We provide real checkpoint 156 215.77 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Check Point ccsa 156 215.77 Exam quickly & easily. The ccsa 156 215.77 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Check Point ccsa 156 215.77 dumps pdf and vce product and material, you can easily pass the checkpoint 156 215.77 exam.
Q131. - (Topic 1)
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Q132. - (Topic 3)
Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
A. Domain Admin password
B. Check Point Password
C. Windows logon password
D. WMI object
Q133. - (Topic 1)
What is the officially accepted diagnostic tool for IP Appliance Support?
B. cpinfo C. uag-diag
Q134. - (Topic 1)
Which rule position in the Rule Base should hold the Cleanup Rule? Why?
A. Last. It explicitly drops otherwise accepted traffic.
B. First. It explicitly accepts otherwise dropped traffic.
C. Last. It serves a logging function before the implicit drop.
D. Before last followed by the Stealth Rule.
Q135. - (Topic 3)
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
B. Check Point Password
C. Windows password
Q136. - (Topic 3)
You cannot use SmartDashboard's User Directory features to connect to the LDAP server. What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.
A. 2 and 3
B. 1 and 3
C. 1 and 2
D. 1, 2, and 3
Q137. - (Topic 3)
Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:
A. Client Authentication rule using the manual sign-on method, using HTTP on port 900
B. Client Authentication rule, using partially automatic sign on
C. Client Authentication for fully automatic sign on
D. Session Authentication rule
Q138. - (Topic 3)
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
B. All is fine and can be used as is.
C. The two algorithms do not have the same key length and so don't work together. You will get the error …. No proposal chosen….
D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
Q139. - (Topic 1)
Which item below in a Security Policy would be enforced first?
A. Network Address Translation
B. Security Policy First rule
C. Administrator-defined Rule Base
D. IP spoofing/IP options
Q140. - (Topic 3)
How can you reset the Security Administrator password that was created during initial Security Management Server installation on GAiA?
A. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.
B. As expert user Type fwm -a, and provide the existing administrator’s account name. Reset the Security Administrator’s password.
C. Type cpm -a, and provide the existing administrator’s account name. Reset the Security Administrator’s password.
D. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Password portion of the file. Then log in to the account without a password. You will be prompted to assign a new password.
To know more about the 156-215.77, click here.