March Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Note! The 156-115.77 Exam is no longer available.

156-115.77 Check Point Certified Security Master Questions and Answers

Questions 4

The fw tab –t ___________ command displays the NAT table.

Options:

A.

loglist

B.

tablist

C.

fwx_alloc

D.

conns

Buy Now
Questions 5

Certain rules will disable connection rate acceleration (templates) in the Rule Base. What command should be used to determine on what rule templates are disabled?

Options:

A.

cpconfig

B.

cphaprob -a if

C.

fw ctl pstat

D.

fwaccel stat

Buy Now
Questions 6

Which of these commands can be used to display the IPv6 status?

Options:

A.

show ipv6-stat

B.

show ipv6 all

C.

show ipv6 status

D.

show ipv6-status

Buy Now
Questions 7

Which of the following statements about Full HA support with IPv6 is NOT true?

Options:

A.

There is no Dynamic Routing with IPv6.

B.

Mirrored Interfaces must have IPv4 addresses.

C.

Sync traffic must be IPv4.

D.

IPv6 does not support a Secondary Management Server.

Buy Now
Questions 8

Which of these commands can be used to display the IPv6 routes?

Options:

A.

show route

B.

show ipv6 route

C.

show routes all

D.

show route ipv6

Buy Now
Questions 9

What VSX components do not support IPv6 in R77 VSX mode?

Options:

A.

VSX mode does not support IPv6

B.

All devices support IPv6

C.

Virtual Systems

D.

Virtual Routers

Buy Now
Questions 10

Check Point Best Practices suggest that when you finish a kernel debug, you should run the command _____________________ .

Options:

A.

fw debug 0

B.

fw debug off

C.

fw ctl debug default

D.

fw ctl debug 0

Buy Now
Questions 11

Which command displays compression/decompression statistics?

Options:

A.

vpn ver –k

B.

vpn compstat

C.

vpn compreset

D.

vpn crlview

Buy Now
Questions 12

What file contains IKEv2 debug messages?

Options:

A.

$FWDIR/log/ikev2

B.

$FWDIR/log/ike.xml

C.

$FWDIR/log/vpnd.elg

D.

$FWDIR/log/ike.elg

Buy Now
Questions 13

Given the following IKEView output, what do we know about QuickMode Packet 1?

156-115.77 Question 13

Options:

A.

Packet 1 proposes a symmetrical key

B.

Packet 1 proposes a subnet and host ID, an encryption and hash algorithm

C.

Packet 1 Proposes SA life Type, Sa Life Duration, Authentication and Encapsulation Algorithm

D.

Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm, and ID data

Buy Now
Questions 14

If the number of Firewall Workers for CoreXL is set higher on one member of a cluster than the other, the cluster will be in what state?

Options:

A.

Active/Standby

B.

Active/Ready

C.

Active Attention/Down

D.

Active/Down

Buy Now
Questions 15

Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .

Options:

A.

fw ctl sync stop, fw ctl sync start

B.

fw ctl setsync off, fw ctl setsync start

C.

fw ctl setsync stop, fw ctl setsync on

D.

fw ctl setsync off, fw ctl setsync on

Buy Now
Questions 16

ACME Corp has a cluster consisting of two 13500 appliances. As the Firewall Administrator, you notice that on an output of top, you are seeing high CPU usage of the cores assigned as SNDs, but low CPU usage on cores assigned to individual fw_worker_X processes. What command should you run next to performance tune your cluster?

Options:

A.

fw ctl debug –m cluster + all – this will show you all the connections being processed by ClusterXL and explain the high CPU usage on your appliance.

B.

fwaccel off – this will turn off SecureXL, which is causing your SNDs to be running high in the first place.

C.

fwaccel stats –s – this will show you the acceleration profile of your connections and potentially why your SNDs are running high while other cores are running low.

D.

fw tab –t connections –s – this will show you a summary of your connections table, and allow you to determine whether there is too much traffic traversing your firewall.

Buy Now
Questions 17

In a ClusterXL cluster with delayed synchronization, which of the following is not true?

Options:

A.

The length of time for the delay can be edited.

B.

It applies only to TCP services whose Protocol Type is set to HTTP or None.

C.

