/distrib and $FWDIR/events_db
D. $RTDIR/distrib

Answer: C

QUESTION 558
Which of the following generates a SmartEvent Report from its SQL database?

A. Security Management Server

B. SmartEvent Client
C. SmartReporter
D. SmartDashboard Log Consolidator

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 559
Which of the following statements about the Port Scanning feature of IPS is TRUE?

A. The default scan detection is when more than 500 open inactive ports are open for a period of
120 seconds.
B. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
C. Port Scanning does not block scanning; it detects port scans with one of three levels of detection
sensitivity.
D. When a port scan is detected, only a log is issued, never an alert.

Answer: C

QUESTION 560
Your primary SmartCenter Server is installed on aSecure PlatformPro machine, which is also a
VPN-1 Pro Gateway. You want to implement Management High Availability (HA). You have a
spare machine to configure as the secondary SmartCenter Server. How do you configure the new
machine to be the standby SmartCenter Server, without making any changes to the existing
primary SmartCenter Server? (Changes can include uninstalling and reinstalling.)

A. You cannot configure Management HA, when either the primary or secondary SmartCenter
Server is running on a VPN-1 Pro Gateway.
B. The new machine cannot be installed as the Internal Certificate Authority on its own.
C. The secondary Server cannot be installed on a SecurePlatform Pro machine alone.
D. Install the secondary Server on the spare machine.
Add the new machine to the same network as the primary Server.

Answer: A

QUESTION 561
In a Management High Availability (HA) configuration, you can configure synchronization to occur
automatically, when:

1. The Security Policy is installed.

2. The Security Policy is saved.
3. The Security Administrator logs in to the secondary SmartCenter
Server, and changes its status to active.
4. A scheduled event occurs.
5. The user database is installed.

Select the BEST response for the synchronization sequence. Choose one.

A. 1, 2, 3
B. 1, 2, 3, 4
C. 1, 3, 4
D. 1, 2, 5
E. 1, 2, 4

Answer: E

QUESTION 562

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
You plan to incorporate OPSEC servers, such asWeb senseand Trend Micro, to do content
filtering. Which segment is the BEST location for these OPSEC servers, when you consider
Security Server performance and data security?

A. On the Security Gateway

B. Internal network, where users are located
C. On the Internet
D. DMZ network, where application servers are located
E. Dedicated segment of the network

Answer: E

QUESTION 563
You plan to migrate a VPN-1 NG with Application Intelligence (Al) R55 SmartCenter Server to
VPN-1 NGX. You also plan to upgrade four VPN-1 Pro Gateways at remote offices, and one local
VPN-1 Pro Gateway at your company's headquarters. The SmartCenter Server configuration
must be migrated. What is the correct procedure to migrate the configuration?

A. Upgrade theSmart CenterServer and the five remote Gateways via Smart Update, at the same
time.
B. 1. Copy the $FWDIR\conf directory from the SmartCenter Server.
2. Save directory contents to another directory.
3. Uninstall the SmartCenter Server, and install a new SmartCenter Server.
4. Move directory contents to $FWDIR\conf.
5. Reinstall all gateways using NGX and install a policy.
C. 1. From the VPN-1 NGX CD in the SmartCenter Server, select "advance upgrade".
2. After importing the SmartCenter configuration into the new NGX SmartCenter, reboot.
3. Upgrade all licenses and software on all five remote Gateways via SmartUpdate.
D. 1. Upgrade the five remote Gateways via SmartUpdate.
2. Upgrade the SmartCenter Server, using the VPN-1 NGX CD.
E. 1. Upgrade the SmartCenter Server, using the VPN-1 NGX CD.
2. Reinstall and update the licenses of the five remote Gateways.

Answer: C

QUESTION 564
What is a requirement for setting up R76 Management High Availability?

A. State synchronization must be enabled on the secondary Security Management Server.

B. All Security Management Servers must have the same number of NICs.
C. All Security Management Servers must reside in the same LAN.
D. All Security Management Servers must have the same operating system.

Answer: D

QUESTION 565
You want to upgrade a cluster with two members to R76. The Security Management Server and
both members are version NGX R65, with the latest Hotfix Accumulator. What is the correct
upgrade procedure?

1. Change the version in the General Properties of the Gateway-cluster

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
object.
2. Upgrade the Security Management Server, and reboot.
3. Run cpstop on one member, while leaving the other member running.
Upgrade one member at a time and reboot after upgrade.
4. Reinstall the Security Policy.

A. 3,2,1,4
B. 2,4,3,1
C. 1,3,2,4
D. 2,3,1,4

Answer: D

QUESTION 566
MultiCorp is located in Atlanta. It has a branch office in Europe, Asia, and Africa.
Each location has its own AD controller for local user login.
How many AD queries have to be configured?

A. 3
B. 1
C. 4
D. 2

Answer: C

QUESTION 567
Can you implement a complete IPv6 deployment without IPv4 addresses?

A. No. IPv4 addresses are required for management.

B. No. Smart Center cannot be accessed from everywhere on the Internet.
C. Yes, There is no requirement for managing IPv4 addresses.
D. Yes. Only one TCP stack (IPv6 or IPv4) can be used at the same time.

Answer: C

QUESTION 568
The process_________executes the authentication for Remote Access clients.

A. fwm
B. vpnd
C. cvpnd
D. cpd

Answer: B

QUESTION 569
Use the table to match the BEST Management High Availability synchronication-status
descriptions for your Security Management Server (SMS).

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. A-3, B-1.C-4, D-2
B. A-3, B-1.C-5, D-4
C. A-5, B-3, C-1.D-2
D. A-3, B-1.C-5, D-4

Answer: B

QUESTION 570
To run Gaia in 64bit mode, which of the following is true?

1) Run set edition default 64-bit.

2) Install more than 4 GB RAM.
3) Install more than 4 TB of Hard Disk.

A. 1 and 3
B. 2 and 3
C. 1, 2, and 3
D. 1 and 2

Answer: D

QUESTION 571
Which three of the following components are required to ge a SmartEvent up and running?

1) SmartEvent SIC
2) SmartEvent Correlation Unit
3) SmartEvent Server
4) SmartEvent Analyzer
5) SmartEvent Client

A. 2, 3, and 5
B. 3, 4, and 5
C. 1, 2, and 3
D. 1, 2, and 4

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 572
Which of the following statements accurately describes the migrate command?

A. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be
included or excluded before exporting.
B. upgrade_export stores network-configuration data, objects, global properties, and the database
revisions prior to upgrading the Security Management Server.
C. Used primarily when upgrading the Security Management Server, migrate stores all object
databases and the conf directories for importing to a newer version of the Security Gateway
D. Used when upgrading the Security Gateway, upgrade_export includes modified files, such as in
the directories /lib and /conf.

Answer: C

QUESTION 573
Which three of the following are ClusterXL member requirements?

1) same operating systems

2) same Check Point version
3) same appliance model
4) same policy

A. 1, 2, and 4
B. 1, 2, and 3
C. 1, 3, and 4
D. 2, 3, and 4

Answer: A

QUESTION 574
When using a template to define a user in SmartDirectory, the user's password should be defined
in the______________ object.

A. Template
B. VPN Community
C. User
D. LDAP

Answer: C

QUESTION 575
You find that Gateway fw2 can NOT be added to the cluster object.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
What are possible reasons for that?

