Welcome to Dumpsbase.com

156-215.77 Dumps

Only $41.76, Automatic 28% OFF. More on Promotion page

$ 68
(199 Customer Reviews)
Exam Name

Check Point Certified Security Administrator


Dumpsbase collected all the related 156-215.77 dumps questions, which are the best and latest in the whole market. Read and study all Dumpsbase Check Point CCSA 156-215.77 exam dumps, you can pass the test in the first attempt.

1. How many Q&As in Dumpsbase 156-215.77 dumps?

There are 359 Q&As in Dumpsbase CCSA 156-215.77 dumps, which cover all the exam topics of 156-215.77 Check Point Certified Security Administrator.

2. Can I try free 156-215.77 demo before I decide to purchase?

Yes, Dumpsbase provides free 156-215.77 demo for you to check the quality of Check Point Certified Security Administrator 156-215.77 dumps.

3. What format will I get after purchasing 156-215.77 dumps?

Dumpsbase provides both PDF and Software for CCSA 156-215.77 dumps. 
PDF version is file which you can print out to read and study all the 156-215.77 dumps questions anywhere, and you can also use mobile phone to study them. It is very convenient.
Software is a simulation version, you can test 156-215.77 questions in real exam environment. 

4. How long will I get CCSA 156-215.77 dumps after completing the payment?

After you purchase Dumpsbase Check Point 156-215.77 dumps, you will get Check Point Certified Security Administrator 156-215.77 exam dumps in 10 minutes in our working time, and in 12 hours in non-working time. 

5. If I fail 156-215.77 exam with Dumpsbase dumps, will I get full payment fee refund?

Yes, if you fail CCSA 156-215.77 by using Dumpsbase dumps questions, you only need scan and send the score report to us via [email protected] After we check and confirm it, we will refund full payment fee to you in one working day. 

6. Can I get update after I purchase 156-215.77 dumps?

Yes, Dumpsbase provide free update for 156-215.77 exam dumps in one year from the date of purchase. If your product is out of one year, you need to re-purchase 156-215.77 dumps questions. Contact us by online live support or email, we will send you 50% coupon code. 

Question No : 1

You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object¡¯s Remote Access properties and install policy. What additional steps are required for this to function correctly?
A. You need to start SSL Network Extender first, then use Visitor Mode.
B. Set Visitor Mode in Policy > Global Properties > Remote-Access > VPN - Advanced.
C. Office mode is not configured.
D. The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). With multi-port no additional changes are necessary.
Answer: D

Question No : 2

What is the primary benefit of using the command upgrade_export over either backup or snapshot?
A. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.
Answer: A

Question No : 3

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP ( He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
A. John should lock and unlock his computer
B. Investigate this as a network connectivity issue
C. The access should be changed to authenticate the user instead of the PC
D. John should install the Identity Awareness Agent
Answer: C

Question No : 4

Which statement is TRUE about implicit rules?
A. You create them in SmartDashboard.
B. The Gateway enforces implicit rules that enable outgoing packets only.
C. Changes to the Security Gateway¡¯s default settings do not affect implicit rules.
D. They are derived from Global Properties and explicit object properties.
Answer: D

Question No : 5

Match the terms with their definitions:

A. A-3, B-2, C-4, D-1
B. A-2, B-3, C-4, D-1
C. A-3, B-2, C-1, D-4
D. A-3, B-4, C-1, D-2
Answer: A

Question No : 6

Which SmartConsole tool would you use to see the last policy pushed in the audit log?
A. SmartView Tracker
B. None, SmartConsole applications only communicate with the Security Management Server.
C. SmartView Status
D. SmartView Server
Answer: A 

Question No : 7

NAT can NOT be configured on which of the following objects?
A. HTTP Logical Server
B. Gateway
C. Address Range
D. Host
Answer: A

Question No : 8

Which of the following can be found in cpinfo from an enforcement point?
A. Everything NOT contained in the file r2info
B. VPN keys for all established connections to all enforcement points
C. The complete file objects_5_0.c
D. Policy file information specific to this enforcement point
Answer: D

Question No : 9

All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
Answer: B

Question No : 10

How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?
A. By using the Clear User Cache button in SmartDashboard.
B. Usernames and passwords only clear from memory after they time out.
C. By retrieving LDAP user information using the command fw fetchldap.
D. By installing a Security Policy.
Answer: D

Question No : 11

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. Automatic ARP must be unchecked in the Global Properties.
B. Nothing else must be configured.
C. A static route must be added on the Security Gateway to the internal host.
D. A static route for the NAT IP must be added to the Gateway¡¯s upstream router.
Answer: C

Question No : 12

In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.
A. 259
B. 900
C. 256
D. 80
Answer: C

Question No : 13

Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway¡¯s Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?
A. Logging implied rules
B. User-defined alert script
C. SNMP trap
D. SmartView Monitor Threshold
Answer: B

Question No : 14

You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway¡¯s VPN domain?
A. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
B. An office mode address must be obtained by the client.
C. The SNX client application must be installed on the client.
D. Active-X must be allowed on the client.
Answer: A

Question No : 15

When you hide a rule in a Rule Base, how can you then disable the rule?
A. Hidden rules are already effectively disabled from Security Gateway enforcement.
B. Right-click on the hidden rule place-holder bar and select Disable Rule(s).
C. Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.
D. Use the search utility in SmartDashboard to view all hidden rules. Select the relevant rule and click Disable Rule(s).
Answer: C

Question No : 16

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user¡¯s credentials?
A. Access Policy
B. Access Role
C. Access Rule
D. Access Certificate
Answer: B

Question No : 17

Which rule is responsible for the installation failure?

A. Rule 5
B. Rule 4
C. Rule 3
D. Rule 6
Answer: B

Question No : 18

Which authentication type permits five different sign-on methods in the authentication properties window?
A. Client Authentication
B. Manual Authentication
C. User Authentication
D. Session Authentication
Answer: A

Question No : 19

Which utility allows you to configure the DHCP service on GAiA from the command line?
A. ifconfig
B. sysconfig
C. cpconfig
D. dhcp_cfg
Answer: B

Question No : 20

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?
A. No extra configuration is needed.
B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.
Answer: D
Some similar or invalid comments have been hidden.

Leave your Review

Your Rating