1. Home
  2. CheckPoint
  3. 156-115.77

CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

156-115.77 Exam Details

  • Exam Code
    :156-115.77
  • Exam Name
    :Check Point Certified Security Master
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :295 Q&As
  • Last Updated
    :Dec 09, 2024

CheckPoint 156-115.77 Online Questions & Answers

  • Question 151:

    Which Dynamic Routing Protocols are supported in GAiA in a Route-based VPN configuration?

    A. OSPF,BGP
    B. OSPF
    C. OSPF,BGP,RIPv2
    D. OSPF,BGP,RIPv1,RIPv2

  • Question 152:

    Your cluster member is showing a state of "Ready". Which of the following is NOT a reason one would expect for this behaviour?

    A. One cluster member is configured for 32 bit and the other is configured for 64 bit
    B. CoreXL is configured differently on the two machines
    C. The firewall that is showing "Ready" has been upgraded but the other firewall has not yet been upgraded
    D. Firewall policy has not yet been installed to the firewall

  • Question 153:

    What does the output of the commands fw ctl multik stat and fw6ctl multik stat show?

    A. Only the number of total connections currently being handled by all Kernels on a CoreXL enabled firewalls.
    B. Information for each kernel instance. The output displays state and processing core number of each instance.
    C. Which CPU cores are Kernel and SND bound cores.
    D. The number of Firewall Kernels that are installed.

  • Question 154:

    The command _____________ shows which firewall chain modules are active on a gateway.

    A. fw stat
    B. fw ctl debug
    C. fw ctl chain
    D. fw ctl multik stat

  • Question 155:

    Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70 and R77 versions. A change was made to the file $FWDIR/lib/tables.def on one of the domains. However, it was found that the change was not applied to the R70 firewalls. What could be the problem?

    A. Changes to the table.def can only be applied to firewalls matching the Management Server version. The customer needs to upgrade the firewalls to the same version as the firewall.
    B. R70 is end of life and is not supported. Most functions will work, but modifying the table.def will not.
    C. In order to make changes on R70 machines you need work within GuiDBedit
    D. To support R70, the file in the compatibility directory should have been modified.

  • Question 156:

    How do you enable IPv6 support on a R77 gateway running the GAiIA OS?

    A. IPv6 is enabled by default.
    B. Under WebUI go to System Management > System Configuration, turn on IPv6 Support, click apply and reboot.
    C. Enable the IPv6 Software Blade for the gateway in Smart Dashboard.
    D. Run the IPv6 script $FWDIR/scripts/fwipv6_enable and reboot.

  • Question 157:

    Jerry is a network administrator for ACME Co. Their network contains 5 gateways all managed by a single Management Server. They are currently receiving an exorbitant amount of false positive for traffic traversing their network. Based on this information, what factor do you think is contributing most to the high amount of false positives Jerry is receiving?

    A. She is performing IPS inspection on all traffic
    B. She has set protections to run in "Detect" mode
    C. She has enabled protections based on the network devices and requirements
    D. She has created a dedicated IPS profile for each Security Gateway

  • Question 158:

    You are using an IPV6 environment and find that you need additional access control and want to set up some directional VPN rules. How can you restrict access based on destination?

    A. This can only be done in Traditional Mode VPN.
    B. Directional VPN enforcement feature is not supported for IPv6.
    C. Enable Global Properties > Advanced > IPv6 for directional VPN enforcement.
    D. Set your rule match to "All_gwtogw" and create a new rule.

  • Question 159:

    Since switching your network to ISP redundancy you find that your outgoing static NAT connections are failing. You use the command _________ to debug the issue.

    A. fwaccel stats misp
    B. fw ctl pstat
    C. fw ctl debug -m fw + nat drop
    D. fw tab -t fwx_alloc -x

  • Question 160:

    You are a system administrator and you are working with Support. Support asked you to enable kernel core dumps on the files. You are unsure if this has already been set. You run the command chkconfig -list kdump. Does the screen capture tell you if kernel dumps are enabled on this gateway?

    A. There is not enough information to determine if kernel core files will be generated.
    B. Yes kernel dump has been enabled and kernel files should be captured.
    C. Kdump has nothing to do with kernel core file generation.
    D. All values should be set to "on". A kernel core dump will not be created.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.