New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Note! Checkpoint has retired the 156-115.77 Exam Contact us through Live Chat or email us for more information.

156-115.77 Check Point Certified Security Master Questions and Answers

Questions 4

CoreXL on IPSO R77.20 does NOT support which of the following features?

Options:

A.

Check Point QoS

B.

IPv6

C.

Overlapping NAT

D.

Route-based VPN

Buy Now
Questions 5

A firewall has 8 CPU cores and the correct license. CoreXL is enabled. How could you set kernel instance #3 to run on processing core #5?

Options:

A.

This is not possible CoreXL is best left to manage the Kernel to CPU core mappings. It is only when a daemon is bound to a dedicated core that CoreXL will ignore that CPU core when mapping Kernel instances to CPU cores.

B.

fw ctl affinity -s -k 3 5

C.

Run fwaffinity_apply –t 3 -k 5 and then check that the settings have taken affect with the command fw ctl multik stat.

D.

Edit the file fwaffinity.conf and add the line “k3 cpuid 5”

Buy Now
Questions 6

What command displays the Connections Table for a specified CoreXL firewall instance?

Options:

A.

fw tab –t connections –s

B.

fw -i FW_INSTANCE_ID tab -t connections [flags]

C.

fw tab –t connection | grep fw

D.

fw tab –t connections

Buy Now
Questions 7

When troubleshooting a performance problem on multicore firewall that is using CoreXL, what command checks the number of connections each core is processing?

Options:

A.

sim affinity -l

B.

cat fwkern.conf

C.

fw CTL pstat

D.

fw ctl multik stat

Buy Now
Questions 8

Where in a fw monitor output would you see destination address translation occur in cases of inbound automatic static NAT?

Options:

A.

Static NAT does not adjust the destination IP

B.

Between the “i” and “I”

C.

Between the “I” and “o”

D.

Between the “o” and “O”

Buy Now
Questions 9

How do you enable IPv6 support on a R77 gateway running the GAiIA OS?

Options:

A.

IPv6 is enabled by default.

B.

Under WebUI go to System Management > System Configuration, turn on IPv6 Support, click apply and reboot.

C.

Enable the IPv6 Software Blade for the gateway in Smart Dashboard.

D.

Run the IPv6 script $FWDIR/scripts/fwipv6_enable and reboot.

Buy Now
Questions 10

Which of the following is true when IPv6 is enabled on a Security Gateway?

Options:

A.

An interface on the Gateway can either have IPv4 or IPv6 IP address or have both.

B.

As of version R77, IPv6 is only supported on Security Management Server.

C.

IPv4 will be completely disabled when IPv6 has been enabled.

D.

An interface on the Gateway can either have IPv4 or IPv6 IP address but cannot have both.

Buy Now
Questions 11

Which of the following statements about Full HA support with IPv6 is NOT true?

Options:

A.

There is no Dynamic Routing with IPv6.

B.

Mirrored Interfaces must have IPv4 addresses.

C.

Sync traffic must be IPv4.

D.

IPv6 does not support a Secondary Management Server.

Buy Now
Questions 12

Which of these commands can be used to display the IPv6 status?

Options:

A.

show ipv6-stat

B.

show ipv6 all

C.

show ipv6 status

D.

show ipv6-status

Buy Now
Questions 13

Jane wants to create a VPN using OSPF. Which VPN configuration would you recommend she use?

Options:

A.

Site-to-site VPN

B.

Domain-based VPN

C.

Route-based VPN

D.

Remote-access VPN

Buy Now
Questions 14

You are configuring VTIs in a clustered environment. On Peer A the VTI name is VT_Cluster_GWA and on Peer B the VTI name is VT_Cluster_GWB. You find that the route-based tunnel is not coming up. What could be the cause?

Options:

A.

The names for your peers have been reversed.

B.

You have not issued the command “vpn write config’ command.

C.

You have not licensed your gateways for VTIs.

D.

All VTIs going to the same remote peer must have the same name.

Buy Now
Questions 15

Where do you enable Route-based VPN?

Options:

A.

WebUI

B.

VPN shell

C.

Security Gateway Object

D.

vpn_route.conf

Buy Now
Questions 16

What type(s) of VTI interfaces do Edge gateways support?

Options:

A.

Both numbered and unnumbered

B.

Unnumbered interfaces

C.

Numbered interfaces

D.

Neither numbered and unnumbered

Buy Now
Questions 17

What command would you use for a packet capture on an absolute position for TCP streaming (out) 1ffffe0

Options:

A.

fw ctl chain -po 1ffffe0 -o monitor.out

B.

fw monitor -po -0x1ffffe0 -o monitor.out

C.

fw monitor -e 0x1ffffe0 -o monitor.out

D.

fw monitor -pr 1ffffe0 -o monitor.out

Buy Now
Questions 18

Which of the following items is NOT part of the columns of the chain modules?

Options:

A.