A. 2 or 3
B. 1 or 2
C. 1 or 3
D. All

Answer: C

QUESTION 576
MultiCorp is running Smartcenter R71 on an IPSO platform and wants to upgrade to a new
Appliance with R77. Which migration tool is recommended?

A. Download Migration Tool R77 for IPSO and Splat/Linux from Check Point website.
B. Use already installed Migration Tool.
C. Use Migration Tool from CD/ISO
D. Fetch Migration Tool R71 for IPSO and Migration Tool R77 for Splat/Linux from CheckPoint
website

Answer: A

QUESTION 577
MegaCorp is running Smartcenter R70, some Gateways at R65 and some other Gateways with
R60. Management wants to upgrade to the most comprehensive IPv6 support.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
What should the administrator do first?

A. Upgrade Smartcenter to R77 first.

B. Upgrade R60-Gateways to R65.
C. Upgrade every unit directly to R77.
D. Check the ReleaseNotes to verify that every step is supported.

Answer: D

QUESTION 578
MicroCorp experienced a security appliance failure. (LEDs of all NICs are off.) The age of the unit
required that the RMA-unit be a different model.
Will a revert to an existing snapshot bring the new unit up and running?

A. There is no dynamic update at reboot.

B. No. The revert will most probably not match to hard disk.
C. Yes. Everything is dynamically updated at reboot.
D. No. At installation the necessary hardware support is selected. The snapshot saves this state.

Answer: D

QUESTION 579
Which is the lowest Gateway version manageable by SmartCenter R77?

A. R65
B. S71
C. R55
D. R60A

Answer: A

QUESTION 580
A ClusterXL configuration is limited to ___ members.

A. There is no limit.
B. 16
C. 6
D. 2

Answer: C

QUESTION 581
Select the command set best used to verify proper failover function of a new ClusterXL
configuration.

A. reboot
B. cphaprob -d failDevice -s problem -t 0 register / cphaprob -d failDevice unregister
C. clusterXL_admin down / clusterXL_admin up

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. cpstop/cpstart

Answer: C

QUESTION 582
You are troubleshooting a HTTP connection problem.
You've started fw monitor -o http.pcap.
When you openhttp. capwithWire sharkthere is only one line.
What is the most likely reason?

A. fw monitor was restricted to the wrong interface.

B. Like SmartView Tracker only the first packet of a connection will be captured by fw monitor.
C. By default only SYN pakets are captured.
D. Acceleration was turned on and therefore fw monitor sees only SYN.

Answer: D

QUESTION 583
Which two processes are responsible on handling Identity Awareness?

A. pdp and lad

B. pdp and pdp-11
C. pep and lad
D. pdp and pep

Answer: D

QUESTION 584
Fill in the blank. You can set Acceleration to ON or OFF using command syntax ___________ .

Answer: fwaccel off/on

QUESTION 585
You run cphaprob -a if. When you review the output, you find the word DOWN.
What does DOWN mean?

A. The cluster link is down.

B. The physical interface is administratively set to DOWN.
C. The physical interface is down.
D. CCP pakets couldn't be sent to or didn't arrive from neighbor member.

Answer: D

QUESTION 586
Which three of the following components are required to get a SmartEvent up and running?

1) SmartEvent SIC
2) SmartEvent Correlation Unit
3) SmartEvent Server

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
4) SmartEvent Analyzer
5) SmartEvent Client

A. 2, 3, and 5
B. 1, 2, and 4
C. 1, 2, and 3
D. 3, 4, and 5

Answer: A

QUESTION 587
MegaCorp is using SmartCenter Server with several gateways. Their requirements result in a
heavy log load. Would it be feasible to add the SmartEvent Correlation Unit and SmartEvent
Server to their SmartCenter Server?

A. No. SmartCenter SIC will interfere with the function of SmartEvent.

B. No. If SmartCenter is already under stress, the use of a separate server for SmartEvent is
recommended.
C. No, SmartEvent and Smartcenter cannot be installed on the same machine at the same time.
D. Yes. SmartEvent must be installed on your SmartCenter Server.

Answer: B

QUESTION 588
Fill in the blank. To verify that a VPN Tunnel is properly established, use the command
_________

Answer: vpn tunnelutil

QUESTION 589
MultiCorp is located in Atlanta. It has a branch office in Europe, Asia, and Africa. Each location
has its own AD controller for local user login. How many ADqueries have to be configured?

Answer: 4

QUESTION 590
Fill in the blank. The command that typically generates the firewall application, operating system,
and hardware specific drivers is _________ .

Answer: snapshot

QUESTION 591
Fill in the blanks. To view the number of concurrent connections going through your firewall, you
would use the command and syntax __ ___ __ __________ __ .

Answer: fw tab -t connections -s

QUESTION 592

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Fill in the blanks. To view the number of concurrent connections going through core 0 on the
firewall, you would use the command and syntax __ __ _ ___ __ ___________ __ .

Answer: fw -i 0 tab -t connections -s

QUESTION 593
Which Check Point tool allows you to open a debug file and see the VPN packet exchange
details.

A. PacketDebug.exe
B. VPNDebugger.exe
C. IkeView.exe
D. IPSECDebug.exe

Answer: C

QUESTION 594
When a packet is flowing through the security gateway, which one of the following is a valid
inspection path?

A. Acceleration Path
B. Small Path
C. Firewall Path
D. Medium Path

Answer: D

QUESTION 595
If your firewall is performing a lot of IPS inspection and the CPUs assigned to fw_worker_thread
are at or near 100%, which of the following could you do to improve performance?

A. Add more RAM to the system.

B. Add more Disk Drives.
C. Assign more CPU cores to CoreXL
D. Assign more CPU cores to SecureXL.

Answer: C

QUESTION 596
Which of the following CLISH commands would you use to set the admin user's shell to bash?

A. set user admin shell bash

B. set user admin shell /bin/bash
C. set user admin shell = /bin/bash
D. set user admin /bin/bash

Answer: B

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 597
What is Check Point's CoreXL?

A. A way to synchronize connections across cluster members

B. TCP-18190
C. Multiple core interfaces on the device to accelerate traffic
D. Multi Core support for Firewall Inspection

Answer: D

QUESTION 598
Does Check Point recommend generating an upgrade_export on standby SmartCenters?

A. Yes. This is the only way to get the upgrade_export

B. No. All Check Point processes are stopped.
C. No. There is no way to verify the actual configuration.
D. Yes. All information is available at both SmartCenters.

Answer: C

QUESTION 599
The challenges to IT involve deployment, security, management, and what else?

A. Assessments
B. Maintenance
C. Transparency
D. Compliance

Answer: D

QUESTION 600
What is the correct policy installation process order?

1.Verification
2.Code generation and compilation
3.Initiation
4.Commit
5. Conversion
6. CPTA

A. 1, 2, 3, 4, 5, 6
B. 3, 1, 5, 2, 6, 4
C. 4, 2, 3, 5, 6, 1
D. 6, 5, 4, 3, 2, 1

Answer: B

QUESTION 601
What is the offline CPSIZEME upload procedure?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Find the cpsizeme_of_<gwname>.pdf, attach it to an e-mail and send it to
[email protected]
B. Use the webbrowser version of cpsizeme and fax it to Check Point.
C. Find the cpsizeme_of_<gwname>.xml, attach it to an e-mail and send it to
[email protected]
D. There is no offline upload method.

