"If the machine is under stress, we do not want to leave the stress condition due to a single measurement (which could be an anomaly), but rather wait for a given length of time, before changing the condition." ...describes which of the following "Bypass under Load" setting kernel parameters?
A. ids_assume_stress
B. ide_tolerance_no_stress
C. ids_tolerance_stress
D. ids_timeout
OF the following, which is NOT a kernel parameter relating to the IPS "Bypass Under Load" settings:
A. ids_timeout
B. ids_tolerance_no_stress
C. ids_assume_stress
D. ids_limit_stress
Where do you run the command get_ips_statistics.sh from?
A. $FWDIR/conf on the Management Server
B. $FWDIR/scripts on the Management Server
C. $FWDIR/conf on the gateway
D. $FWDIR/scripts on the gateway
"Tuning" IPS protections to suit the specific needs of an environment can be accomplished by all of the following EXCEPT:
A. Focusing on high confidence level protections.
B. Focusing on low capacity protections.
C. Focusing on low performance impact protections.
D. Focusing on high severity protections.
Your Customer would like to enable IPS in his Corporate Cluster, but he is concerned about high CPU usage because if the IPS inspection. What feature would you configure to disable inspection if a high CPU usage develops?
A. It is not possible. In this case no enable IPS
B. Bypass Under Load. (In IPS Option on Gateway Properties)
C. Bypass Inspection. (In IPS Option on Gateway Properties)
D. Disable Inspection. (In IPS Option on Gateway Properties)
You are troubleshooting an issue for your HR team. One of the users is using IP 10.10.10.24. They having been trying to access the vacation servers but all connections are failing. You have checked the logs and do not see any dropped traffic. You have a suspicion that the drop is not being logged. What command could you use to confirm this?
A. fw -t connections -s
B. fw ctl zdebug + log dynlog
C. You cannot run a command for this; you must enable logging on all rules
D. fw ctl pstat host 10.10.10.24
In R77, Under what circumstances would IPS bypass be enforced?
A. Single CoreXL fw instance usage over `High' threshold, Average Memory over `High' threshold
B. Single CoreXL fw instance usage over `Low' threshold, Average Memory over `High' threshold
C. Average CPU over `High' threshold, Average Memory over `Low' threshold
D. Average CPU over `High' threshold, Average Memory over `High' threshold
What would be considered Best Practice to determine which IPS protections you can safely disable for your environment?
A. You should use vulnerability tools to perform an assessment of your environment.
B. Work through turning on each protection to see which signatures get alerts.
C. You should set all protections to "Detect".
D. You should not disable any IPS protections.
You are a system administrator and would like to configure Geo Protection on your gateway to comply with a new corporate policy. What must you have to do this?
A. Valid IPS contract and software blade licensing
B. DNS resolution on the gateway
C. Geo Protection is enabled by default
D. The latest IPS update
You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you see when these were updated?
A. In the IPS tree Protections > Select Check for Update.
B. Check asm_update_version_geo in GuiDBedit.
C. In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy.
D. Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-115.77 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.