Inbound/Outbound chain

B.

Function Pointer

C.

Chain position

D.

Module location

Buy Now
Questions 19

Which commands will properly set the debug level to maximum and then run a policy install in debug mode for the policy Standard on gateway A-GW from an R77 GAiA Management Server?

Options:

A.

setenv TDERROR_ALL_ALL=5

fwm –d load A-GW Standard

B.

setenv TDERROR_ALL_ALL=5

fwm –d load Standard A-GW

C.

export TDERROR_ALL_ALL=5

fwm –d load Standard A-GW

D.

export TDERROR_ALL_ALL=5

fwm –d load A-GW Standard

Buy Now
Questions 20

When you perform an install database, the status window is filled with large amounts of text. What could be the cause?

Options:

A.

There is an active fw monitor running.

B.

There is an environment variable of TDERROR_ALL_ALL set on the gateway.

C.

There is an active debug on the SmartConsole.

D.

There is an active debug on the FWM process.

Buy Now
Questions 21

Running the command fw ctl pstat –l would return what information?

Options:

A.

Additional hmem details

B.

General Security Gateway statistics

C.

Additional kmem details

D.

Additional smem details

Buy Now
Questions 22

You run the command fwaccel conns and notice in the output that all the connections have “F” in the “flags” column, see below:

What does this mean?

Options:

A.

Connections are being “forward to firewall” (“f2f”).

B.

Connections are being “forwarded” to the accelerating engine.

C.

Connections are accelerated (“fastpath”).

D.

Connections have the fragment flag set.

Buy Now
Questions 23

Your ARP cache is overflowing negatively impacting users experience on your network. Which command can you issue to increase the ARP cache on the fly? You do not need this to survive reboot.

Options:

A.

Modify the /etc/sysctl.conf: net.ipv4.neigh.default.gc_thresh3 = 1024.

B.

echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh3

C.

arp cache table > 1024

D.

You cannot increase the size of the ARP cache on the fly.

Buy Now
Questions 24

You are running some diagnostics on your GAIA gateway. You are reviewing the number of fragmented packets; you notice that there are a lot of large and duplicate packets. Which command did you issue to get this information?

Options:

A.

sysconfig

B.

fw ctl pstat

C.

fw ctl get int fw_frag_stats

D.

cat /proc/cpuinfo

Buy Now
Questions 25

Check Point Best Practices suggest that when you finish a kernel debug, you should run the command _____________________ .

Options:

A.

fw debug 0

B.

fw debug off

C.

fw ctl debug default

D.

fw ctl debug 0

Buy Now
Questions 26

Your company has recently decided to allow remote access for clients. You find that no one is able to connect, although you are confident that your rule set and remote access community has been defined correctly. What is the most likely cause, based on the options below? You have the following debug file:

Options:

A.

RDP is being blocked upstream.

B.

You have selected IKEv2 only in Global Properties > Remote Access > VPN – Authentication and Encryption.

C.

Remote access clients are all behind NAT devices.

D.

Implied rule is not set to accept control connections.

Buy Now
Questions 27

In a VPN configuration, the following mode can be used to increase throughput by bypassing firewall enforcement.

Options:

A.

Virtual Tunnel Interface (VTI) Mode can bypass firewall for all encrypted traffic

B.

Hub Mode can be used to bypass stateful inspection

C.

There is no such mode that can bypass firewall enforcement

D.

Wire mode can be used to bypass stateful inspection

Buy Now
Questions 28

What is the log file that shows the keep alive packets during the debug process?

Options:

A.

$FWDIR/log/ikev2.xmll

B.

$FWDIR/log/ike.xmll

C.

$FWDIR/log/ike.elg

D.

$FWDIR/log/vpnd.elg

Buy Now
Questions 29

Where do you run the command get_ips_statistics.sh from?

Options:

A.

$FWDIR/conf on the Management Server

B.

$FWDIR/scripts on the Management Server

C.

$FWDIR/conf on the gateway

D.

$FWDIR/scripts on the gateway

Buy Now
Questions 30

What would be considered Best Practice to determine which IPS protections you can safely disable for your environment?

Options:

A.

You should use vulnerability tools to perform an assessment of your environment.

B.

Work through turning on each protection to see which signatures get alerts.

C.

You should set all protections to “Detect”.

D.

You should not disable any IPS protections.

Buy Now
Questions 31

Your Customer would like to enable IPS in his Corporate Cluster, but he is concerned about high CPU usage because if the IPS inspection. What feature would you configure to disable inspection if a high CPU usage develops?

Options:

A.

It is not possible. In this case no enable IPS

B.

Bypass Under Load. (In IPS Option on Gateway Properties)

C.

Bypass Inspection. (In IPS Option on Gateway Properties)

D.

Disable Inspection. (In IPS Option on Gateway Properties)

Buy Now
Questions 32

How would one enable ‘INSPECT debugging’ if one suspects IPS false positives?

