CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

CheckPoint 156-115.77 Online Questions & Answers

• Question 221:

  Where can you configure Wire mode?

  A. In the gateway object in "Stateful Inspection"
  B. In the VPN community in "Advanced Settings"
  C. In cpconfig
  D. In Global Properties
  B. In the VPN community in "Advanced Settings"

• Question 222:

  The file ike.elg is a log file used to log IKE negotiations during VPN tunnel establishment. Where is this file located?

  A. /opt/CPshrd-R77/log
  B. /opt/CPsuite-R77/fw1/log
  C. /var/log/opt/CPsuite-R77/fg1/log
  D. /opt/CPsuite-R77/fg1/log
  B. /opt/CPsuite-R77/fw1/log

• Question 223:

  The "Hide internal networks behind the Gateway's external IP" option is selected. What defines what traffic will be NATted?

  A. The Firewall policy of the gateway
  B. The network objects configured for the network
  C. The VPN encryption domain of the gateway object
  D. The topology configuration of the gateway object
  D. The topology configuration of the gateway object

• Question 224:

  Under which scenario would you most likely consider the use of Multi-Queue?

  A. When IPS is heavily used.
  B. When most of the traffic is accelerated.
  C. When most of the processing is done in CoreXL.
  D. When trying to increase session rate.
  B. When most of the traffic is accelerated.

• Question 225:

  Running the command fw ctl pstat l would return what information?

  A. Additional hmem details
  B. General Security Gateway statistics
  C. Additional kmem details
  D. Additional smem details
  B. General Security Gateway statistics

• Question 226:

  True or False: Software blades perform their inspection primarily through the kernel chain modules.

  A. False. Software blades do not pass through the chain modules.
  B. True. Many software blades have their own dedicated kernel chain module for inspection.
  C. True. All software blades are inspected by the IP Options chain module.
  D. True. Most software blades are inspected by the TCP streaming or Passive Streaming chain module.
  B. True. Many software blades have their own dedicated kernel chain module for inspection.

• Question 227:

  Where in a fw monitor output would you see source address translation occur in cases of automatic Hide NAT?

  A. Between the "I" and "o"
  B. Hide NAT does not adjust the source IP
  C. Between the "o" and "O"
  D. Between the "i" and "I"
  C. Between the "o" and "O"

• Question 228:

  Which directory below contains the URL Filtering engine update info? Here you can also go to see the status of the URL Filtering and Application Control updates.

  A. $FWDIR/urlf/update
  B. $FWDIR/appi/update
  C. $FWDIR/appi/urlf
  D. $FWDIR/update/appi
  B. $FWDIR/appi/update

• Question 229:

  How can an administrator stay up-to-date on the status of their VPN Tunnels?

  A. Tracking settings can be configured on the Tunnel Management screen of the Community Properties screen for all VPN tunnels.
  B. Make a change in /proc/net/tun.
  C. Run vpn tu and select the option Live Monitoring.
  D. In Smartview Tracker.
  A. Tracking settings can be configured on the Tunnel Management screen of the Community Properties screen for all VPN tunnels.

• Question 230:

  Which of the following CANNOT be used as a source/destination for an IPS network exception?

  A. Network Group
  B. Identity Awareness Access Role
  C. Any
  D. IP Address
  B. Identity Awareness Access Role