1. Home
  2. CheckPoint
  3. 156-115.77

CheckPoint 156-115.77 Online Practice Questions and Exam Preparation

156-115.77 Exam Details

  • Exam Code
    :156-115.77
  • Exam Name
    :Check Point Certified Security Master
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :295 Q&As
  • Last Updated
    :Dec 09, 2024

CheckPoint 156-115.77 Online Questions & Answers

  • Question 261:

    Remote VPN clients can initiate connections with internal hosts, but internal hosts are unable to initiate connections with the remote VPN clients, even though the policy is configured to allow it. You think that this is caused by NAT. What command can you run to see if NAT is occurring on a packet?

    A. fw tab -t fwx_alloc -x
    B. fw ctl pstat
    C. fwaccel stats misp
    D. fw ctl debug -m fw + conn drop packet xlate xltrc nat

  • Question 262:

    CoreXL on IPSO R77.20 does NOT support which of the following features?

    A. Check Point QoS
    B. IPv6
    C. Overlapping NAT
    D. Route-based VPN

  • Question 263:

    What are the common Best Practices for configuring QoS over a route-based VPN?

    A. IKE traffic must have a minimum Guarantee of 50% of the external interface throughput.
    B. QoS is not supported.
    C. Ensure the VTI is numbered.
    D. Ensure the VTI is unnumbered.

  • Question 264:

    A Security Administrator wants to increase the amount of processing cores on a Check Point Security Gateway. He starts by increasing the number of cores, however the number of kernel instances remain the same way. What is the correct process to increase the number of kernel instances?

    A. Cpconfig- Enable Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cprestart
    B. Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-reboot
    C. Cpconfig- Enable Check Point ClusterXL- Change the number of firewall instances-define how many firewall instances to enable-reboot
    D. Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cpstop,cpstart

  • Question 265:

    The current release of Check Point R77, what is a potential performance-related drawback to using Virtual Tunnel Interfaces (VTI) rather than Domain-based VPNs?

    A. Use of VTIs will disable CoreXL and therefore will negatively impact hardware platforms running more than one CPU core.
    B. Dynamic routing protocols will work across a domain-based VPN, but will not work across a VTI.
    C. Use of VTIs will disable the entire SecureXL mechanism and prevent any traffic acceleration.
    D. Domain-based VPNs are easier to configure than VTIs and therefore is the preferred implementation.

  • Question 266:

    How do you disable IPv6 on an IPSO gateway?

    A. Run $FWDIR/scripts/fwipv6_enable off and reboot.
    B. Remove the IPv6 license from the gateway.
    C. You cannot disable IPv6.
    D. In IPSO go to System Management > System Configuration, set IPv6 Support to off, and click Apply.

  • Question 267:

    Your customer reports that the time on the standby cluster member is not correct. After failing over and making it active, the time is now correct. NTP has been configured on both machines, so it is expected that both machines be in sync with the NTP server. Upon investigating, it was found that the standby member was never able to communicate with the NTP server while it was in standby configuration. What could be the problem?

    A. You should be syncing your backup to the primary for time settings.
    B. NTP is not supported in active-passive mode.
    C. Traffic from the standby member was hidden behind the cluster IP address and was therefore returning to the active member.
    D. Routing prevents the standby member from performing functions such as peering with dynamic routing and obtaining NTP updates.

  • Question 268:

    Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .

    A. fw ctl sync stop, fw ctl sync start
    B. fw ctl setsync off, fw ctl setsync start
    C. fw ctl setsync stop, fw ctl setsync on
    D. fw ctl setsync off, fw ctl setsync on

  • Question 269:

    You are attempting to establish an FTP session between your computer and a remote server, but it is not being completed successfully. You think the issue may be due to IPS. Viewing SmartView Tracker shows no drops. How would you confirm if the traffic is actually being dropped by the gateway?

    A. Search the connections table for that connection.
    B. Run a fw monitor packet capture on the gateway.
    C. Look in SmartView Monitor for that connection to see why it's being dropped.
    D. Run fw ctl zdebug drop on the gateway.

  • Question 270:

    What are the kernel parameters that control "Magic MACs"?

    A. fwha_magic_mac and fw_forward_magic_mac
    B. fwha_mac_magic and fw_mac_forward_magic
    C. cpha_mac_magic and cp_mac_forward_magic
    D. cpha_magic_mac and cpha_mac_forward_magic

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.