Options:

A.

Run command fw ctl set int enable_inspect_debug  1 from the command line.

B.

Toggle the checkbox in Global Properties > Firewalls > Inspection section.

C.

WebUI

D.

Set the following parameter to true using GuiDBedit: enable_inspect_debug_compilation.

Buy Now
Questions 33

After creating and pushing out a new policy, Joe finds that an old connection is still being allowed that should have been closed after his changes. He wants to delete the connection on the gateway, and looks it up with fw tab –t connections –u. Joe finds the connection he is looking for. What command should Joe use to remove this connection?

<0,a128c22,89,a158508,89,11;10001,2281,25,15b,a1,4ecdfeee,ac,691400ac,7b6,3e,ffffffff,3c,3c,0,0,0,0,0,0,0,0,0,0,0,0,0,0>

Options:

A.

fw tab –t connections –x –d “0,a128c22,89,0a158508,89,11"

B.

fw tab –t connections –x –e "0,a128c22,00000089,0a158508,00000089,00000011"

C.

fw tab –t connections –x –d “00000000,a128c22,00000089,0a158508,00000089,00000011"

D.

fw tab –t connections –x –e “0,a128c22,89,0a158508,89,11"

Buy Now
Questions 34

What mechanism solves asymmetric routing issues in a load sharing cluster?

Options:

A.

Flush and ACK

B.

Stateful Inspection

C.

SYN Defender

D.

State Synchronization

Buy Now
Questions 35

How do you clear the connections table?

Options:

A.

Run the command fw tab –t connections –x

B.

In Gateway Properties > Optimizations click Clear connections table

C.

Run the command fw tab –t conns –c

D.

Run the command fw tab –t connections –c

Buy Now
Questions 36

In order to prevent outgoing NTP traffic from being hidden behind a Cluster IP you should?

Options:

A.

Edit the relevant table.def on the Management Server and add the line no_hide_services_ports = { <17, 123> }; and then push policy.

B.

Edit the relevant table.def on the gateway and add the line no_hide_services_ports = { <17, 123> };.

C.

Edit the relevant table.def on the Management Server and add the line no_hide_services_ports = { <123, 17> }; and then push policy.

D.

Edit the relevant table.def on the gateway and add the line no_hide_services_ports = { <123, 17> }.

Buy Now
Questions 37

What is the best way to see how much traffic went through the firewall that was TCP, UDP and ICMP?

Options:

A.

fwaccel conns

B.

fw tab –t connections –p

C.

fwaccel stats

D.

fw ctl pstat

Buy Now
Questions 38

When a cluster member is completely powered down, how will the other member identify if there is network connectivity?

Options:

A.

The working member will ARP for the default gateway.

B.

The working member will look for replies to traffic sent from internal hosts.

C.

The working member will automatically assume connectivity.

D.

The working member will Ping IPs in the subnet until it gets a response.

Buy Now
Questions 39

Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .

Options:

A.

fw ctl sync stop, fw ctl sync start

B.

fw ctl setsync off, fw ctl setsync start

C.

fw ctl setsync stop, fw ctl setsync on

D.

fw ctl setsync off, fw ctl setsync on

Buy Now
Questions 40

What is one way to check cluster status on two gateways running in HA mode?

Options:

A.

show cluster

B.

cphaprob stat

C.

cp ha prob stat

D.

show cluster ha status

Buy Now
Questions 41

Look at the follow Rule Base display. Rule 5 contains a TIME object. What is the effect on the following rules?

Options:

A.

Rule 6 will be eligible but Rule 7 will not.

B.

All subsequent rules below Rule 5 will not be templated, regardless of the rule

C.

No effect. Rules 6 and 7 will be eligible for templating.

D.

The restriction on one rule does not affect later rules with regards to templates.

Buy Now
Questions 42

When optimizing a customer firewall Rule Base, what is the BEST way to start the analysis?

Options:

A.

With the command fwaccel stat followed by the command fwaccel stats.

B.

At the top of the Rule Base.

C.

Using the hit count column.

D.

Using the Compliance Software Blade.

Buy Now
Questions 43

When are rules that include Identity Awareness Access (IDA) roles accelerated through SecureXL?

Options:

A.

Only when ‘Unauthenticated Guests’ is included in the access role.

B.

Never, the inclusion of an IDA role disables SecureXL.

C.

The inclusion of an IDA role has no bearing on whether the connection for the rule is accelerated.

D.

Always, the inclusion of an IDA role guarantees the connection for the rule is accelerated.

Buy Now
Questions 44

What is the command to check how many connections the firewall has detected for the SecureXL device?

Options:

A.

fw tab –t connections –s

B.

fw tab -t cphwd_db –s

C.

fw tab –t connection –s | grep template

D.

fwaccel conns

Buy Now
Exam Code: 156-115.77
Exam Name: Check Point Certified Security Master
Last Update: Dec 22, 2024
Questions: 295