All About 156-115.77 practice exam Dec 2017
Approved of 156-115.77 test question materials and discount pack for Check Point certification for candidates, Real Success Guaranteed with Updated 156-115.77 pdf dumps vce Materials. 100% PASS Check Point Certified Security Master exam Today!
Q111. - (Topic 6)
Your company has grown significantly over the past few months. You are seeing that new connections are being dropped but note that the connections table is not full. You suspect that the kernel memory allocated to the firewall has reached its full capacity. To check the “Machine Capacity Summary” statistics, you use command:
A. ps -aux
C. cat /proc/net/capacity
D. fw ctl pstat
C6O4 - Hardware Optimization
Q112. - (Topic 5)
In the policy below, which rule disables SecureXL?
Q113. - (Topic 4)
In Tracker you are troubleshooting a VPN issue between your gateway and a partner site and you get a drop log that states “No proposal chosen” what is the most likely cause?
A. There is a time mismatch
B. The peer machine is not accepting multicast packets
C. A mismatch in the settings between the two peers
D. Using IKEv1 when peer uses IKEv2
Q114. - (Topic 11)
Where would an administrator set an email alert for a specific permanent VPN tunnel?
A. Edit the file vpnconf.
B. Run sysconfig.
C. In the Tunnel Properties select Mail Alert.
D. You can only enable logging or SNMP traps.
C11O2 - Advanced VPN
Q115. - (Topic 5)
What command should a firewall administrator use to begin debugging SecureXL?
A. fwaccel dbg api + verbose add
B. fwaccel debug –m <module name> <flag>
C. fwaccel dbg -m <module name> <flag>
D. SecureXL cannot be dubugged and the kernel debug will give enough output to help the firewall administrator to understand the firewalls behaviour. The right command to use is fw ctl debug –m fw.
Q116. - (Topic 4)
You are experiencing an issue where Endpoint Connect client connects successfully however, it disconnects every 20 seconds. What is the most likely cause of this issue?
A. The Accept Remote Access control connections is not enabled in Global Properties > FireWall Implied Rules.
B. You have selected IKEv2 only in Global Properties > Remote Access > VPN – Authentication and Encryption.
C. You are not licensed for Endpoint Connect client.
D. Your remote access community is not configured.
Q117. - (Topic 3)
Your customer reports that the time on the standby cluster member is not correct..After failing over and making it active, the time is now correct..NTP has been configured on both machines, so it is expected that both machines be in sync with the NTP server..Upon investigating, it was found that the standby member was never able to communicate with the NTP server while it was in standby configuration..What could be the problem?
A. You should be syncing your backup to the primary for time settings.
B. NTP is not supported in active-passive mode.
C. Traffic from the standby member was hidden behind the cluster IP address and was therefore returning to the active member.
D. Routing prevents the standby member from performing functions such as peering with dynamic routing and obtaining NTP updates.
Q118. - (Topic 11)
In Wire mode. if a packet reaches the gateway from a trusted source and is destined to a trusted destination, will the firewall do stateful inspection?
A. No, but IPS inspection will still be enforced.
B. Yes, the Firewall always performs stateful inspection.
C. Yes, but only if SecureXL is disabled.
Q119. - (Topic 3)
Which command can be used to see all active modules on the Security Gateway:
A. fw ctl zdebug drop
B. fw ctl debug -h
C. fw ctl chain
D. fw ctl debug -m
Q120. - (Topic 2)
Remote VPN clients can initiate connections with internal hosts, but internal hosts are unable to initiate connections with the remote VPN clients, even though the policy is configured to allow it. You think that this is caused by NAT. What command can you run to see if NAT is occurring on a packet?
A. fw tab -t fwx_alloc -x
B. fw ctl pstat
C. fwaccel stats misp
D. fw ctl debug -m fw + conn drop packet xlate xltrc nat