CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

CheckPoint 156-115.77 Online Questions & Answers

• Question 161:

  What mechanism solves asymmetric routing issues in a load sharing cluster?

  A. Flush and ACK
  B. Stateful Inspection
  C. SYN Defender
  D. State Synchronization
  A. Flush and ACK

• Question 162:

  In order to prevent outgoing NTP traffic from being hidden behind a Cluster IP you should?

  A. Edit the relevant table.def on the Management Server and add the line no_hide_services_ports = { }; and then push policy.
  B. Edit the relevant table.def on the gateway and add the line no_hide_services_ports = { };.
  C. Edit the relevant table.def on the Management Server and add the line no_hide_services_ports = { }; and then push policy.
  D. Edit the relevant table.def on the gateway and add the line no_hide_services_ports = { }.
  C. Edit the relevant table.def on the Management Server and add the line no_hide_services_ports = { }; and then push policy.

• Question 163:

  Of the following answer choices, which best describes a possible effect of expanding the connections table?

  A. Increased memory consumption
  B. Decreased memory consumption
  C. Increased connection duration
  D. Decreased connection duration
  A. Increased memory consumption

• Question 164:

  Where can you configure OSPF on a GAiA firewall?

  A. cpconfig
  B. WebUI
  C. SmartDashboard
  D. sysconfig
  B. WebUI

• Question 165:

  When finished running a debug on the Management Server using the command fw debug fwm on how do you turn this debug off?

  A. fwm debug off
  B. fw ctl debug off
  C. fw debug off
  D. fw debug fwm off
  D. fw debug fwm off

• Question 166:

  Which of the these dynamic route protocols CANNOT be used along with VTI (VPN Tunnel Interface).

  A. OSPFR
  B. IGRP
  C. IPv1
  D. BGP4
  B. IGRP

• Question 167:

  Which of these commands can be used to display the IPv6 status?

  A. show ipv6-stat
  B. show ipv6 all
  C. show ipv6 status
  D. show ipv6-status
  D. show ipv6-status

• Question 168:

  In IKEView while troubleshooting a VPN issue between your gateway and a partner site you see an entry that states "Invalid ID". Which of the following is the most likely cause?

  A. IKEv1 is not supported by the peer.
  B. Time is not matching between two members.
  C. The encryption parameters (hash, encryption type, etc.) do not match.
  D. Wrong subnets are being negotiated.
  D. Wrong subnets are being negotiated.

• Question 169:

  You are attempting to establish a VPN tunnel between a Check Point gateway and a 3rd party vendor. When attempting to send traffic to the peer gateway it is failing. You look in SmartView Tracker and see that the failure is due to "Encryption failure: no response from peer". After running a VPN debug on the problematic gateway, what is one of the files you would want to analyze?

  A. $FWDIR/log/fw.log
  B. $FWDIR/log/fwd.elg
  C. $FWDIR/log/ike.elg
  D. /var/log/fw_debug.txt
  C. $FWDIR/log/ike.elg

• Question 170:

  Henry is attempting to verify VPN connectivity between two hosts, x and y. Of the following commands, which could be BEST used to verify connectivity of this VPN?

  A. [Expert@HostName]# fw monitor -e "((src=x.x.x.x , dst=y.y.y.y) or (src=y.y.y.y, dst=x.x.x.x)), accept;" x- o /var/log/fw_mon.cap
  B. [Expert@HostName]# fw monitor -e "host(x.x.x.x) and host(y.y.y.y), accept;" -o /var/log/fw_mon.capw monitor -e "accept;" -o /var/log/fw_mon.cap
  C. [Expert@HostName]# fw monitor -e "(ip_p=X) or (ip_p=Y, port(Z)), accept;" -o /var/log/fw_mon.cap
  D. [Expert@HostName]# fw monitor -e "ip_p=X, accept;" -o /var/log/fw_mon.cap
  A. [Expert@HostName]# fw monitor -e "((src=x.x.x.x , dst=y.y.y.y) or (src=y.y.y.y, dst=x.x.x.x)), accept;" x- o /var/log/fw_mon.cap