What file contains IKEv2 debug messages?
A. $FWDIR/log/ikev2
B. $FWDIR/log/ike.xml
C. $FWDIR/log/vpnd.elg
D. $FWDIR/log/ike.elg
What is the log file that shows the keep alive packets during the debug process?
A. $FWDIR/log/ikev2.xmll
B. $FWDIR/log/ike.xmll
C. $FWDIR/log/ike.elg
D. $FWDIR/log/vpnd.elg
Which command displays compression/decompression statistics?
A. vpn ver k
B. vpn compstat
C. vpn compreset
D. vpn crlview
What debug file would you check to see what IKE version is being used?
A. fwpnd.elg
B. vpn.txt
C. debug.txt
D. vpnd.elg
You are in VPN troubleshooting with a Partner and you suspect a mismatch configuration in Diffie- Hellman (DH) group to Phase1. After starting a vpn debug, in which packet would you look to analyze this option in your debug file?
A. Packet3
B. Packet4
C. Packet5
D. Packet1
The file ike.elg is a log file used to log IKE negotiations during VPN tunnel establishment. Where is this file located?
A. /opt/CPshrd-R77/log
B. /opt/CPsuite-R77/fw1/log
C. /var/log/opt/CPsuite-R77/fg1/log
D. /opt/CPsuite-R77/fg1/log
What is the function of the setting "no_hide_services_ports" in the tables.def files?
A. Preventing the secondary member from hiding its presence by not forwarding any packets.
B. Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.
C. Hiding the particular tables from being synchronized to the other cluster member.
D. Preventing outbound traffic from being hidden behind the cluster IP address.
Which command will you run to list established VPN tunnels?
A. fw tab -t vpn_active
B. vpn compstat
C. fw tab -t vpn_routing
D. vpn tu
Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70 and R77 versions. A change was made to the file $FWDIR/lib/tables.def on one of the domains. However, it was found that the change was not applied to the R70 firewalls. What could be the problem?
A. Changes to the table.def can only be applied to firewalls matching the Management Server version. The customer needs to upgrade the firewalls to the same version as the firewall.
B. R70 is end of life and is not supported. Most functions will work, but modifying the table.def will not.
C. In order to make changes on R70 machines you need work within GuiDBedit
D. To support R70, the file in the compatibility directory should have been modified.
Your customer reports that the time on the standby cluster member is not correct. After failing over and making it active, the time is now correct. NTP has been configured on both machines, so it is expected that both machines be in sync with the NTP server. Upon investigating, it was found that the standby member was never able to communicate with the NTP server while it was in standby configuration. What could be the problem?
A. You should be syncing your backup to the primary for time settings.
B. NTP is not supported in active-passive mode.
C. Traffic from the standby member was hidden behind the cluster IP address and was therefore returning to the active member.
D. Routing prevents the standby member from performing functions such as peering with dynamic routing and obtaining NTP updates.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.