1. Home
  2. CheckPoint
  3. 156-115.77

CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

156-115.77 Exam Details

  • Exam Code
    :156-115.77
  • Exam Name
    :Check Point Certified Security Master
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :295 Q&As
  • Last Updated
    :Dec 09, 2024

CheckPoint 156-115.77 Online Questions & Answers

  • Question 191:

    What type of connections cannot be templated?

    A. Any connections that contain Hide NAT
    B. Complex connections such as FTP, H323, SQL, ETC
    C. UDP because it is not connection oriented
    D. TCP

  • Question 192:

    You want to run VPN debug that will generate both ike.elg and vpn.elg files. What is the best command that can be used to achieve this goal?

    A. vpn debug ikeon
    B. vpn debug on TDERR_ALL_ALL=5
    C. vpn debug trunc
    D. vpn debug trunc

  • Question 193:

    You run the command fw tab -t connections -s on both members in the cluster. Both members report differing values for "vals" and "peaks". Which may NOT be a reason for this difference?

    A. Synchronization is not working between the two members
    B. SGMs in a 61k environment only sync selective parts of the connections table.
    C. Heavily used short-lived services have had synchronization disabled for performance improvement.
    D. Standby member does not synchronize until a failover is needed.

  • Question 194:

    Which routing protocols are not supported with GAIA OS running VTIs?

    A. RIPv1; RIPv2
    B. BGP
    C. Static routes
    D. OSPF

  • Question 195:

    Since R76 GAiA, what is the method for configuring proxy ARP entries for manual NAT rules?

    A. WebUI or add proxy ARP ... commands via CLISH
    B. SmartView Tracker
    C. local.arp file
    D. SmartDashboard

  • Question 196:

    Which feature is not supported with unnumbered VTI?

    A. Proxy interfaces
    B. High availability
    C. Policy based routing
    D. Anti-spoofing

  • Question 197:

    You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you see when these were updated?

    A. In the IPS tree Protections > Select Check for Update.
    B. Check asm_update_version_geo in GuiDBedit.
    C. In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy.
    D. Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv.

  • Question 198:

    What considerations are required when configuring IPV6 with Wire mode?

    A. IPv6 in Wire mode is only supported in R77.
    B. IPV6 must be configured on both end points.
    C. IPV6 is not supported in Wire mode.
    D. You must use internal IPv6 addressing space to use Wire mode.

  • Question 199:

    Tom has a Web server for which he has created a manual NAT rule. The rule is not working. He tries to initiate a connection from the external network to a DMZ server using the public IP which the firewall translates to the actual IP of the server. He analyzes the captured packets using Wireshark and observes that the destination IP is being changed as required by the firewall but does not see the packet leave the internal interface. Which box in Global Properties should be checked?

    A. Automatic NAT rules > Allow bi-directional NAT
    B. Automatic NAT rules > Automatic ARP Configuration
    C. Automatic NAT rules > Translate destination on client side
    D. Manual NAT rules > Translate destination on client side

  • Question 200:

    In the process of troubleshooting traffic issues across a VPN tunnel, you notice on the output of fw monitor -e host(172.21.1.10), accept; that packets are going through the inbound chain (i > I) and then disappearing after the outbound chain

    (o > __), while you were expecting to see the packet leave on O.

    What could be causing this issue?

    A. When packets are destined to leave through a VPN tunnel, it is encrypted and encapsulated in an ESP packet, and thus will not show up on a fw monitor.
    B. It's not showing up on the fw monitor because it is exiting the wrong interface
    C. The packet is getting silently dropped because there is no route for the packet.
    D. The gateway never completed the IKE and IPSec key exchange, and the tunnel does not exist yet.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.