Exam Code: 156-115.77 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Master
Certification Provider: Check Point
Free Today! Guaranteed Training- Pass 156-115.77 Exam.
2017 Jan 156-115.77 exam
Q31. - (Topic 7)
What should you do after editing fwkern.conf to enable NAT templates?
A. Install database B. Reboot
C. Install policy
D. Make sure the change shows up in Smartview Monitor
Q32. - (Topic 5)
In the policy below, which rule disables SecureXL?
Q33. - (Topic 1)
What does the IP Options Strip represent under the fw chain output?
A. IP Options Strip is not a valid fw chain output.
B. The IP Options Strip removes the IP header of the packet prior to be passed to the other kernel functions.
C. The IP Options Strip copies the header details to forward the details for further IPS inspections.
D. IP Options Strip is only used when VPN is involved.
Topic 2, NAT
Q34. - (Topic 10)
How do you disable IPv6 on an IPSO gateway?
A. Run $FWDIR/scripts/fwipv6_enable off and reboot.
B. Remove the IPv6 license from the gateway.
C. You cannot disable IPv6.
D. In IPSO go to System Management > System Configuration, set IPv6 Support to off, and click Apply.
Q35. - (Topic 4)
Your company has recently decided to allow remote access for clients. You find that no one is able to connect, although you are confident that your rule set and remote access community has been defined correctly. What is the most likely cause, based on the options below? You have the following debug file: A. RDP is being blocked upstream.
B. You have selected IKEv2 only in Global Properties > Remote Access > VPN – Authentication and Encryption.
C. Remote access clients are all behind NAT devices.
D. Implied rule is not set to accept control connections.
Most recent 156-115.77 exam topics:
Q36. - (Topic 1)
When using the command fw monitor, what command ensures the capture is accurate?
A. export TDERROR_ALL_ALL=5
B. fwaccel off
C. fwaccel on
D. fw accel off
C1O2 - Chain Modules
Q37. - (Topic 3)
From the output of the following cphaprob -i list, what is the most likely cause of the clustering issue?
Cluster B> cphaprob -i list Built-in Devices: Device Name: Interface Active Check Current state: OK Device Name: HA Initialization Current state: OK Device Name: Recovery Delay Current state: OK Registered Devices: Device Name: Synchronization Registration number: 0 Timeout: none Current state: OK
Time since last report: 3651.5 sec
Device Name: Filter Registration number: 1 Timeout: none Current state: problem Time since last report: 139 sec Device Name: routed Registration number: 2 Timeout: none Current state: OK Time since
last report: 3651.9 sec
Device Name: cphad Registration number: 3 Timeout: none Current state: OK Time since last report: 3696.5 sec Device Name: fwd Registration number: 4 Timeout: none Current state: OK Time since last
report: 3696.5 sec
A. There is an interface down on Cluster A
B. There is a sync network issue between Cluster A and Cluster B
C. The routing table on Cluster B is different from Cluster A
D. Cluster B and Cluster A have different versions of policy installed.
60. - (Topic 3)
What is the function of the setting "no_hide_services_ports" in the tables.def files?
A. Preventing the secondary member from hiding its presence by not forwarding any packets.
B. Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.
C. Hiding the particular tables from being synchronized to the other cluster member.
D. Preventing outbound traffic from being hidden behind the cluster IP address.
Q38. - (Topic 3)
Which of the following is NOT a cphaprob status?
C. “Backup” D. “Down Attention” (or “Down!” in VSX mode)
Q39. - (Topic 2)
Where in a fw monitor output would you see destination address translation occur in cases of inbound automatic static NAT?
A. Static NAT does not adjust the destination IP
B. Between the “i” and “I”
C. Between the “I” and “o”
D. Between the “o” and “O”
Q40. - (Topic 7)
You are a system administrator and you are working with Support. Support asked you to enable kernel core dumps on the files. You are unsure if this has already been set. You run the command chkconfig -list kdump. Does the screen capture tell you if kernel dumps are enabled on this gateway?
A. There is not enough information to determine if kernel core files will be generated.
B. Yes kernel dump has been enabled and kernel files should be captured.
C. Kdump has nothing to do with kernel core file generation.
D. All values should be set to “on”. A kernel core dump will not be created.
see more 156-115.77 dumps