Best Deal for Unlimited Exam Access
The Fastest Way to Pass Any Exam for Only $149.00

Exam Code: 156-727.77
Exam Name: Threat Prevention
Certifications: View All..
Vendor: Checkpoint

53 Questions & Answers
Last update: Oct 11,19
Verified by IT Certification Professionals

Get Instant Access to 156-727.77 Exam and 1,200+ More

Unlimited Lifetime Access Package

  • Access any exam on the entire ActualTests site for life!

  • Our $149.00 Unlimited Access Package buys unlimited access to our library of downloadable PDFs for 1200+ exams.

  • You download the exam you need, and come back and download again when you need more. Your PDF is ready to read or print, and when there is an update, you can download the new version. Download one exam or all the exams - its up to you.

$149.00/lifetime

Actual Test Exam Engine

Upgrade your Unlimited Lifetime Access with our interactive Exam Engine! Working with the ActualTests Exam Engine is just like taking the actual tests, except we also give you the correct answers. See More >>

Total Cost: $348.00

Checkpoint 156-727.77 Exam Reviews 156-727.77 Exam Engine Features

Checkpoint 156-727.77 Exam Tips

Which of the following statements is FALSE?

Answers:
A. A SYN flood attack is an attack against a service designed to make a server unavailable.
B. A SYN flood attack exploits the limitations of the TCP/IP protocol.
C. During SYN flood attack, a client sends a SYN/NACK to a server and data exchange begins. (correct)
D. During a SYN flood attack, a server replies with a SYN/ACK identified by the source IP address in an IP header.

Explanation:

This is false, during the attack, the client send 'SYN/ACK' packets, if the attacker sends 'SYN/NACK' the server will drop the connection and the SYN FLOOD attack wouldn't be successful. Remember that a NACK its a 'Not acknowledge', so this cant establish a valid TCP connection.

Dr Bill is preparing to implement remote-access VPNs, using VPN-1/FireWall-1 and SecureClient. When Dr Bill selects an authentication method, it must meet the following requirements:

Answers:
A. The authentication method must support existing authentication methods, including OS passwords and RADIUS, for ClientAuthentication.
B. The Enforcement Module must use certificates, to authenticate itself to the client.
C. The authentication method must be flexible, allowing other authentication solutions to be added, including SecureID and TACACS.
D. Which authentication method should Dr Bill choose?
E. Digital Certificates (correct)
F. Pre-shared Secrets
G. LDAP
H. Public Key Signatures
I. Hybrid Mode

Dr Bill is a security consultant. Dr King's client uses a 56-bit DES encryption key for its VPN-1/FireWall-1 VPNs. Dr Bill informs his client that as a banking concern, the client is not using a long enough key to comply with new industry regulations. New industry regulations require a key length of no less then 120 bits. The new industry standards expressly prohibit the use of proprietary algorithms. Which of the following solutions could Dr Bill suggest to his client, to help the client achieve regulatory compliance? (Choose two)

Answers:
A. BlowFish
B. RC4
C. AES (correct)
D. 3DES (correct)
E. CAST

The internal program, know as alertf , allows an operator to define how many events with in a defined number of seconds before the script is executed.

Answers:
A. True (correct)
B. False

Explanation:

Alertf is a program that acts as a wrapper for user-defined scripts. It simplifies the process of launching your user defined event by allowing some specific criteria. It does this by enabling you to specify a threshold that must be met in order for your user-defined script to be executed. See Page 400 of Syngress Book 'Checkpoint NG Next Generation Security Administration'.

A Security Administrator wants to reduce the load on Web servers located in a DMZ. The servers are configured with the same Web pages for the same domain, and with identical hardware. Which of the following is the BEST answer to help balance the load on the Web servers?

Answers:
A. Round Trip
B. Round Robin
C. Server Load (correct)
D. Domain
E. Cluster

You are the VPN-1/Firewall-1 administrator for a company WAN. You want all users to communicate across WAN securely. You must use an encryption scheme that does not change packet size, to allow for better network performance. You must also be able to define the Certificate Authority from your local VPN-1/Firewall-1 Management Module. Which encryption scheme do you choose?

Answers:
A. Rgindal
B. FWZ (correct)
C. IKE
D. Triple DES.
E. Manual IPSec.

Explanation:

FWZ support in-place encryption, encrypting the payload portion (data) of the packet and leaving the original TCP/IP headers intact. Because packet size is not increased, in-place encryption allows for better network performance than the provided by IKE encryption. FWZ encryption gets certified Diffie-Hellman public keys from a trusted certificate authority, the CP Management server.
See Page 7.16 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
Explanation:
FWZ is and has not been supported by checkpoint since NGFP1.

By default where does VPN-1/Firewall-1 look for a user-defined tracking script?

Answers:
A. $FWDIR/root directory on the GUI client.
B. $FWDIR/local directory on the firewall.
C. $FWDIR/bin directory on the Management Server. (correct)
D. $FWVPN/bin directory on the firewall.
E. $FWDIR/bin/base directory on the Management Server.

Explanation:

As stated in the official CCSE Courseware - The user defined tracking scripts must be placed in the $FWDIR/BIN folder on the management station. With user defined tracking scripts you can allow the following: custom log filter programs to log screen entries generated by a specific rule, alerts when a complex condition is met, a single rule to generate different types of alarms for different conditions.
See Page 3.3 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

Dr Bill is using VPN-1/FireWall-1 to provide load balancing for his Web servers. When a client initiates a session with one of Dr King's Web servers it must be able to retain its connection with the same server for the entire session. Which load-balancing mode is MOST appropriate for Dr King's environment?

Answers:
A. Standby Server
B. Relay Server
C. Continuous Server
D. Active Server
E. Persistent Server (correct)

Explanation:
Persistent Server Mode should always be turned on. This option is the
'superglue' of the logical server: It makes the connection stay with the same
server or service for a time frame specified by you in the Global Properties.
Persistent Server Mode is helpful with services such as FTP , which involve
an active connection. You want the connection to stay with the same server
throughout the duration of the session. That way, if there is a break in the
session, you will be able to get back to that specific server to complete the
download. With Persistent Server Mode turned on (it is on by default), two
persistency options are available: You can choose to make the connection
persistent based on either the service being used (HTTP, FTP, and so on) or
the server selected by the algorithm.

Some VPN-1/Firewall-1 tracking options generate log entries and trigger executables. These executables take the form of:

Answers:
A. User-defined executables in $FWDIR/local.
B. SNMP traps, or other functions defined by security engineers, EXCEPT socket-based applications.
C. SNMP traps, alter emails, or other functions defined by security engineers. (correct)
D. User-defined JAVA scripts in $FWDIR/bin
E. SMS traps, alert emails, or other functions defined by security engineers.

Explanation:

Tracking is the process of creating definitions in which the parameters of an alert or log are established. Tracking occurs when an option is defined in the track column of a rule in the rule base, as well as when an object is defined. Certain tracking options will just generate a log entry, viewable in the log viewer, while other tracking options will generate a log entry and trigger an executable. These executables can take the form of an SNMP trap, sending an alert e-mail, or any other function that a security engineer can define.
See Page 3.2 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

Related Certifications Included