Answer: C

QUESTION 602
How frequently does CPSIZEME run by default?

A. weekly
B. 12 hours
C. 24 hours
D. 1 hour

Answer: C

QUESTION 603
How do you run "CPSIZEME" on SPLAT?

A. [expert@HostName]#>./cpsizeme -h
B. [expert@HostName]# ./cpsizeme -R
C. This is not possible on SPLAT
D. [expert@HostName]# ./cpsizeme

Answer: D

QUESTION 604
How do you check the version of "CPSIZEME" on GAiA?

A. [expert@HostName]# ./cpsizeme.exe -v
B. [expert@HostName]# ./cpsizeme.exe -version
C. [expert@HostName]# ./cpsizeme -v
D. [expert@HostName]# ./cpsizeme -version

Answer: C

QUESTION 605
How do you upload the results of "CPSIZEME" to Check Point when using a PROXY server with
authentication?

A. [expert@HostName]# ./cpsizeme.exe -a username:password@proxy_address:port

B. [expert@HostName]# ./cpsizeme -p username:password@proxy_address:port
C. [expert@HostName]# ./cpsizeme -a username:password@proxy_address:port
D. [expert@HostName]# ./cpsizeme.exe -p username:password@proxy_address:port

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: B

QUESTION 606
By default, what happens to the existing connections on a firewall when a new policy is installed?

A. All existing data connections will be kept open until the connections have ended.
B. Existing connections are always allowed
C. All existing control and data connections will be kept open until the connections have ended.
D. All existing connections not allowed under the new policy will be terminated.

Answer: D

QUESTION 607
Which protocol can be used to provide logs to third-party reporting?

A. CPMI (Check Point Management Interface)

B. LEA (Log Export API)
C. AMON (Application Monitoring)
D. ELA (Event Logging API)

Answer: B

QUESTION 608
Can the smallest appliance handle all Blades simultaneously?

A. Depends on the number of protected clients and throughput.

B. Depends on number of concurrent sessions.
C. Firewall throughput is the only relevant factor.
D. It depends on required SPU for customer environment.

Answer: D

QUESTION 609
The process _______ provides service to access the GAIA configuration database.

A. configdbd
B. confd
C. fwm
D. ipsrd

Answer: B

QUESTION 610
Which CLI tool helps on verifying proper ClusterXL sync?

A. fw stat
B. fw ctl sync

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. fw ctl pstat
D. cphaprob stat

Answer: C

QUESTION 611
The connection to the ClusterXL member `A' breaks. The ClusterXL member `A' status is now
`down'. Afterwards the switch admin set a port to ClusterXL member `B' to `down'.
What will happen?

A. ClusterXL member `B' also left the cluster.

B. ClusterXL member `B' stays active as last member.
C. Both ClusterXL members share load equally.
D. ClusterXL member `A' is asked to come back to cluster.

Answer: B

QUESTION 612
Which command will only show the number of entries in the connection table?

A. fw tab -t connections -s
B. fw tab -t connections -u
C. fw tab -t connections
D. fw tab

Answer: A

QUESTION 613
Which statements about Management HA are correct?

1) Primary SmartCenter describes first installed SmartCenter

2) Active SmartCenter is always used to administrate with SmartConsole
3) Active SmartCenter describes first installed SmartCenter
4) Primary SmartCenter is always used to administrate with SmartConsole

A. 1 and 4
B. 2 and 3
C. 1 and 2
D. 3 and 4

Answer: C

QUESTION 614
Which process should you debug if SmartDashboard login fails?

A. sdm
B. cpd
C. fwd
D. fwm

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 615
Paul has just joined the MegaCorp security administration team. Natalie, the administrator,
creates a new administrator account for Paul in SmartDashboard and installs the policy.
When Paul tries to login it fails. How can Natalie verify whether Paul's IP address is predefined on
the security management server?

A. Login to Smart Dashboard, access Properties of the SMS, and verify whether Paul's IP address is
listed.
B. Type cpconfig on the Management Server and select the option "GUI client List" to see if Paul's
IP address is listed.
C. Login in to Smart Dashboard, access Global Properties, and select Security Management, to
verify whether Paul's IP address is listed.
D. Access the WEBUI on the Security Gateway, and verify whether Paul's IP address is listed as a
GUI client.

Answer: B

QUESTION 616
MultiCorp has bought company OmniCorp and now has two active AD domains.
How would you deploy Identity Awareness in this environment?

A. You must run an ADquery for every domain.

B. Identity Awareness can only manage one AD domain.
C. Only one ADquery is necessary to ask for all domains.
D. Only Captive Portal can be used.

Answer: A

QUESTION 617
Which of the following is the preferred method for adding static routes in GAiA?

A. In the CLI with the command "route add"

B. In Web Portal, under Network Management > IPv4 Static Routes
C. In the CLI via sysconfig
D. In SmartDashboard under Gateway Properties > Topology

Answer: B

QUESTION 618
Which of the following is NOT an advantage of SmartLog?

A. SmartLog has a "Top Results" pane showing things like top sources, rules, and users.
B. SmartLog displays query results across multiple log files, reducing the need to open previous files
to view results.
C. SmartLog requires less disk space by consolidating log entries into fewer records.
D. SmartLog creates an index of log entries, increasing query speed.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: C

QUESTION 619
Type the full cphaprob command and syntax that will show full synchronization status.

Answer: cphaprob -i list

QUESTION 620
Type the full fw command and syntax that will show full synchronization status.

Answer: fw ctl pstat

QUESTION 621
Type the full fw command and syntax that allows you to disable only sync on a cluster firewall
member.

Answer: fw ctl setsync off

QUESTION 622
Type the command and syntax you would use to verify that your Check Point cluster is
functioning correctly.

Answer: cphaprob state

QUESTION 623
Type the command and syntax that you would use to view the virtual cluster interfaces of a
ClusterXL environment.

Answer: cphaprob -a if

QUESTION 624
Type the command and syntax to view critical devices on a cluster member in a ClusterXL
environment.

Answer: cphaprob -ia list

QUESTION 625
Type the command and syntax to configure the Cluster Control Protocol (CCP) to use Broadcast.

Answer: cphaconf set_ccp broadcast

QUESTION 626
Fill in the blank. In New Mode HA, the internal cluster IP VIP address is 10.4.8.3.
The internal interfaces on two members are 10.4.8.1 and 10.4.8.2 Internal host 10.4.8.108 pings
10.4.8.3, and receives replies.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Review the ARP table from the internal Windows host 10.4.8.108.
According to the output, which member is the standby machine?

Answer: 10.4.8.1

QUESTION 627
Fill in the blank. In New Mode HA, the internal cluster IP VIP address is 10.4.8.3.
An internal host 10.4.8.108 successfully pings its Cluster and receives replies.

Review the ARP table from the internal Windows host 10.4.8.108. Based on this information,
what is the active cluster member's IP address?

Answer: 10.4.8.2

QUESTION 628
Fill in the blank. In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3.
The internal interfaces on two members are 10.4.8.1 and 10.4.8.2.
Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies.
The following is the ARP table from the internal Windows host 10.4.8.108.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Review the exhibit and type the IP address of the member serving as the pivot machine in the
space below.

