Vendor: Check Point
Exam Code: 156-915.76
Exam Name: Check Point Certified Security Expert Update Blade
To force clients to use integritySecurity Workspace when accessing sensitive applications, the
Administrator can configure Connectra:
A. Via protection levels
B. To implement integrity Clientless Security
C. To force the user to re-authenticate at login
D. Without a special setting. Secure Workspace is automatically configured.
The default port for browser access to the Management Portal is
In which case is a Sticky Decision Function relevant?
A. Load Sharing – Unicast
B. Load Balancing – Forward
C. High Availability
D. Load Sharing – Multicast
YoujustupgradedtoR71 and are using the IPS Software Blade You want toenable all critical
protections while keeping the rate of false positively verylow.How can you achieve this?
A. The new IPS system is basedon policies, but it has no abilitytocalculate or change the confidence level, so it always has a high rate of falsepositives.
B. This can t be achieved; activating any IPS system always causes ahigh rate of false positives.
C. The new IPS system is based on policies and gives you the abilitytoactivate all checks with critical severity and a high confidence level.
D. As in SmartDefense,this can be achieved by activating all the criticalchecks manually.
Refer to the network topology below. You have IPS Software Blades active on the Security
Gateways sglondon, sgla, andsgny, but still experience attacks on the Web server in the New
York DMZ. How is this possible?
A. AH of these options are possible.
B. The attacker may have used a bunch of evasion techniques likeusing escape sequence instead of cleartext commands.It is also possible that thereare entry points not shown in the network layout, like rogue access points.
C. Since other Gateways do not have IPS activated, attacks may originate from their network without anyone noticing.
D. An IPS may combine different detection technologies, but is dependent on regular signature updates and well-turned anomaly algorithms.Even if this is accomplished, notechnology can offer 100 % protection.
Which of the following is NOT an Smartevent event-triggered Automatic Reaction?
B. Block Access
C. External Script
D. SNMP Trap
Your company has the requirement that SmartEvent reports should show a detailed and
accurate view of network activity but also performance should be guaranteed. Which actions
should be taken to achieve that?
A. (i), (ii) and (iv)
B. (i), (iii), (iv)
C. (ii) and (iv)
D. (i) and (ii)
What SmartConsole application allows you to change the Log Consolidation Policy?
C. SmartEvent Server
D. Smart Dashboard
In configure a client to property log in to the user portal using a certificate, the Administrator
A. Create aninternal userin the admin portal.
B. Install an R71 internal Certificate Authority certificate.
C. Create a client certificate fromSmart Dashboard
D. Store the clientcertificate on the SSL VPN Gateway
What process manages the dynamic routing protocols (ospp, RIP, etc) on SecurelPlatform
D. There s no separate process, but the Linux default router can take care of that.
To change the default port of the Management Portal,
A. Editthe masters.conffileon the Portal server.
B. Modify the file cp_httpd_admin.conf.
C. Run sysconfig and change the management interface
Where do Gateways managed by SmartProvisioning fetch their assigned profiles?
A. The Smartview Monitor
B. The standalone SmartProvisioning server
C. The Security Management server or CMA
D. They are fetched locally from the individual device
When synchronizing clusters, which of the following statements is NOT true?
A. Client Auth or Session Auth connections through a cluster member will be lost if the cluster member fails.
B. The stare of connection using resources is maintained by a Security Server, so there connections cannot be synchronized.
C. Only cluster members running on me same OS platform can be synchronized.
D. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
What command will allow you to disable sync on a cluster firewall member?
A. fw ctl setaync 0
B. fw ctl syncsatat stop
C. fw ctl syncstat off
D. fw ctl setsync off
By default, a standby Security Management Server is automatically synchronized by an
active Security Management Server, when:
A. The Security Policy is saved.
B. The Security Policy is installed.
C. The user database is installed.
D. The standby Security Management Server starts for the first time.
A customer is calling saying one member’s status is Down.What will you check?
A. cphaprob list (verify what critical device is down)
B. Fw ctl debug m cluster + forward(forwarding layer debug)
C. tcpdump/snoop (CCP traffic)
D. fw ctlpstat (check sync)
You have a High Availability ClusterXL configuration.Machines arenot synchronizer. What
happens to connections on failover?
A. It is not possible to configure High Availabilitythat is not synchronized.
B. B. Old connections are lost but can be reestablished.
C. Connection cannot be established until cluster members are fully synchronized.
D. Old connections are lost but are automatically recovered whenever the failed machine recovers.
When using ClusterXl in load sharing, what method is used be default?
A. IPs, SPIs
B. IPs, Ports, SPIs
D. IPs, Ports
John isconfiguring anew R17 Gateway cluster but he cannot configurethecluster asThird
Party IP Clusteringin Gateway Cluster Properties:
What s happening?
A. Johnis not using thirdparty hardware asIP Clustering ispart of Check Point sIPAppliance.
B. Third Party Clustering is not available for R71 Security Gateways.
C. ClusterXLneeds to be unsetected to permit 3nd party clustering configuration.
D. John has an invalid ClusterXL license
A customer calls saying that a load-sharing cluster shows drops with the error First packet is
not SYN.Completethe followingsentence. I will recommend:
A. Change the load on each member.
B. configuring flush and ack
C. turning off SDF (Sticky Decision Function)
D. turning on SDF (Sticky Decision Function)
If you want to pass Check Point 156-915.76 successfully, donot missing to read latest lead2pass Check Point 156-915.76 practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.