CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

CheckPoint 156-115.77 Online Questions & Answers

• Question 111:

  What file contains IKEv2 debug messages?

  A. $FWDIR/log/ikev2
  B. $FWDIR/log/ike.xml
  C. $FWDIR/log/vpnd.elg
  D. $FWDIR/log/ike.elg
  A. $FWDIR/log/ikev2

• Question 112:

  In the policy below, which rule disables SecureXL?

  

  A. 5
  B. 1
  C. 4
  D. 3
  B. 1

• Question 113:

  What command should a firewall administrator use to begin debugging SecureXL?

  A. fwaccel dbg api + verbose add
  B. fwaccel debug m
  C. fwaccel dbg -m
  D. SecureXL cannot be dubugged and the kernel debug will give enough output to help the firewall administrator to understand the firewalls behaviour. The right command to use is fw ctl debug m fw.
  C. fwaccel dbg -m

• Question 114:

  In a production environment, your gateway is configured to apply a Hide NAT for all internal traffic destined to the Internet. However, you are setting up a VPN tunnel with a remote gateway, and you are concerned about the encryption domain that you need to define on the remote gateway. Does the remote gateway need to include your production gateway's external IP in its encryption domain?

  A. No all packets destined through a VPN will leave with original source and destination packets without translation.
  B. No all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, will have the same internal source and destination IP addresses.
  C. Yes all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, the packet will contain the source IP of the Gateway because of Hide NAT.
  D. Yes The gateway will apply the Hide NAT for this VPN traffic.
  B. No all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, will have the same internal source and destination IP addresses.

• Question 115:

  You have just configured HA and find that connections are not being synced. When you have a failover, users complain that they are losing their connections. What command could you run to see the state synchronization statistics?

  A. fw ctl pstat
  B. fw sync stats
  C. cphaprob stat
  D. fw ctl get int fw_state_sync_stats
  A. fw ctl pstat

• Question 116:

  What command would you use to view which debugs are set in your current working environment?

  A. "env" and "fw ctl debug"
  B. "cat /proc/etc"
  C. "fw ctl debug all"
  D. "export"
  A. "env" and "fw ctl debug"

• Question 117:

  What command would you use to determine if a particular connection is being accelerated by SecureXL?

  A. fw tab t connections u
  B. fw ctl kdebug
  C. fwaccel stat
  D. fwaccel conns
  D. fwaccel conns

• Question 118:

  Where do you run the command get_ips_statistics.sh from?

  A. $FWDIR/conf on the Management Server
  B. $FWDIR/scripts on the Management Server
  C. $FWDIR/conf on the gateway
  D. $FWDIR/scripts on the gateway
  B. $FWDIR/scripts on the Management Server

• Question 119:

  While troubleshooting a connectivity issue with an internal web server, you know that packets are getting to the upstream router, but when you run a tcpdump on the external interface of the gateway, the only traffic you observe is ARP requests coming from the upstream router. Does the problem lie on the Check Point Gateway?

  A. Yes This could be due to a misconfigured route on the firewall.
  B. No This is a layer 2 connectivity issue and has nothing to do with the firewall.
  C. No The firewall is not dropping the traffic, therefore the problem does not lie with the firewall.
  D. Yes This could be due to a misconfigured Static NAT in the firewall policy.
  D. Yes This could be due to a misconfigured Static NAT in the firewall policy.

• Question 120:

  What command would give you a summary of all the tables available to the firewall kernel?

  A. fw tab
  B. fw tab -s
  C. fw tab -h
  D. fw tab -o
  B. fw tab -s