1. Home
  2. CheckPoint
  3. 156-115.77

CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

156-115.77 Exam Details

  • Exam Code
    :156-115.77
  • Exam Name
    :Check Point Certified Security Master
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :295 Q&As
  • Last Updated
    :Dec 09, 2024

CheckPoint 156-115.77 Online Questions & Answers

  • Question 101:

    Which of the following IPS Layers is responsible for ensuring that only valid retransmission packets are allowed to proceed to destinations?

    A. Protocol Parsers
    B. Context Management Interface layer (CMI)
    C. Protections
    D. Passive Streaming Library (PSL)

  • Question 102:

    What would the following command fw monitor tell you?

    A. Only OSPF and FTP traffic between 10.10.10.86 and 192.168.10.4
    B. Only traffic between 10.10.10.86 and 192.168.10.4 on port 21 or port 89
    C. Only accepted traffic between 10.10.10.86 and 192.168.10.4, or any accepted FTP traffic, or any accepted OSPF traffic
    D. Any communication between 10.10.10.86 and 192.168.10.4, or any FTP traffic, or any OSPF traffic

  • Question 103:

    A firewall has 8 CPU cores and the correct license. CoreXL is enabled. How could you set kernel instance #3 to run on processing core #5?

    A. This is not possible CoreXL is best left to manage the Kernel to CPU core mappings. It is only when a daemon is bound to a dedicated core that CoreXL will ignore that CPU core when mapping Kernel instances to CPU cores.
    B. fw ctl affinity -s -k 3 5
    C. Run fwaffinity_apply t 3 -k 5 and then check that the settings have taken affect with the command fw ctl multik stat.
    D. Edit the file fwaffinity.conf and add the line "k3 cpuid 5"

  • Question 104:

    You are configuring a VTI in a clustered environment. Which of the following must be TRUE?

    A. Every interface on each member requires a unique IP address.
    B. Each member must have the same source IP address.
    C. You do not need to have cluster IP addresses.
    D. You cannot set up a VTI in a clustered environment.

  • Question 105:

    You have configured IPS on your network; you find you are being overwhelmed with what you believe are false positives. You investigated this traffic and confirmed they are false positives. What can you do to stop these IPS alerts?

    A. Right click the alert and "ignore"
    B. Disable the IPS protection for this network
    C. Use a SAM rule to categorize this traffic
    D. Add an exception for this traffic under the IPS protection

  • Question 106:

    What is the method to change the number of cores that CoreXL will use?

    A. cpconfig
    B. SmartDashboard
    C. sysconfig
    D. CoreXL automatically recognizes the number of cores on a system at startup so there is no method or reason to modify the setting.

  • Question 107:

    You have set up a manual NAT rule, however fw monitor shows you that the device still uses the automatic Hide NAT rule. How should you correct this?

    A. Move your manual NAT rule above the automatic NAT rule.
    B. In Global Properties > NAT ensure that server side NAT is enabled.
    C. Set the following fwx_alloc_man kernel parameter to 1.
    D. In Global Properties > NAT ensure that Merge Automatic to Manual NAT is selected.

  • Question 108:

    SecureXL uses templating to accelerate traffic passing through the gateway. What command should you run to determine if Accept, Drop and NAT templating is enabled?

    A. fwaccel stat
    B. fw ctl pstat
    C. cphaprob -a if
    D. cpconfig

  • Question 109:

    Which commands will properly set the debug level to maximum and then run a policy install in debug mode for the policy Standard on gateway A-GW from an R77 GAiA Management Server?

    A. setenv TDERROR_ALL_ALL=5 fwm d load A-GW Standard
    B. setenv TDERROR_ALL_ALL=5 fwm d load Standard A-GW
    C. export TDERROR_ALL_ALL=5 fwm d load Standard A-GW
    D. export TDERROR_ALL_ALL=5 fwm d load A-GW Standard

  • Question 110:

    Given the following IKEView output, what do we know about QuickMode Packet 1?

    A. Packet 1 proposes a symmetrical key
    B. Packet 1 proposes a subnet and host ID, an encryption and hash algorithm
    C. Packet 1 Proposes SA life Type, Sa Life Duration, Authentication and Encapsulation Algorithm
    D. Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm, and ID data

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.