|Checkpoint 156-726.77 : Secure Web Gateway||66 Questions & Answers||Updated: Feb 14,17|
Immediate access to the Checkpoint 156-726.77 Exam and 1800+ other exam PDFs.
This is the BEST deal at only $149.00 for unlimited access. Pass FAST with actual answers to actual questions - We Guarantee You Pass!
Both of our Exams Packages come with all of our Checkpoint Exams including all ActualTests 156-726.77 tests. Find the same core area Checkpoint questions with professionally verified answers, and PASS YOUR EXAM.
Option 1: 156-726.77 exam and 1,800+ Other Exams
OR - Upgrade the Unlimited Access Package to include our Exam Engine. Know more than just the answers, understand the solutions! There is an Exam Engine for each of the 1,800 tests, including Checkpoint 156-726.77. Why Upgrade?
Option 2: 156-726.77 exam, 1,800+ Other Exams PLUS Exam Engine
ActualTests 156-726.77 Exam Engine Features
Customize your Secure Web Gateway certification experience.
Checkpoint 156-726.77 Exam Tips
When you install the Management Module and GUI Client on a Windows NT Server:
A. The Windows NT Server in which you install becomes the Management Module and Authentication GUI for the Enforcement Module.
B. The Administration GUI resides on the Enforcement Module and the Management Module resides on its own machine.
C. The Windows NT Server on which you install becomes the Enforcement Module.
D. The Administration GUI only resided on the Management Module. (correct)
E. The Administration GUI communicated with the Management Module on port 257.
This is true, by default, you have to install every single GUI client throughout your network manually, so if you install a management module on an NT, and you install a GUI client in the same machine, the administrator GUI only resides on that machine. In the question and the answers, you never touched another host, so there are not other GUI clients through your network.
With Secure Client, if you have more than one network adapter: (Choose all that apply)
A. VPN-1/Firewall-1 adapters can be bound to all of them. (correct)
B. In Windows 3x, the binding is static and takes place when Secure Client is installed.
C. On Windows NT, the binding is dynamic and takes place upon reboot. (correct)
D. On Windows 2000, the binding is static and takes place when Secure Client is installed.
E. A, B and C.
Here is what the official documentation says If you have more than one adapter, FW1 can bound to all of them. In Windows 98, the binding is static, and takes place when secure client is installed. On NT/2000, the binding is dynamic, and takes place upon reboot.
See Page 12.35 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
VPN-1/FireWall-1 allows a Security Administrator to define four types of Certificate Authorities. Which of the following is NOT a type of Certificate Authority that can be defined in VPN-1/FirwWall-1?
A. OPSEC PKI
B. External SmartCenter Server
C. Entrust PKI
D. VPN-1 Certificate Manager
E. Caching Only Certificate Manager (correct)
p208 Check Point Mgmt II Student Manual
As with any other object, a Name is given and you can define a Comment
and Color. The Certificate Authority pull-down menu lists the
four choices for creating a CA server object:
VPN-1 Certificate Manager This was Check Point's proprietary
twist on Entrust's Certificate Manager. This product line was dropped
in December 2001 but is listed to handle backward compatibility
Entrust PKI This OPSEC partner offers a PKI solution. See
for more details.
OPSEC PKI This option encompasses non-Entrust OPSEC PKI solutions.
For a listing of current OPSEC-certified PKI solutions, go to
External Management Server This option is for Check Point certificates
that you import from other Check Point SmartCenter Servers.
NG's implementation of IKE supports X.509 digital certificates from
these sources. Keep in mind that you can have only one certificate
from each CA, and each CA must have a unique DN.
SYN flood attacks are used in the Denial-of-Service (Dos) attacks, or in conjunction with other exploits to block access to a server network.
A. True (correct)
This is true, the SYN flood attack never completes the third step of the 3 way TCP handshake, it never sends the ACK, this makes the attacked server to allocate memory to connections that will never be completed, with thousands of this uncompleted connections the protocol stack at the server gets and overflow and crash the O.S. The SYN Flood is considered a DoS attack, it can be used in conjunction of other attacks like IP spoofing.
Which command is used to export a group of users from VPN-1/Firewall?
A. Fw dbexport.
D. Ldap export.
E. fwm dbimport (correct)
The fw dbimport and fw dbexport commands have been replaced by the fwm dbimport and fwm dbexport commands.
You are using Hybrid IKE. SecuRemote produces the error 'Certificate is badly signed'. Which of the following lists the most likely cause of the problem, and the appropriate remedy?
A. The distinguished name used in the 'fw interalca create' and 'fw interalca certify' commands is too long. In this case, use a shorter name.
B. Under the Firewall object> VPN> IKE> Support Authentication Methods, Hybrid is unchecked. Select Hybrid and stop and start the firewall.
C. The Certificate created by internal CA is corrupt. Recreate the certificate with the force option.
D. SecuRemote version is lower then 4.1 SP1. Upgrade SecuRemote. (correct)
E. None of the above.
This is a well-known problem with SecuRemote, if you are using Hybrid IKE, you need to upgrade your SecuRemote software at east to 4.1 with SP1, this will make the problem disappear. The problem is caused by the way previous versions of SecuRemote manage the certificate validation and multiple definitions of certificate standards that are provided by the Hybrid Authentication scheme.
The 'Man in the Middle' threat consists of the possibility of a third party intercepting the private keys of you and another correspondent, even though you think you're communicating directly with each other.
A. True (correct)
Yes, when you are suffering a 'Man in the middle attack' everything seems to be right with your communication, the problem is that you have an agent in the middle of the communication capturing your information (data, encryption keys). The difference between a 'man in the middle' attack and a Session Hijacking is that the first is passive. The 'Man in the middle' attack is very difficult to detect.
When you conduct a distributed installation of VPN-1/Firewall-1:
A. The S V N Foundation component is installed on all modules. (correct)
B. The Enforcement Module is distributed among VPN-1/Firewall-1 Modules.
C. All VPN-1/Firewall-1 files are installed on multiple machines.
D. Any Windows NT server on which you install Check Point VPN-1/Firewall-1 becomes the Enforcement Module.
E. You do not need Windows NT administrative privileges.
this is true, here is what the official courseware says: 'Checkpoint SVN Foundations NG' is the Checkpoint Operating System that is silently installed with every Checkpoint product. SVN provides a true Secure Virtual Network architecture that provides an integrated framework for deploying and managing an Internet security implementation.
See Pages 1.2 and 1.19 of CCSA NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
If the Persistent Server mode check box is selected in the Logical Server Properties window, which of the following is TRUE?
A. Once a client is connected to a physical server, the client will continue to connect to that server for the duration of the session. (correct)
B. Once the server is connected to a client, the server will continue to connect to that client for the duration defined in the Logical Server Properties window.
C. Once the client is connected to a physical sever, the client will only connect to that server for a single session.
D. After a client has connected to a physical server, the client disconnects from the server.
If selected, 'Persistent Server mode' allows some fine-tuning of the load balancing process. When enabled, you can enforce connection persistence, meaning you can force packets from an established flow to continue to a single destination. You can select to 2 modes: 'Persistent by service' and 'Persistent by server'. The relation is client to server, so its the client the one that keeps connecting to the same server. See page 155 of Syngress Book 'Checkpoint NG Next Generation Security Administration'.
All Major Credit CardsWe accept Visa, Mastercard, Electron and American Express. You can also pay us via PayPal.
SSL Secure Transactions