Top 10 keys 156-115.77 for IT engineers (101 to 110)

Want to know Pass4sure 156-115.77 Exam practice test features? Want to lear more about Check Point Check Point Certified Security Master certification experience? Study Vivid Check Point 156-115.77 answers to Replace 156-115.77 questions at Pass4sure. Gat a success with an absolute guarantee to pass Check Point 156-115.77 (Check Point Certified Security Master) test on your first attempt.

2021 Dec 156-115.77 vce

Q101. - (Topic 7) 

What does “cphwd_nat_templates_enabled=1” do when entered into fwkern.conf? 

A. Disables NAT templates when SecureXL is turned on. 

B. Enables NAT templates when SecureXL is turned on. 

C. Enables NAT templates at all times. 

D. Disables NAT templates at all times. 


Q102. - (Topic 8) 

What command displays the Connections Table for a specified CoreXL firewall instance? 

A. fw tab –t connections –s 

B. fw -t connections [flags] C. fw tab –t connection | grep fw<FW_INSTANCE_ID> 

D. fw tab –t connections 


Q103. - (Topic 11) 

Henry is attempting to verify VPN connectivity between two hosts, x and y. Of the following commands, which could be BEST used to verify connectivity of this VPN? 

A. [Expert@HostName]# fw monitor -e "((src=x.x.x.x , dst=y.y.y.y) or (src=y.y.y.y, dst=x.x.x.x)), accept;" x-o /var/log/fw_mon.cap 

B. [Expert@HostName]# fw monitor -e "host(x.x.x.x) and host(y.y.y.y), accept;" -o /var/log/fw_mon.capw monitor -e "accept;" -o /var/log/fw_mon.cap 

C. [Expert@HostName]# fw monitor -e "(ip_p=X) or (ip_p=Y, port(Z)), accept;" -o /var/log/fw_mon.cap 

D. [Expert@HostName]# fw monitor -e "ip_p=X, accept;" -o /var/log/fw_mon.cap 


Q104. - (Topic 10) 

Which of the following is true when IPv6 is enabled on a Security Gateway? 

A. An interface on the Gateway can either have IPv4 or IPv6 IP address or have both. 

B. As of version R77, IPv6 is only supported on Security Management Server. 

C. IPv4 will be completely disabled when IPv6 has been enabled. 

D. An interface on the Gateway can either have IPv4 or IPv6 IP address but cannot have both. 


240. - (Topic 10) 

What VSX components do not support IPv6 in R77 VSX mode? 

A. VSX mode does not support IPv6 

B. All devices support IPv6 

C. Virtual Systems 

D. Virtual Routers 


Q105. - (Topic 4) 

You are troubleshooting a VPN issue between your gateway and a partner site and you get a drop log on your gateway that states “Clear text packet should be encrypted”. Which of the following would be the best troubleshooting step? 

A. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving the initiating (partner) gateway as clear text. 

B. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving local (your) gateway as clear text. 

C. Your phase one algorithms are mismatched between gateways. 

D. This is management traffic and we need to enable implied rule to address this issue. 


Topic 5, SecureXL Acceleration debugging 

Update 156-115.77 exam prep:

Q106. - (Topic 5) 

Certain rules will disable connection rate acceleration (templates) in the Rule Base. What command should be used to determine on what rule templates are disabled? 

A. cpconfig 

B. cphaprob -a if 

C. fw ctl pstat 

D. fwaccel stat 


122. - (Topic 5) 

The command fwaccel stat displays what information? 

A. Accelerator status, accept templates, drop templates 

B. Accelerated packets, accept templates, dropped packets 

C. Accelerator status, accelerated rules, drop templates 

D. Accelerator status, CoreXL state, drop templates 


Q107. - (Topic 3) 

How do you clear the connections table? 

A. Run the command fw tab –t connections –x 

B. In Gateway Properties > Optimizations click Clear connections table 

C. Run the command fw tab –t conns –c 

D. Run the command fw tab –t connections –c 


Q108. - (Topic 7) 

When a cluster member is completely powered down, how will the other member identify if there is network connectivity? 

A. The working member will ARP for the default gateway. 

B. The working member will look for replies to traffic sent from internal hosts. 

C. The working member will automatically assume connectivity. 

D. The working member will Ping IPs in the subnet until it gets a response. 


Q109. - (Topic 9) 

Which of the following IPS Layers is a set of signatures and/or handlers, where: 

?Signature is a malicious pattern that is searched for. 

?Handler is the INSPECT code that performs more complex inspection. 

A. Passive Streaming Library (PSL) 

B. Protections 

C. Context Management Interface layer (CMI) 

D. Protocol Parsers 


Q110. - (Topic 8) 

CoreXL on IPSO R77.20 does NOT support which of the following features? 

A. Check Point QoS 

B. IPv6 

C. Overlapping NAT 

D. Route-based VPN 


see more 156-115.77 dumps