1. Home
  2. CheckPoint
  3. 156-915.77

Check Point Certified Security Expert Update

Exam Details

  • Exam Code
    :156-915.77
  • Exam Name
    :Check Point Certified Security Expert Update
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :233 Q&As
  • Last Updated
    :Mar 04, 2025

CheckPoint Checkpoint Certifications 156-915.77 Questions & Answers

  • Question 171:

    A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

    A. destination on server side

    B. source on server side

    C. source on client side

    D. destination on client side

  • Question 172:

    You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

    A. No extra configuration is needed.

    B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.

    C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.

    D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

  • Question 173:

    An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.

    A. client side NAT

    B. source NAT

    C. destination NAT

    D. None of these

  • Question 174:

    You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:

    Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original

    "web_public_IP" is the node object that represents the new Web server's public IP address. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.

    When you try to browse the Web server from the Internet you see the error "page cannot be displayed".

    Which of the following is NOT a possible reason?

    A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.

    B. There is no ARP table entry for the protected Web server's public IP address.

    C. There is no route defined on the Security Gateway for the public IP address to the Web server's private IP address.

    D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

  • Question 175:

    In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:

    A. It is not necessary to add a static route to the Gateway's routing table.

    B. It is necessary to add a static route to the Gateway's routing table.

    C. The Security Gateway's ARP file must be modified.

    D. VLAN tagging cannot be defined for any hosts protected by the Gateway.

  • Question 176:

    Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?

    A. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

    B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.

    C. Use automatic Static NAT for network 10.1.1.0/24.

    D. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.

  • Question 177:

    Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

    A. This is an example of Hide NAT.

    B. There is not enough information provided in the Wireshark capture to determine the NAT settings.

    C. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.

    D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

  • Question 178:

    Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:

    Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using

    200.200.200.5.

    The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.

    Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

    A. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

    B. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    C. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source - group object; Destination any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original.

  • Question 179:

    Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti- spoofing settings. What is causing this?

    A. Manual NAT rules are not configured correctly.

    B. Allow bi-directional NAT is not checked in Global Properties.

    C. Routing is not configured correctly.

    D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.

  • Question 180:

    You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.

    A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.

    B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).

    C. Yes, there are always as many active NAT rules as there are connections.

    D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-915.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.