CheckPoint Checkpoint Certifications 156-115.77 Questions & Answers

• Question 111:

  What is the best way to see how a firewall is performing while processing packets in the firewall path, including resource usage?

  A. fw getperf

  B. SecureXL stat

  C. fwaccel stats

  D. fw ctl pstat

  Correct Answer: D

• Question 112:

  Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .

  A. fw ctl sync stop, fw ctl sync start

  B. fw ctl setsync off, fw ctl setsync start

  C. fw ctl setsync stop, fw ctl setsync on

  D. fw ctl setsync off, fw ctl setsync on

  Correct Answer: B

• Question 113:

  In a ClusterXL cluster with delayed synchronization, which of the following is not true?

  A. The length of time for the delay can be edited.

  B. It applies only to TCP services whose Protocol Type is set to HTTP or None.

  C. Delayed Synchronization is disabled if the Track option in the rule is set to Log or Account.

  D. Delayed Synchronization is performed only for connections matching a SecureXL Connection Template.

  Correct Answer: A

• Question 114:

  Which command displays FireWall internal statistics about memory and traffic?

  A. fw getifs

  B. cpstat os f memory

  C. fw ctl pstat

  D. cpstat os f cpu

  Correct Answer: C

• Question 115:

  To check what is currently set in the Firewall kernel debug input the command:

  A. fw ctl multistate

  B. fw ctl debug x

  C. fw ctl pstat

  D. fw ctl debug

  Correct Answer: D

• Question 116:

  If the number of Firewall Workers for CoreXL is set higher on one member of a cluster than the other, the cluster will be in what state?

  A. Active/Standby

  B. Active/Ready

  C. Active Attention/Down

  D. Active/Down

  Correct Answer: B

• Question 117:

  What is one way to check cluster status on two gateways running in HA mode?

  A. show cluster

  B. cphaprob stat

  C. cp ha prob stat

  D. show cluster ha status

  Correct Answer: B

• Question 118:

  When a cluster member is completely powered down, how will the other member identify if there is network connectivity?

  A. The working member will ARP for the default gateway.

  B. The working member will look for replies to traffic sent from internal hosts.

  C. The working member will automatically assume connectivity.

  D. The working member will Ping IPs in the subnet until it gets a response.

  Correct Answer: D

• Question 119:

  What does "cphwd_nat_templates_enabled=1" do when entered into fwkern.conf?

  A. Disables NAT templates when SecureXL is turned on.

  B. Enables NAT templates when SecureXL is turned on.

  C. Enables NAT templates at all times.

  D. Disables NAT templates at all times.

  Correct Answer: B

• Question 120:

  You are a system administrator and you are working with Support. Support asked you to enable kernel core dumps on the files. You are unsure if this has already been set. You run the command chkconfig -list kdump. Does the screen capture tell you if kernel dumps are enabled on this gateway?

  

  A. There is not enough information to determine if kernel core files will be generated.

  B. Yes kernel dump has been enabled and kernel files should be captured.

  C. Kdump has nothing to do with kernel core file generation.

  D. All values should be set to "on". A kernel core dump will not be created.

  Correct Answer: B