CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

CheckPoint 156-115.77 Online Questions & Answers

• Question 241:

  The user tried to connect in SmartDashboard and did not work. You started a FWM debug and receive the logs below:

  

  What is the error cause?

  A. IP not defined in $FWDIR/conf/gui-clients
  B. Wrong user and password
  C. Wrong password
  D. Wrong user
  D. Wrong user

• Question 242:

  PXL is considered to be what type of acceleration?

  A. Fast Path
  B. Slow Path
  C. Medium Path
  D. PXL is not related to acceleration
  C. Medium Path

• Question 243:

  When you have your directional VPN enforcement rule set to "Internal_Clear" , what does this represent?

  A. All interfaces are designated "External"
  B. VOIP traffic
  C. Do not perform directional VPN enforcements on this traffic
  D. All interfaces are designated as "Internal"
  D. All interfaces are designated as "Internal"

• Question 244:

  Where do you configure VTIs on your R77 gateway in VSX mode?

  A. VTIs are configured in each VS context.
  B. VTIs are configured in VS0 context.
  C. VTIs are not supported in VSX mode.
  D. VTIs are configured in SmartDashboard.
  C. VTIs are not supported in VSX mode.

• Question 245:

  You have to establish a VPN communication between 2 spokes, routed through the Hub gateway. Where do you configure VPN routing?

  A. Security Gateway Object
  B. WebUI
  C. vpn_route.conf
  D. VPN shell
  C. vpn_route.conf

• Question 246:

  You are troubleshooting a VPN issue between your gateway and a partner site and you get a drop log on your gateway that states "Clear text packet should be encrypted". Which of the following would be the best troubleshooting step?

  A. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving the initiating (partner) gateway as clear text.
  B. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving local (your) gateway as clear text.
  C. Your phase one algorithms are mismatched between gateways.
  D. This is management traffic and we need to enable implied rule to address this issue.
  A. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving the initiating (partner) gateway as clear text.

• Question 247:

  When troubleshooting a VPN site-to-site to a peer, it may be necessary to "down" the tunnel. What is the best method to remove ONLY the tunnel to this peer?

  A. Change the vpn tunnel sharing parameters to force the tunnel down.
  B. Reboot your gateway.
  C. Remove the peer from the community and install policy.
  D. Delete the IKE and IPsec Security Associations using the command vpn tu.
  D. Delete the IKE and IPsec Security Associations using the command vpn tu.

• Question 248:

  What type(s) of VTI interfaces do Edge gateways support?

  A. Both numbered and unnumbered
  B. Unnumbered interfaces
  C. Numbered interfaces
  D. Neither numbered and unnumbered
  C. Numbered interfaces

• Question 249:

  You are having issues with dynamic routing after a failover. The traffic is now coming from the backup and is being dropped as out of state. What is the BEST configuration to avoid stateful inspection dropping your dynamic routing traffic?

  A. Implement Wire mode.
  B. In Global Properties select Accept other IP protocols stateful replies for unknown services.
  C. Enable Visitor mode.
  D. Create additional explicit rules.
  A. Implement Wire mode.

• Question 250:

  Which command should you run to debug the VPN-1 kernel module?

  A. fw debug vpn on
  B. vpn debug on TDERROR_ALL_ALL=5
  C. fw ctl zdebug crypt kbuf
  D. fw ctl debug -m VPN all
  D. fw ctl debug -m VPN all