156-115.77 Exam Details

  • Exam Code
    :156-115.77
  • Exam Name
    :Check Point Certified Security Master
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :295 Q&As
  • Last Updated
    :Dec 09, 2024

CheckPoint 156-115.77 Online Questions & Answers

  • Question 1:

    You are configuring dynamic VPN routing using OSPF. You have defined the gateways, created a fully meshed VPN Community that includes all participating Gateways; created a rule to accept OSPF and configured dynamic routing. OSPF adjacencies are not establishing. Which of the following could explain why?

    A. You have overlapping encryption domains.
    B. You have not configured VTIs.
    C. You must to create a VPN star community.
    D. Check Point does not support dynamic VPN routing using OSPF.

  • Question 2:

    What does the IP Options Strip represent under the fw chain output?

    A. IP Options Strip is not a valid fw chain output.
    B. The IP Options Strip removes the IP header of the packet prior to be passed to the other kernel functions.
    C. The IP Options Strip copies the header details to forward the details for further IPS inspections.
    D. IP Options Strip is only used when VPN is involved.

  • Question 3:

    What will be the outcome if you set the kernel parameters cphwd_nat_templates_enabled and cphwd_nat_templates_support?

    A. This would enable Hide NAT support.
    B. These parameters are mutually exclusive and cannot be used at the same time.
    C. This would enable SecureXL NAT templates.
    D. These are not valid parameters.

  • Question 4:

    Which FW-1 kernel flags should be used to properly debug and troubleshoot NAT issues?

    A. nat, route, conn, fwd, zeco, err
    B. nat, xlate, fwd, vm, ld, chain
    C. nat, xltrc, xlate, drop, conn, vm
    D. nat, drop, conn, xlate, filter, ioctl

  • Question 5:

    When troubleshooting a performance problem on multicore firewall that is using CoreXL, what command checks the number of connections each core is processing?

    A. sim affinity -l
    B. cat fwkern.conf
    C. fw CTL pstat
    D. fw ctl multik stat

  • Question 6:

    What would be a reason to use the command cphaosu stat?

    A. To determine the number of connections from OPSEC software using Open Source Licenses.
    B. To decide when to fail over traffic to a new cluster member.
    C. This is not a valid command.
    D. To see the policy install dates on each of the members in the cluster.

  • Question 7:

    Which of the following is true when IPv6 is enabled on a Security Gateway?

    A. An interface on the Gateway can either have IPv4 or IPv6 IP address or have both.
    B. As of version R77, IPv6 is only supported on Security Management Server.
    C. IPv4 will be completely disabled when IPv6 has been enabled.
    D. An interface on the Gateway can either have IPv4 or IPv6 IP address but cannot have both.

  • Question 8:

    When VPN user-based authentication fails, which of the following debug logs is essential to understanding the issue?

    A. VPN-1 kernel debug logs
    B. IKE.elg
    C. Vpnd.elg
    D. fw monitor trace

  • Question 9:

    What is the best way to see how a firewall is performing while processing packets in the firewall path, including resource usage?

    A. fw getperf
    B. SecureXL stat
    C. fwaccel stats
    D. fw ctl pstat

  • Question 10:

    What is the function of the setting "no_hide_services_ports" in the tables.def files?

    A. Preventing the secondary member from hiding its presence by not forwarding any packets.
    B. Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.
    C. Hiding the particular tables from being synchronized to the other cluster member.
    D. Preventing outbound traffic from being hidden behind the cluster IP address.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.