1. Home
  2. CheckPoint
  3. 156-115.77

Check Point Certified Security Master

Exam Details

  • Exam Code
    :156-115.77
  • Exam Name
    :Check Point Certified Security Master
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 09, 2024

CheckPoint Checkpoint Certifications 156-115.77 Questions & Answers

  • Question 191:

    Your company has recently decided to allow remote access for clients. You find that no one is able to connect, although you are confident that your rule set and remote access community has been defined correctly. What is the most likely cause, based on the options below? You have the following debug file: A. RDP is being blocked upstream.

    B. You have selected IKEv2 only in Global Properties > Remote Access > VPN Authentication and Encryption.

    C. Remote access clients are all behind NAT devices.

    D. Implied rule is not set to accept control connections.

  • Question 192:

    You are troubleshooting a VPN issue between your gateway and a partner site and you get a drop log on your gateway that states "Clear text packet should be encrypted". Which of the following would be the best troubleshooting step?

    A. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving the initiating (partner) gateway as clear text.

    B. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving local (your) gateway as clear text.

    C. Your phase one algorithms are mismatched between gateways.

    D. This is management traffic and we need to enable implied rule to address this issue.

  • Question 193:

    In IKEView while troubleshooting a VPN issue between your gateway and a partner site you see an entry that states "Invalid ID". Which of the following is the most likely cause?

    A. IKEv1 is not supported by the peer.

    B. Time is not matching between two members.

    C. The encryption parameters (hash, encryption type, etc.) do not match.

    D. Wrong subnets are being negotiated.

  • Question 194:

    While troubleshooting a VPN issue between your gateway and a partner site you see an entry in Smartview Tracker that states "Info: encryption failure: Different community ID: possible NAT problem". Which of the following is the most likely cause?

    A. You have an encryption method mismatch.

    B. Implied rules in global properties such as ICMP and DNS are set to first instead of before last.

    C. You have not created a specific rule allowing VPN traffic.

    D. You have the wrong encryption domains configured.

  • Question 195:

    You want to run VPN debug that will generate both ike.elg and vpn.elg files. What is the best command that can be used to achieve this goal?

    A. vpn debug ikeon

    B. vpn debug on TDERR_ALL_ALL=5

    C. vpn debug trunc

    D. vpn debug trunc

  • Question 196:

    You are attempting to establish a VPN tunnel between a Check Point gateway and a 3rd party vendor. When attempting to send traffic to the peer gateway it is failing. You look in SmartView Tracker and see that the failure is due to "Encryption failure: no response from peer". After running a VPN debug on the problematic gateway, what is one of the files you would want to analyze?

    A. $FWDIR/log/fw.log

    B. $FWDIR/log/fwd.elg

    C. $FWDIR/log/ike.elg

    D. /var/log/fw_debug.txt

  • Question 197:

    Check Point Best Practices suggest that when you finish a kernel debug, you should run the command _____________________ .

    A. fw debug 0

    B. fw debug off

    C. fw ctl debug default

    D. fw ctl debug 0

  • Question 198:

    Given the following IKEView output, what do we know about QuickMode Packet 1?

    A. Packet 1 proposes a symmetrical key

    B. Packet 1 proposes a subnet and host ID, an encryption and hash algorithm

    C. Packet 1 Proposes SA life Type, Sa Life Duration, Authentication and Encapsulation Algorithm

    D. Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm, and ID data

  • Question 199:

    What is the log file that shows the processes that participate in the tunnel initiation stage?

    A. $FWDIR/log/ikev2.xmll

    B. $FWDIR/log/ike.xmll

    C. $FWDIR/log/vpnd.elg

    D. $FWDIR/log/ike.elg

  • Question 200:

    Which program could you use to analyze Phase I and Phase II packet exchanges?

    A. vpnView

    B. Check PointView

    C. IKEView

    D. vpndebugView

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.