Top 10 braindumps 156-115.77 for consumer (21 to 30)

Cause all that matters here is passing the Check Point 156-115.77 exam. Cause all that you need is a high score of 156-115.77 Check Point Certified Security Master exam. The only one thing you need to do is downloading Pass4sure 156-115.77 exam study guides now. We will not let you down with our money-back guarantee.

2017 Feb 156-115.77 exam question

Q21. - (Topic 11) 

Which of the these dynamic route protocols CANNOT be used along with VTI (VPN Tunnel Interface). 

A. OSPFR 

B. IGRP 

C. IPv1 

D. BGP4 

Answer:


Q22. - (Topic 3) 

You run the command fw tab -t connections -s on both members in the cluster..Both members report differing values for "vals" and "peaks"..Which may NOT be a reason for this difference? 

A. Synchronization is not working between the two members 

B. SGMs in a 61k environment only sync selective parts of the connections table. 

C. Heavily used short-lived services have had synchronization disabled for performance improvement. 

D. Standby member does not synchronize until a failover is needed. 

Answer:


Q23. - (Topic 3) 

Which command clears all the connection table entries on a Security Gateway? 

A. fw tab –t connetion –u 

B. fw ctl tab –t connetions –u 

C. fw tab –t connetion -s 

D. fw tab –t connections -x 

Answer:


Q24. - (Topic 2) 

Ann wants to hide FTP traffic behind the virtual IP of her cluster. Where is the relevant file table.def located to make this modification? 

A. $FWDIR/log/table.def 

B. $FWDIR/conf/table.def 

C. $FWDIR/bin/table.def 

D. $FWDIR/lib/table.def 

Answer:


Q25. - (Topic 3) 

You run the commands: 

fw ctl debug 0 

fw ctl debug -buf 32000 

Which of the following commands would be best to troubleshoot a clustering issue? 

A. fw ctl zdebug -m cluster + all 

B. fw ctl debug -m CLUSTER + conf stat 

C. fw ctl debug -m cluster + pnote stat if 

D. fw ctl kdebug -m CLUSTER all 

Answer:


Updated 156-115.77 book:

Q26. - (Topic 6) 

You issue the command fwaccel stat and see the following: 

What is a possible reason that the “accept templates” is disabled? 

A. Rule one is a drop rule. 

B. Rule one uses static NAT. 

C. Rule one contains a time object. 

D. Your administrator has not enabled templating. 

Answer:


Q27. - (Topic 2) 

While troubleshooting a connectivity issue with an internal web server, you know that packets are getting to the upstream router, but when you run a tcpdump on the external interface of the gateway, the only traffic you observe is ARP requests coming from the upstream router. Does the problem lie on the Check Point Gateway? 

A. Yes – This could be due to a misconfigured route on the firewall. 

B. No – This is a layer 2 connectivity issue and has nothing to do with the firewall. 

C. No – The firewall is not dropping the traffic, therefore the problem does not lie with the firewall. 

D. Yes – This could be due to a misconfigured Static NAT in the firewall policy. 

Answer:


Q28. - (Topic 7) 

What is the best way to see how a firewall is performing while processing packets in the firewall path, including resource usage? 

A. fw getperf 

B. SecureXL stat 

C. fwaccel stats 

D. fw ctl pstat 

Answer:


Q29. - (Topic 4) 

Which program could you use to analyze Phase I and Phase II packet exchanges? 

A. vpnView 

B. Check PointView 

C. IKEView 

D. vpndebugView 

Answer:


Q30. - (Topic 5) 

A firewall administrator knows the details of the packet header for an already established connection going through a firewall. What command will show if SecureXL will accelerate that packet? 

A. fw ctl zdebug + sxl error warning asm 

B. fwaccel conns 

C. fwaccel templates 

D. fw tab –t connections –f | grep ‘dest. port #’ | grep ‘source port #’ | grep ‘dest. IP address’ 

Answer:



see more 156-115.77 dumps