CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

CheckPoint 156-115.77 Online Questions & Answers

• Question 141:

  You are finding that some users are complaining about slow connection speed. You would like to review a summary of your connections, including which connections are accelerated and those that are not. What command could you use?

  A. fw ctl pstat
  B. fwaccel perf
  C. fw tab -t connections -s
  D. fwaccel stats -s
  D. fwaccel stats -s

• Question 142:

  Which command will you run to list established VPN tunnels?

  A. fw tab -t vpn_active
  B. vpn compstat
  C. fw tab -t vpn_routing
  D. vpn tu
  D. vpn tu

• Question 143:

  You want to verify that the majority of your connections are being optimized by SecureXL. What command would you run to establish this information?

  A. fw ctl pstat
  B. fw tab -t connections -s
  C. fwaccel conns -s
  D. sim_dbg -s
  C. fwaccel conns -s

• Question 144:

  What would be considered Best Practice to determine which IPS protections you can safely disable for your environment?

  A. You should use vulnerability tools to perform an assessment of your environment.
  B. Work through turning on each protection to see which signatures get alerts.
  C. You should set all protections to "Detect".
  D. You should not disable any IPS protections.
  A. You should use vulnerability tools to perform an assessment of your environment.

• Question 145:

  What VSX components do not support IPv6 in R77 VSX mode?

  A. VSX mode does not support IPv6
  B. All devices support IPv6
  C. Virtual Systems
  D. Virtual Routers
  D. Virtual Routers

• Question 146:

  You are troubleshooting an issue for your HR team. One of the users is using IP 10.10.10.24. They having been trying to access the vacation servers but all connections are failing. You have checked the logs and do not see any dropped traffic. You have a suspicion that the drop is not being logged. What command could you use to confirm this?

  A. fw -t connections -s
  B. fw ctl zdebug + log dynlog
  C. You cannot run a command for this; you must enable logging on all rules
  D. fw ctl pstat host 10.10.10.24
  B. fw ctl zdebug + log dynlog

• Question 147:

  Why would you not see a CoreXL configuration option in cpconfig?

  A. The gateway only has one processor core.
  B. CoreXL is not enabled in the gateway object.
  C. CoreXL is not licensed.
  D. CoreXL is disabled via policy.
  A. The gateway only has one processor core.

• Question 148:

  When the IPS `Bypass under Load' mechanism detects that the certain CPU and memory usage thresholds have been reached, which of the following occurs?

  A. The mechanism configures all IPS protections in `Detect Mode'
  B. IPS is disabled completely
  C. The mechanism disables all IPS protections by placing them under `exception'
  D. Stateful Inspection is disabled
  C. The mechanism disables all IPS protections by placing them under `exception'

• Question 149:

  Your company has grown significantly over the past few months. You are seeing that new connections are being dropped but note that the connections table is not full. You suspect that the kernel memory allocated to the firewall has reached its full capacity. To check the "Machine Capacity Summary" statistics, you use command:

  A. ps -aux
  B. top
  C. cat /proc/net/capacity
  D. fw ctl pstat
  D. fw ctl pstat

• Question 150:

  How do you designate the "enforcement point gateway" for the peers involved in "VPN Directional Enforcement"?

  A. From the WebUI's of the peers add a static route to the "designated enforcement point".
  B. In the file $FWDIR/conf/user.def on each peer with a route entry to the enforcement point gateway.
  C. Designate this gateway in the VPN community properties.
  D. Editing file $FWDIR/conf/vpn_route.conf on each peer with a route entry to the enforcement point gateway.
  D. Editing file $FWDIR/conf/vpn_route.conf on each peer with a route entry to the enforcement point gateway.