Answer: 10.4.8.2

QUESTION 629
To stop acceleration on a GAiA Security Gateway, enter command:

Answer: fwaccel off

QUESTION 630
To bind a NIC to a single processor when using CoreXL on GAiA, you would use the command

Answer: sim affinity

QUESTION 631
Fill in the blank. To verify SecureXL statistics, you would use the command ________ .

Answer: fwaccel stats

QUESTION 632
Fill in the blank. To verify the SecureXL status, you would enter command _____________ .

Answer: fwaccel stat

QUESTION 633
Fill in the blank. To enter the router shell, use command __________ .

Answer: cligated

QUESTION 634
Fill in the blank. To save your OSPF configuration in GAiA, enter the command ___________ .

Answer: save config

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 635
Fill in the blank. To remove site-to-site IKE and IPSEC keys you would enter command ____ ___
and select the option to delete all IKE and IPSec SA's.

Answer: vpn tu

QUESTION 636
You configure a Check Point QoS Rule Base with two rules:

an HTTP rule with a weight of 40, and the Default Rule with a weight of 10.

If the only traffic passing through your QoS Module is HTTP traffic, what percent of bandwidth will
be allocated to the HTTP traffic?

A. 80%
B. 50%
C. 40%
D. 100%

Answer: B

QUESTION 637
You have pushed a policy to your firewall and you are not able to access the firewall.
What command will allow you to remove the current policy from the machine?

A. fw purge active
B. fw purge policy
C. fw fetch policy
D. fw unloadlocal

Answer: B

QUESTION 638
What step should you take before running migrate_export?

A. Install policy and exit SmartDashboard.

B. Disconnect all GUI clients.
C. Run a cpstop on the Security Management Server.
D. Run a cpstop on the Security Gateway.

Answer: B

QUESTION 639
A snapshot delivers a complete backup of GAiA.
How do you restore a local snapshot named MySnapshot.tgz?

A. Reboot the system and call the start menu.

Select option Snapshot Management, provide the Expert password and select [L] for a restore
from a local file.
Then, provide the correct file name.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. As Expert user, type command snapshot - R to restore from a local file.
Then, provide the correct file name.
C. As Expert user, type command revert --file MySnapshot.tgz.
D. As Expert user, type command snapshot -r MySnapshot.tgz.

Answer: C

QUESTION 640
Which of the following methods will provide the most complete backup of an R77 configuration?

A. Database Revision Control

B. Policy Package Management
C. The command migrate_export
D. Copying the directories $FWDIR\conf and $CPDIR\conf to another server

Answer: C

QUESTION 641
An administrator has installed the latest HFA on the system for fixing traffic problems after
creating a backup file. A large number of routes were added or modified, causing network
problems. The Check Point configuration has not been changed.
What would be the most efficient way to revert to a working configuration?

A. A back up cannot be restored, because the binary files are missing.

B. The restore is not possible because the backup file does not have the same build number
(version).
C. Select Snapshot Management from the SecurePlatform boot menu.
D. Use the command restore and select the appropriate backup file.

Answer: D

QUESTION 642
The User Directory Software Blade is used to integrate which of the following with a R77 Security
Gateway?

A. User Authorityserver
B. RADIUS server
C. Account Management Client server
D. LDAP server

Answer: D

QUESTION 643
Your users are defined in a Windows 2008 Active Directory server.
You must add LDAP users to a Client Authentication rule.
Which kind of user group do you need in the Client Authentication rule in R77?

A. LDAP group
B. All Users

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. External-user group
D. A group with a generic user

Answer: A

QUESTION 644
With the User Directory Software Blade, you can create R77 user definitions on a(n) _________
Server.

A. RSA ACE/Authentication Manager

B. Radius
C. NT Domain
D. LDAP

Answer: D

QUESTION 645
Which of the following is a valid Active Directory designation for user Jane Doe in the MIS
department of AcmeCorp.com?

A. Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com
B. Cn= jane_doe,ou=MIS,cn=acmecorp,dc=com
C. Cn= jane_doe,ca=MIS,dc=acmecorp,dc=com
D. Cn= jane_doe,ca=MIS,cn=acmecorp,dc=com

Answer: A

QUESTION 646
When configuring an LDAP Group object, select the option ____________ if you want the
gateway to reference all groups defined on the LDAP server for authentication purposes.

A. Only Sub Tree

B. Only Group in Branch
C. OU Accept and select appropriate domain
D. All Account-Unit's Users

Answer: D

QUESTION 647
When configuring an LDAP Group object, select option _______________ if you want the
gateway to reference a specific group defined on the LDAP server for authentication purposes.

A. Group Agnostic
B. All Account-Unit's Users
C. Only Sub Tree
D. Only Group in Branch

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 648
The process _______ executes the authentication for logging in to SmartDashboard.

A. fwm
B. vpnd
C. cpd
D. cvpnd

Answer: A

QUESTION 649
The process __________ is responsible for the authentication for Remote Access clients.

A. fwm
B. vpnd
C. cvpnd
D. cpd

Answer: B

QUESTION 650
While authorization for users managed by SmartDirectory is performed by the gateway, the
authentication mostly occurs in __________.

A. ldapauth
B. cpauth
C. ldapd
D. cpShared

Answer: B

QUESTION 651
__________ is NOT a ClusterXL mode.

A. Legacy
B. Unicast
C. Broadcast
D. New

Answer: C

QUESTION 652
In a Cluster, some features such as VPN only function properly when:

A. all cluster members have the same number of interfaces configured.

B. all cluster members' clocks are synchronized.
C. all cluster members have the same policy.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. all cluster members have the same Hot Fix Accumulator pack installed.

Answer: B

QUESTION 653
A customer called to report one cluster member's status as Down. What command should you
use to identify the possible cause?

A. tcpdump/snoop
B. cphaprob list
C. fw ctl pstat
D. fw ctl debug -m cluster + forward

Answer: B

QUESTION 654
What is a Sticky Connection?

A. A Sticky Connection is one in which a reply packet returns through the same gateway as the
original packet.
B. A Sticky Connection is a connection that remains the same.
C. A Sticky Connection is a VPN connection that remains up until you manually bring it down.
D. A Sticky Connection is a connection that always chooses the same gateway to set up the initial
connection.

Answer: A

QUESTION 655
Which load-balancing method below is NOT valid?

A. Domain
B. They are all valid
C. Round Trip
D. Random

Answer: B

QUESTION 656
Which method of load balancing describes "Round Robin"?

A. Assigns service requests to servers at random.

B. Ensures that incoming requests are handled by the server with the fastest response time.
C. Measures the load on each server to determine which server has the most available resources.
D. Assigns service requests to the next server in a series.

Answer: D

QUESTION 657

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
What is the proper command for importing users into the R77 User Database?

A. fwm importusrs
B. fwm dbimport
C. fwm import
D. fwm importdb

Answer: B

QUESTION 658
What is a requirement for setting up R77 Management High Availability?

A. All Security Management Servers must reside in the same LAN.

B. State synchronization must be enabled on the secondary Security Management Server.
C. All Security Management Servers must have the same operating system.
D. All Security Management Servers must have the same number of NICs.

Answer: C

QUESTION 659
Match the ClusterXL modes with their configurations.

