CheckPoint Checkpoint Certifications 156-115.77 Questions & Answers

• Question 261:

  Where in a fw monitor output would you see destination address translation occur in cases of inbound automatic static NAT?

  A. Static NAT does not adjust the destination IP

  B. Between the "i" and "I"

  C. Between the "I" and "o"

  D. Between the "o" and "O"

  Correct Answer: B

• Question 262:

  Remote VPN clients can initiate connections with internal hosts, but internal hosts are unable to initiate connections with the remote VPN clients, even though the policy is configured to allow it. You think that this is caused by NAT. What command can you run to see if NAT is occurring on a packet?

  A. fw tab -t fwx_alloc -x

  B. fw ctl pstat

  C. fwaccel stats misp

  D. fw ctl debug -m fw + conn drop packet xlate xltrc nat

  Correct Answer: D

• Question 263:

  You are trying to troubleshoot a NAT issue on your network, and you use a kernel debug to verify a connection is correctly translated to its NAT address. What flags should you use for the kernel debug?

  A. fw ctl debug -m fw + conn drop nat vm xlate xltrc

  B. fw ctl debug -m fw + conn drop ld

  C. fw ctl debug -m nat + conn drop nat xlate xltrc

  D. fw ctl debug -m nat + conn drop fw xlate xltrc

  Correct Answer: A

• Question 264:

  Since switching your network to ISP redundancy you find that your outgoing static NAT connections are failing. You use the command _________ to debug the issue.

  A. fwaccel stats misp

  B. fw ctl pstat

  C. fw ctl debug -m fw + nat drop

  D. fw tab -t fwx_alloc -x

  Correct Answer: C

• Question 265:

  The fw tab t ___________ command displays the NAT table.

  A. loglist

  B. tablist

  C. fwx_alloc

  D. conns

  Correct Answer: C

• Question 266:

  While troubleshooting a DHCP relay issue, you run a fw ctl zdebug drop and see the following output:

  ;[cpu_1];[fw_0];fw_log_drop: Packet proto=17 10.216.14.108:67 > 172.31.2.1:67 dropped by fw_handle_first_packet Reason: fwconn_init_links (INBOUND) failed;

  Where 10.216.14.108 is the IP address of the DHCP server and 172.31.2.1 is the VIP of the Cluster. What is the most likely cause of this drop?

  A. An inbound collision due to a connections table check on pre-existing connections.

  B. An outbound collision due to a Rule Base check, and dropped by incorrectly configuring DHCP in the firewall policy.

  C. A link collision due to more than one NAT symbolic link being created for outgoing connections to the DHCP server.

  D. A link collision due to more than one NAT symbolic link being created for connections returning from the DHCP server back to the VIP of the Cluster.

  Correct Answer: D

• Question 267:

  When performing a fwm debug, to which directory are the logs written?

  A. $FWDIR/log

  B. $FWDIR/log/fwm.elg

  C. $FWDIR/conf/fwm.elg

  D. $CPDIR/log/fwm.elg

  Correct Answer: B

• Question 268:

  You are attempting to establish an FTP session between your computer and a remote server, but it is not being completed successfully. You think the issue may be due to IPS. Viewing SmartView Tracker shows no drops. How would you confirm if the traffic is actually being dropped by the gateway?

  A. Search the connections table for that connection.

  B. Run a fw monitor packet capture on the gateway.

  C. Look in SmartView Monitor for that connection to see why it's being dropped.

  D. Run fw ctl zdebug drop on the gateway.

  Correct Answer: D

• Question 269:

  Which process should you debug when SmartDashboard authentication is rejected?

  A. fwm

  B. cpd

  C. fwd

  D. DAService

  Correct Answer: A

• Question 270:

  A fwm debug provides the following output. What prevents the customer from logging into SmartDashboard?

  

  A. There are not any policy to login in SmartDashboard

  B. FWM process is crashed and returned null to access

  C. User and password are incorrect

  D. IP not defined in $FWDIR/conf/gui-clients

  Correct Answer: D