1. Home
  2. CheckPoint
  3. 156-115.77

Check Point Certified Security Master

Exam Details

  • Exam Code
    :156-115.77
  • Exam Name
    :Check Point Certified Security Master
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 09, 2024

CheckPoint Checkpoint Certifications 156-115.77 Questions & Answers

  • Question 161:

    What command should a firewall administrator use to begin debugging SecureXL?

    A. fwaccel dbg api + verbose add

    B. fwaccel debug m

    C. fwaccel dbg -m

    D. SecureXL cannot be dubugged and the kernel debug will give enough output to help the firewall administrator to understand the firewalls behaviour. The right command to use is fw ctl debug m fw.

  • Question 162:

    A firewall administrator knows the details of the packet header for an already established connection going through a firewall. What command will show if SecureXL will accelerate that packet?

    A. fw ctl zdebug + sxl error warning asm

    B. fwaccel conns

    C. fwaccel templates

    D. fw tab t connections f | grep `dest. port #' | grep `source port #' | grep `dest. IP address'

  • Question 163:

    When optimizing a customer firewall Rule Base, what is the BEST way to start the analysis?

    A. With the command fwaccel stat followed by the command fwaccel stats.

    B. At the top of the Rule Base.

    C. Using the hit count column.

    D. Using the Compliance Software Blade.

  • Question 164:

    What do the `F' flags mean in the output of fwaccel conns?

    A. Forward to firewall

    B. Flag set for debug

    C. Fast path packets

    D. Flow established

  • Question 165:

    In the policy below, which rule disables SecureXL?

    A. 5

    B. 1

    C. 4

    D. 3

  • Question 166:

    What is the corresponding connection template entered into the SecureXL connection table from the connection: "10.0.0.100:1024 > 216.239.59.59:80"

    A. "10.0.0.100:1024 > 216.239.59.59:80"

    B. "10.0.0.100:1024 > 216.239.59.59:*"

    C. "10.0.0.100:* > 216.239.59.59:*"

    D. "10.0.0.100:* > 216.239.59.59:80"

  • Question 167:

    When are rules that include Identity Awareness Access (IDA) roles accelerated through SecureXL?

    A. Only when `Unauthenticated Guests' is included in the access role.

    B. Never, the inclusion of an IDA role disables SecureXL.

    C. The inclusion of an IDA role has no bearing on whether the connection for the rule is accelerated.

    D. Always, the inclusion of an IDA role guarantees the connection for the rule is accelerated.

  • Question 168:

    What command show the same information as fwaccel stats l?

    A. cat /proc/ppk/cpls

    B. cat /proc/ppk/statistics

    C. cphaprob a hconf

    D. fwaccell stats s u -k

  • Question 169:

    In order to perform some connection troubleshooting, you run the command fw monitor e accept dport =

    443. You do NOT see the TCP ACK packet. Why is this?

    A. The connection is encrypted.

    B. The connection is NATted.

    C. The connection is dropped.

    D. The connection is accelerated.

  • Question 170:

    How to check the overall SecureXL statistics:

    A. fwaccel on

    B. fwaccel stat

    C. cat /proc/ppk/statistics

    D. fwaccel conns

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.