A. A-2, B-3, C-4, D-1

B. A-2, B-3, C-1, D-5
C. A-3, B-5, C-1, D-4
D. A-5, B-2, C-4, D-1

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: C

QUESTION 660
Your expanding network currently includes ClusterXL running Multicast mode on two members,
as shown in this topology:

You need to add interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B.

The virtual IP address for these interfaces is 10.10.10.3/24. Both cluster gateways have a Quad
card with an available eth3 interface.
What is the correct procedure to add these interfaces?

A. 1. Disable "Cluster membership" from one Gateway via cpconfig.

2. Configure the new interface via sysconfig from the "non-member" Gateway.
3. Re-enable "Cluster membership" on the Gateway.
4. Perform the same steps on the other Gateway.
5. Update the topology in the cluster object.
6. Install the Security Policy.
B. 1. Configure the new interface on both members using WebUI.
2. Update the new topology in the cluster object from SmartDashboard.
3. Define virtual IP in the Dashboard
4. Install the Security Policy.
C. 1. Use WebUI to configure the new interfaces on both member.
2. Update the topology in the cluster object.
3. Reboot both gateways.
4. Install the Security Policy.
D. 1. Use the command ifconfig to configure and enable the new interface on both members.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 2. Update the topology in the cluster object for the cluster and both members.
3. Install the Security Policy.
4. Reboot the gateway.

Answer: B

QUESTION 661
Which statement is TRUE for route-based VPN's?

A. IP Pool NAT must be configured on each Gateway.

B. Dynamic-routing protocols are not required.
C. Route-based VPN's are a form of partial overlap VPN Domain.
D. Route-based VPN's replace domain-based VPN's.

Answer: B

QUESTION 662
What SmartConsole application allows you to change the SmartReporter Policy?

A. SmartDashboard
B. SmartReporter
C. SmartEvent Server
D. SmartUpdate

Answer: A

QUESTION 663
MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to
enjoy the benefits of the new distributed R77 installation.
You must propose a plan that meets the following required and desired objectives:

- Required. Security Policy repository must be backed up no less

frequently than every 24 hours.
- Desired. Back up R77 components enforcing the Security Policies at
least once a week.
- Desired. Back up R77 logs at least once a week.

You develop a disaster recovery plan proposing the following:

* Use the utility cron to run the command upgrade_export each night on
the Security Management Servers.
* Configure the organization's routine backup software to back up files
created by the command upgrade_export.
* Configure GAiA back up utility to back up Security Gateways every
Saturday night.
* Use the utility cron to run the command upgrade_export each Saturday
night on the log servers.
* Configure an automatic, nightly logswitch.
* Configure the organization's routine back up software to back up the
switched logs every night.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
The corporate IT change review committee decides your plan:

A. meets the required objective and only one desired objective.

B. meets the required objective and both desired objectives.
C. meets therequiredobjective but does not meet eitherdesiredobjective.
D. does not meet the required objective.

Answer: B

QUESTION 664
Match the VPN-related terms with their definitions. Each correct term is only used once.

A. A-3, B-4, C-1, D-5

B. A-4, B-3, C-5, D-2
C. A-2, B-5, C-4, D-1
D. A-3, B-2, C-1, D-4

Answer: B

QUESTION 665
To provide full connectivity upgrade status, use command

Answer: cphaprob fcustat

QUESTION 666
In a zero downtime firewall cluster environment, what command syntax do you run to avoid
switching problems around the cluster for command cphaconf?

Answer: set_ccp broadcast

QUESTION 667
In a zero downtime scenario, which command do you run manually after all cluster members are
upgraded?

Answer: cphaconf set_ccp multicast

QUESTION 668
Complete this statement. To save interface information before upgrading a Windows Gateway,
use command

Answer: ipconfig -a > [filename].txt

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 669
Fill in the blank with a numeric value. The default port number for standard TCP connections with
the LDAP server is

Answer: 389

QUESTION 670
Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL)
connections with the LDAP Server is

Answer: 636

QUESTION 671
The command useful for debugging by capturing packet information, including verifying LDAP
authentication on all Check Point platforms is

Answer: fw monitor

QUESTION 672
Control connections between the Security Management Server and the Gateway are not
encrypted by the VPN Community. How are these connections secured?

A. They are encrypted and authenticated using SIC.

B. They are not encrypted, but are authenticated by the Gateway
C. They are secured by PPTP
D. They are not secured.

Answer: D

QUESTION 673
If Bob wanted to create a Management High Availability configuration, what is the minimum
number of Security Management servers required in order to achieve his goal?

A. Three
B. Two
C. Four
D. One

Answer: D

QUESTION 674
David wants to manage hundreds of gateways using a central management tool.
What tool would David use to accomplish his goal?

A. Smart Provisioning
B. Smart Blade
C. Smart Dashboard
D. SmartLSM

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: B

QUESTION 675
From the following output of cphaprob state, which ClusterXL mode is this?

A. New mode
B. Multicast mode
C. Legacy mode
D. Unicast mode

Answer: D

QUESTION 676
Which of the following is NOT a feature of ClusterXL?

A. Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway)
B. Transparent failover in case of device failures
C. Zero downtime for mission-critical environments with State Synchronization
D. Transparent upgrades

Answer: C

QUESTION 677
In which case is a Sticky Decision Function relevant?

A. Load Sharing - Unicast

B. Load Balancing - Forward
C. High Availability
D. Load Sharing - Multicast

Answer: C

QUESTION 678
You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40,
and the Default Rule with a weight of 10. If the only traffic passing through your QoS Module is
HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?

A. 80%
B. 40%
C. 100%
D. 50%

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: C

QUESTION 679
You have pushed a policy to your firewall and you are not able to access the firewall.
What command will allow you to remove the current policy from the machine?

A. fw purge policy
B. fw fetch policy
C. fw purge active
D. fw unload local

Answer: D

QUESTION 680
How do you verify the Check Point kernel running on a firewall?

A. fw ctl get kernel

B. fw ctl pstat
C. fw kernel
D. fw ver -k

Answer: D

QUESTION 681
Your organization's disaster recovery plan needs an update to the backup and restore section to
reap the benefits of the new distributed R76 installation.
Your plan must meet the following required and desired objectives:

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Upon evaluation, your plan:

A. Meets the required objective and only one desired objective

B. Meets the required objective and both desired objectives
C. Meets the required objective but does not meet either desired objective
D. Does not meet the required objective

Answer: B

QUESTION 682
The process ________________ compiles $FWDIR/conf/*.W files into machine language.

A. fw gen
B. cpd
C. fwd
D. fwm

Answer: A

QUESTION 683
You are running a R76 Security Gateway onSecure Platform. In case of a hardware failure, you
have a server with the exact same hardware and firewall version installed.
What backup method could be used to quickly put the secondary firewall into production?

A. upgrade export
B. manual backup

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. snapshot
D. backup

Answer: C

QUESTION 684
Before upgradingSecure Platform, you should create a backup.
To save time, many administrators use the command backup.
This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problems after
creating a backup file. There is a mistake in the very complex static routing configuration.
The Check Point configuration has not been changed.
Can the administrator use a restore to fix the errors in static routing?

