156-215.77 Online Practice Questions and Answers

Which utility allows you to configure the DHCP service on GAiA from the command line?

A. ifconfig

B. sysconfig

C. cpconfig

D. dhcp_cfg

Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?

A. SmartView Monitor > Gateway Status > Threshold Settings

B. SmartView Tracker > Audit Tab > Gateway Counters

C. SmartView Monitor > Gateway Status > System Information > Thresholds

D. This can only be monitored by a user-defined script.

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

A. destination on server side

B. source on server side

C. source on client side

D. destination on client side

Where can you find the Check Point's SNMP MIB file?

A. $CPDIR/lib/snmp/chkpt.mib

B. $FWDIR/conf/snmp.mib

C. It is obtained only by request from the TAC.

D. There is no specific MIB file for Check Point products.

Match the terms with their definitions: Exhibit:

A. A-3, B-2, C-4, D-1

B. A-2, B-3, C-4, D-1

C. A-3, B-2, C-1, D-4

D. A-3, B-4, C-1, D-2

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

A. The two algorithms do not have the same key length and so don't work together. You will get the error .... No proposal chosen....

B. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.

C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

D. All is fine and can be used as is.

Match the following commands to their correct function. Each command has one function only listed. Exhibit:

A. C1>F6; C2>F4; C3>F2; C4>F5

B. C1>F2; C2>F1; C3>F6; C4>F4

C. C1>F2; C2>F4; C3>F1; C4>F5

D. C1>F4; C2>F6; C3>F3; C4>F2

How granular may an administrator filter an Access Role with identity awareness? Per:

A. Specific ICA Certificate

B. AD User

C. Radius Group

D. Windows Domain

What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?

A. Captive Portal is more secure than standard LDAP

B. Nothing, LDAP query is required when configuring Captive Portal

C. Captive Portal works with both configured users and guests

D. Captive Portal is more transparent to the user

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?

A. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.

B. Select Block intruder from the Tools menu in SmartView Tracker.

C. Create a Suspicious Activity Rule in SmartView Monitor.

D. Add a temporary rule using SmartDashboard and select hide rule.