A. The restore is not possible because the backup file does not have the same build number
(version).
B. The restore is done by selecting Snapshot Management from theSecure Platformboot menu.
C. The restore can be done easily by the command restore and selecting the appropriate backup
file.
D. A back up cannot be restored, because the binary files are missing.

Answer: C

QUESTION 685
You intend to upgrade a Check Point Gateway from R65 to R76.
To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable
size in the least amount of time?

A. snapshot
B. database revision
C. backup
D. upgrade export

Answer: D

QUESTION 686
Your R76 enterprise Security Management Server is running abnormally on Windows 2008
Server. You decide to try reinstalling the Security Management Server, but you want to try
keeping the critical Security Management Server configuration settings intact (i.e., all Security
Policies, databases, SIC, licensing etc.)
What is the BEST method to reinstall the Server and keep its critical configuration?

A. 1. Create a database revision control backup using the Smart Dashboard

2. Create a compressed archive of the *FWDlR*\ conf and >FWDiR8\lib directories and copy them
to another networked machine.
3. Uninstall all R70 packages via Add/Remove Programs and reboot.
4. Install again as a primary Security Management Server using the R70 CD.
5. Reboot and restore the two archived directories over the top of the new installation, choosing to
overwrite existing files.
B. 1. Download the latestupgrade exportutility and run it from a c; \temp directory to export the

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
 configuration into a .tgz file
2. Skip any upgarde__verification warnings since you are not upgrading
3. Transfer the .tgz file to another networked machine
4. Download and run the cpclean utility and reboot
5. Use the R70 CD-ROM to select the uuarade import ootion to import the confiauration
C. 1. Download the latest upqrade_expoct utility and run it from a \temp directory to export the
configuration into a .tgz file
2. Perform any requested upgcade_verision suggested steps
3. Uninstall all R70 packages via Add/Remove Programs and reboot
4. Use SmartUpdate to reinstall the Security Management Server and reboot
5. Transfer the tgz file back to the local \temp
6. Run upgrade__import to import the configuration
D. 1. Insert the F70 CD-ROM, and select the option to export the configuration using the latest
upgrade utilities
2. Perform any requestedupgrade verificationsuggested steps and re-export the configuration if
needed
3. Save the export " tgz file to a local c: \temp directory
4. Uninstall all R70 packages via Add/Remove Programs and reboot
5. Install again using the R70 CD-ROM as a primary Security Management Server and reboot
6. Runupgrade importto import the configuration

Answer: C

QUESTION 687
True or false? After creating a snapshot of a Windows 2003 SP2 Security Management Server,
you can restore it on a Secure Platform R76 Security Management Server, except you must load
interface information manually.

A. True, but only when the snapshot file is restored to a Secure Platform system running R76.20.
B. False, you cannot run the Check Point snapshot utility on a Windows gateway.
C. True, but only when the snapshot file is restored to a Secure Platform system running R76.10.
D. False, all configuration information conveys to the new system, including the interface
configuration settings.

Answer: B

QUESTION 688
Check Point recommends that you back up systems running Check Point products. Run your
back ups during maintenance windows to limit disruptions to services, improve CPU usage, and
simplify time allotment. Which back up method does Check Point recommend before major
changes, such as upgrades?

A. snapshot
B. upgrade export
C. backup
D. migrate export

Answer: A

QUESTION 689
Check Point recommends that you back up systems running Check Point products. Run your

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
back ups during maintenance windows to limit disruptions to services, improve CPU usage, and
simplify time allotment. Which back up method does Check Point recommend every couple of
months, depending on how frequently you make changes to the network or policy?

A. backup
B. migrate export
C. upgrade export
D. snapshot

Answer: A

QUESTION 690
Check Point recommends that you back up systems running Check Point products. Run your
back ups during maintenance windows to limit disruptions to services, improve CPU usage, and
simplify time allotment.
Which back up method does Check Point recommend anytime outside a maintenance window?

A. backup
B. migrate export
C. backup export
D. snapshot

Answer: B

QUESTION 691
Snapshot is available on which Security Management Server and Security Gateway platforms?

A. Solaris
B. Windows 2003 Server
C. Windows XP Server
D. Secure Platform

Answer: D

QUESTION 692
The file snapshot generates is very large, and can only be restored to:

A. The device that created it, after it has been upgraded

B. Individual members of a cluster configuration
C. Windows Server class systems
D. A device having exactly the same Operating System as the device that created the file

Answer: D

QUESTION 693
Smart Reporterreports can be used to analyze data from a penetration-testing regimen in all of
the following examples, EXCEPT:

A. Possible worm/malware activity.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. Analyzing traffic patterns against public resources.
C. Analyzing access attempts via social-engineering.
D. Tracking attempted port scans.

Answer: C

QUESTION 694
What is the best tool to produce a report which represents historical system information?

A. Smart ViewTracker
B. Smart viewMonitor
C. Smart Reporter-Standard Reports
D. Smart Reporter-Express Reports

Answer: D

QUESTION 695
If Jack was concerned about the number of log entries he would receive in the SmartReporter
system, which policy would he need to modify?

A. Consolidation Policy
B. Log Consolidator Policy
C. Log Sequence Policy
D. Report Policy

Answer: A

QUESTION 696
Your company has the requirement that SmartEvent reports should show a detailed and accurate
view of network activity but also performance should be guaranteed.
Which actions should be taken to achieve that?

(i) Use same hard driver for database directory, log files and
temporary directory
(ii) Use Consolidation Rules
(iii) Limit logging to blocked traffic only
(iv) Using Multiple Database Tables

A. (i) and (ii)

B. (ii) and (iv)
C. (i), (ii) and (iv)
D. (i), (iii) and (iv)

Answer: B

QUESTION 697
To help organize events, SmartReporter uses filtered queries.
Which of the following is NOT an SmartEvent event property you can query?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Event: Critical, Suspect, False Alarm
B. Time: Last Hour, Last Day, Last Week
C. State: Open, Closed, False Alarm
D. Type: Scans, Denial of Service, Unauthorized Entry

Answer: A

QUESTION 698
When migrating the SmartEvent data base from one server to another, the first step is to back up
the files on the original server.
Which of the following commands should you run to back up the SmartEvent data base?

A. migrate export
B. snapshot
C. backup
D. eva_db_backup

Answer: D

QUESTION 699
When migrating the SmartEvent data base from one server to another, the last step is to save the
files on the new server. Which of the following commands should you run to save the SmartEvent
data base files on the new server?

A. cp
B. migrate import
C. eva_db_restore
D. restore

Answer: C

QUESTION 700
How could you compare the Fingerprint shown to the Fingerprint on the server?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. Run cpconfig, select the Certificate's Fingerprint option and view the fingerprint
B. Run cpconfig, select the GUI Clients option and view the fingerprint
C. Run cpconfig, select the Certificate Authority option and view the fingerprint
D. Run sysconfig, select the Server Fingerprint option and view the fingerprint

Answer: A

QUESTION 701
Which file defines the fields for each object used in the file objects.C (color, num/string, default
value...)?

A. $FWDIR/conf/classes.C
B. $FWDIR/conf/scheam.C
C. $FWDIR/conf/table.C
D. $FWDIR/conf/fields.C

Answer: A

QUESTION 702
Which procedure creates a new administrator in Smart Workflow?

A. Run cpconfig, supply the Login Name.

Profile Properties, Name, Access Applications and Permissions.
B. In Smart Dashboard, clickSmart Workflow/ Enable Smart Workflowand the Enable
SmartWorkflow wizard will start. Supply the Login Name, Profile Properties, Name, Access
Applications and Permissions when prompted.
C. On the Provider-1 primary MDS, run cpconfig, supply the Login Name, Profile Properties, Name,
Access Applications and Permissions.
D. In Smart Dashboard, click Users and Administrators right click Administrators / New Administrator
and supply the Login Name. Profile Properties, Name, Access Applications and Permissions.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: D

QUESTION 703
When you check Web Server in a host-node object, what happens to the host?

A. The Web server daemon is enabled on the host.

B. More granular controls are added to the host, in addition to Web Intelligence tab settings.
C. You can specify allowed ports in the Web server's node-object properties.
You then do not need to list all allowed ports in the Rule Base.
D. IPS Web Intelligence is enabled to check on the host.

Answer: B

QUESTION 704
Which external user authentication protocols are supported in SSL VPN?

A. LDAP, Active Directory, SecurID

B. DAP, SecurID, Check Point Password, OS Password, RADIUS, TACACS
C. LDAP, RADIUS, Active Directory, SecurID
D. LDAP, RADIUS, TACACS, SecurID

Answer: B

QUESTION 705
Which of the following commands can be used to stop Management portal services?

A. fw stopportal
B. cpportalstop
C. cpstop / portal
D. smartportalstop

Answer: D

QUESTION 706
Which command would you use to save the interface information before upgrading
aGAiAGateway?

A. netstat -m > [filename].txt

B. ipconfig -a > [filename].txt
C. ifconfig > [filename].txt
D. cp /etc/sysconfig/network.C [location]

Answer: C

QUESTION 707
Which command would you use to save the routing information before upgrading a Secure
Platform Gateway?

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
A. cp /etc/sysconfig/network.C [location]
B. netstat -m > [filename].txt
C. ifconfig > [filename].txt
D. ipconfig -a > [filename].txt

Answer: A

QUESTION 708
Which command would you use to save the routing information before upgrading a
Windows Gateway?

A. ipconfig -a > [filename].txt

B. ifconfig > [filename].txt
C. cp /etc/sysconfig/network.C [location]
D. netstat -m > [filename].txt

Answer: D

QUESTION 709
Which command would you use to save the interface information before upgrading a Windows
Gateway?

A. cp /etc/sysconfig/network.C [location]
B. ipconfig -a > [filename].txt
C. ifconfig > [filename].txt
D. netstat -m > [filename].txt

Answer: B

QUESTION 710
When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster
members have the same products installed. Which command should you run?

A. fw fcu
B. cphaprob fcustat
C. cpconfig
D. fw ctl conn -a

Answer: D

QUESTION 711
A Minimal Effort Upgrade of a cluster:

A. Is only supported in major releases (R70 to R71, R71 to R76).

B. Is not a valid upgrade method in R76.
C. Treats each individual cluster member as an individual gateway.
D. Upgrades all cluster members except one at the same time.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Answer: C

QUESTION 712
A Zero Downtime Upgrade of a cluster:

A. Upgrades all cluster members except one at the same time.

B. Is only supported in major releases (R70 to R71, R71 to R76).
C. Treats each individual cluster member as an individual gateway.
D. Is not a valid upgrade method in R76.

Answer: A

QUESTION 713
A Full Connectivity Upgrade of a cluster:

A. Treats each individual cluster member as an individual gateway.

B. Upgrades all cluster members except one at the same time.
C. Is only supported in minor version upgrades (R70 to R71, R71 to R76).
D. Is not a valid upgrade method in R76.

Answer: C

QUESTION 714
A Fast Path Upgrade of a cluster:

A. Upgrades all cluster members except one at the same time.

B. Treats each individual cluster member as an individual gateway.
C. Is not a valid upgrade method in R76.
D. Is only supported in major releases (R70 to R71, R75 to R76).

Answer: C

QUESTION 715
How does Check Point recommend that you secure the sync interface between gateways?

A. Configure the sync network to operate within the DMZ.

B. Secure each sync interface in a cluster with Endpoint.
C. Use a dedicated sync network.
D. Encrypt all sync traffic between cluster members.

Answer: C

QUESTION 716
How would you set the debug buffer size to 1024?

A. Run fw ctl set buf 1024

B. Run fw ctl kdebug 1024
C. Run fw ctl debug -buf 1024

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
D. Run fw ctl set int print_cons 1024

Answer: C

QUESTION 717
Steve is troubleshooting a connection problem with an internal application.
If he knows the source IP address is 192.168.4.125, how could he filter this traffic?

A. Run fw monitor -e "accept dsrc=192.168.4.125;"

B. Run fw monitor -e "accept dst=192.168.4.125;"
C. Run fw monitor -e "accept ip=192.168.4.125;"
D. Run fw monitor -e "accept src=192.168.4.125;"

Answer: D

QUESTION 718
Check Point support has asked Tony for a firewall capture of accepted packets.
What would be the correct syntax to create a capture file to a filename calledmonitor. out?

A. Run fw monitor -e "accept;" -f monitor.out

B. Run fw monitor -e "accept;" -c monitor.out
C. Run fw monitor -e "accept;" -o monitor.out
D. Run fw monitor -e "accept;" -m monitor.out

Answer: C

QUESTION 719
What is NOT a valid LDAP use in Check PointSmart Directory?

A. Retrieve gateway CRL's

B. External users management
C. Enforce user access to internal resources
D. Provide user authentication information for the Security Management Server

Answer: C

QUESTION 720
There are several Smart Directory(LDAP) features that can be applied to further enhance Smart
Directory(LDAP) functionality, which of the following is NOT one of those features?

A. High Availability, where user information can be duplicated across several servers
B. Support multiple Smart Directory(LDAP) servers on which many user databases are distributed
C. Encrypted or non-encrypted Smart Directory(LDAP) Connections usage
D. Support many Domains under the same account unit

Answer: D

QUESTION 721

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
Choose the BEST sequence for configuring user management in Smart Dashboard, using an
LDAP server.

A. Configure a workstation object for the LDAP server, configure a server object for the LDAP
Account Unit, and enable LDAP in Global Properties.
B. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and
configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and
create an LDAP resource object.

Answer: C

QUESTION 722
Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the
organization. Which gateway process is responsible for the authentication?

A. vpnd
B. cpvpnd
C. fwm
D. fwd

Answer: A

QUESTION 723
Remote clients are using SSL VPN to authenticate via LDAP server to connect to the
organization. Which gateway process is responsible for the authentication?

A. vpnd
B. cpvpnd
C. fwm
D. fwd

Answer: B

QUESTION 724
Which of the following is NOT a LDAP server option in Smart Directory?

A. Novell_DS
B. Netscape_DS
C. OPSEC_DS
D. Standard_DS

Answer: D

QUESTION 725
An Account Unit is the interface between the __________ and the __________.

A. Users, Domain

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
B. Gateway, Resources
C. System, Database
D. Clients, Server

Answer: D

QUESTION 726
Which of the following is a valid Active Directory designation for user John Doe in the Sales
department of AcmeCorp.com?

A. Cn=john_doe,ou=Sales,ou=acmecorp,dc=com
B. Cn=john_doe,ou=Sales,ou=acme,ou=corp,dc=com
C. Cn=john_doe,dc=Sales,dc=acmecorp,dc=com
D. Cn=john_doe,ou=Sales,dc=acmecorp,dc=com

Answer: D

QUESTION 727
Which of the following is a valid Active Directory designation for user Jane Doe in the MIS
department of AcmeCorp.com?

A. Cn= jane_doe,ou=MIS,DC=acmecorp,dc=com
B. Cn= jane_doe,ou=MIS,cn=acmecorp,dc=com
C. Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com
D. Cn= jane_doe,ou=MIS,cn=acme,cn=corp,dc=com

Answer: C

QUESTION 728
Which utility or command is useful for debugging by capturing packet information, including
verifying LDAP authentication?

A. fw monitor
B. ping
C. um_core enable
D. fw debug fwm

Answer: A

QUESTION 729
You can NOT use Smart Dashboard's Smart Directory features to connect to the LDAP server.
What should you investigate?

1. Verify you have read-only permissions as administrator for the

operating system.
2. Verify there are no restrictions blocking SmartDashboard's User
Manager from connecting to the LDAP server.
3. Check that the Login Distinguished Name configured has root
(Administrator) permission (or at least write permission) in the access

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
control configuration of the LDAP server.

A. 1 and 3
B. 2 and 3
C. 1 and 2
D. 1, 2, and 3

Answer: B

QUESTION 730
When, during policy installation, does the atomic load task run?

A. It is the first task during policy installation.

B. It is the last task during policy installation.
C. Before CPD runs on the Gateway.
D. Immediately after fwm load runs on theSmart Center.

Answer: B

QUESTION 731
What process is responsible for transferring the policy file from Smart Center to the Gateway?

A. FWD
B. FWM
C. CPRID
D. CPD

Answer: D

QUESTION 732
What firewall kernel table stores information about port allocations for Hide NAT connections?

A. NAT_dst_any_list
B. host_ip_addrs
C. NAT_src_any_list
D. fwx_alloc

Answer: D

QUESTION 733
Where do you define NAT properties so that NAT is performed either client side or server side?

A. In SmartDashboard under Gateway setting

B. In SmartDashboard under Global Properties > NAT definition
C. In SmartDashboard in the NAT Rules
D. In file $DFWDIR/lib/table.def

Answer: B

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 734
The process ___________ is responsible for all other security server processes run on the
Gateway.

A. FWD
B. CPLMD
C. FWM
D. CPD

Answer: A

QUESTION 735
The process ________ is responsible for GUI Client communication with the Smart Center.

A. FWD
B. FWM
C. CPD
D. CPLMD

Answer: B

QUESTION 736
The process ________ is responsible for Policy compilation.

A. FWM
B. Fwcmp
C. CPLMD
D. CPD

Answer: A

QUESTION 737
Fill in the blank. What is the correct command and syntax used to view a connection table
summary on a Check Point Firewall?

Answer: fw tab -t connections -s

QUESTION 738
Which command will erase all CRL's?

A. vpn crladmin
B. cpstop/cpstart
C. vpn crl_zap
D. vpn flush

Answer: C

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 739
What is the supported ClusterXL configuration when configuring a cluster synchronization
network on a VLAN interface?

A. It is supported on the lowest VLAN tag of the VLAN interface

B. It is not supported on a VLAN tag.
C. It is supported on VLAN tag 4095
D. It is supported on VLAN tag 4096.

Answer: A

QUESTION 740
Which SmartConsole component can Administrators use to track changes to the Rule Base?

A. SmartView Monitor
B. SmartReporter
C. WebUI
D. SmartView Tracker

Answer: D

QUESTION 741
UDP packets are delivered if they are ___________.

A. referenced in the SAM related dynamic tables

B. a valid response to an allowed request on the inverse UDP ports and IP
C. a stateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP
D. bypassing the kernel by the forwarding layer of ClusterXL

Answer: B

QUESTION 742
You need to completely reboot the Operating System after making which of the following changes
on the Security Gateway? (i.e. the command cprestart is not sufficient.)

1. Adding a hot-swappable NIC to the Operating System for the first

time.
2. Uninstalling the R75 Power/UTM package.
3. Installing the R75 Power/UTM package.
4. Re-establishing SIC to the Security Management Server.
5. Doubling the maximum number of connections accepted by the Security
Gateway.

A. 2, 3 only
B. 3 only
C. 3, 4, and 5 only
D. 1, 2, 3, 4, and 5

Answer: A

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
QUESTION 743
The Security Gateway is installed on SecurePlatform R77. The default port for the Web User
Interface is ____________.

A. TCP 443
B. TCP 4433
C. TCP 18211
D. TCP 257

Answer: A

QUESTION 744
Which command displays the installed Security Gateway version?

A. fw ver
B. fw stat
C. fw printver
D. cpstat -gw

Answer: A

QUESTION 745
Which command line interface utility allows the administrator to verify the Security Policy name
and timestamp currently installed on a firewall module?

A. fw stat
B. fw ctl pstat
C. fw ver
D. cpstat fwd

Answer: A

QUESTION 746
Your primary Security Gateway runs on SecurePlatform. What is the easiest way to back up your
Security Gateway R77 configuration, including routing and network configuration files?

A. Using the native SecurePlatform backup utility from command line or in the Web based user
interface.
B. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
C. Using the command upgrade_export.
D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.

Answer: A

QUESTION 747
John is the Security Administrator in his company. He installs a new R77 Security Management
Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the
activation key, he gets the following message in SmartDashboard - "Trust established"

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
SIC still does not seem to work because the policy won't install and interface fetching does not
work. What might be a reason for this?

A. It always works when the trust is established

B. This must be a human error.
C. SIC does not function over the network.
D. The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid.

Answer: D

QUESTION 748
Which of the following is a CLI command for Security Gateway R77?

A. fw merge
B. fw tab -u
C. fw shutdown
D. fwm policy_print <policyname>

Answer: B

QUESTION 749
Which of the following tools is used to generate a Security Gateway R77 configuration report?

A. infoCP
B. cpinfo
C. infoview
D. fw cpinfo

Answer: B

QUESTION 750
You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the
enterprise Security Management Server, you create a new Gateway object and Security Policy.
When you install the new Policy from the Policy menu, the Gateway object does not appear in the
Install Policy window as a target. What is the problem?

A. The new Gateway's temporary license has expired.

B. The object was created with Node > Gateway.
C. The Gateway object is not specified in the first policy rule column Install On.
D. No Masters file is created for the new Gateway.

Answer: B

QUESTION 751
Which of the following describes the default behavior of an R77 Security Gateway?

A. Traffic is filtered using controlled port scanning.

B. IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are
inspected.

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com
C. All traffic is expressly permitted via explicit rules.
D. Traffic not explicitly permitted is dropped.

Answer: D

QUESTION 752
When you use the Global Properties' default settings on R77, which type of traffic will be dropped
if NO explicit rule allows the traffic?

A. Firewall logging and ICA key-exchange information

B. RIP traffic
C. Outgoing traffic originating from the Security Gateway
D. SmartUpdate connections

Answer: B

Get Complete Collection of 156-315.77 Exam's Question and Answers.

http://www.passleader.com