Delayed Synchronization is disabled if the Track option in the rule is set to Log or Account.

D.

Delayed Synchronization is performed only for connections matching a SecureXL Connection Template.

Buy Now
Questions 18

Where would you go to adjust the number of Kernels in CoreXL?

Options:

A.

Cpconfig

B.

fw ctl conf

C.

fw ctl affinity

D.

fw ctl multik stat

Buy Now
Questions 19

From a Best Practices perspective, what percentage of your packets should be accelerated?

Options:

A.

65%

B.

90%

C.

100%

D.

75%

Buy Now
Questions 20

You are at a customer site, and when you run cphaprob stat you are not seeing a normal ClusterXL Health. What command could you run verify the number of cores are not matched on both cluster members?

Options:

A.

cpconfig

B.

cphaprob -a if

C.

fw ctl multik stat

D.

cphaprob stat

Buy Now
Questions 21

What will be the outcome if you set the kernel parameters cphwd_nat_templates_enabled and cphwd_nat_templates_support?

Options:

A.

This would enable Hide NAT support.

B.

These parameters are mutually exclusive and cannot be used at the same time.

C.

This would enable SecureXL NAT templates.

D.

These are not valid parameters.

Buy Now
Questions 22

What command would you use to check if CoreXL is enabled?

Options:

A.

fw ctl multik stat

B.

cpconfig

C.

fw ctl affinity -1

D.

fw ctl pstat

Buy Now
Questions 23

Which command will allow you to change firewall affinity and survive a reboot with no further modification?

Options:

A.

fw ctl affinity –s

B.

sim affinity –l

C.

fw affinity –l

D.

sim affinity –s

Buy Now
Questions 24

What is the limit to the number of VPN directions that can be configured in a single rule?

Options:

A.

There is no limit.

B.

It is limited to the number of communities that exist in your dashboard.

C.

You may only configure one direction per rule.

D.

After configuring ten you must use a standard bi-directional condition.

Buy Now
Questions 25

Where do you configure VTIs on your R77 gateway in VSX mode?

Options:

A.

VTIs are configured in each VS context.

B.

VTIs are configured in VS0 context.

C.

VTIs are not supported in VSX mode.

D.

VTIs are configured in SmartDashboard.

Buy Now
Questions 26

When you have your directional VPN enforcement rule set to “Internal_Clear” , what does this represent?

Options:

A.

All interfaces are designated “External”

B.

VOIP traffic

C.

Do not perform directional VPN enforcements on this traffic

D.

All interfaces are designated as “Internal”

Buy Now
Questions 27

PXL is considered to be what type of acceleration?

Options:

A.

Fast Path

B.

Slow Path

C.

Medium Path

D.

PXL is not related to acceleration

Buy Now
Questions 28

In order to perform some connection troubleshooting, you run the command fw monitor –e accept dport = 443. You do NOT see the TCP ACK packet. Why is this?

Options:

A.

The connection is encrypted.

B.

The connection is NATted.

C.

The connection is dropped.

D.

The connection is accelerated.

Buy Now
Questions 29

What are the common Best Practices for configuring QoS over a route-based VPN?

Options:

A.

IKE traffic must have a minimum Guarantee of 50% of the external interface throughput.

B.

QoS is not supported.

C.

Ensure the VTI is numbered.

D.

Ensure the VTI is unnumbered.

Buy Now
Questions 30

Consider the following Rule Base;

156-115.77 Question 30

What can be concluded in regards to SecureXL Accept Templates?

Options:

A.

Accept Templates will be disabled on Rule #4

B.

Accept Templates will be fully functional

C.

Accept Templates will be disabled on Rule #6

D.

Accept Templates do not function with VPN communities in the Rule Base

Buy Now
Questions 31

When using Geo Protections, you find there are logs for a country that you believe is incorrect. What file do you review to verify what country Geo Protections should identify the traffic as?

Options:

A.

asm.C

B.

objects.C

C.

objects_5_0.C

D.

IpToCountry.csv

Buy Now
Questions 32

Jerry is a network administrator for ACME Co. Their network contains 5 gateways all managed by a single Management Server. They are currently receiving an exorbitant amount of false positive for traffic traversing their network. Based on this information, what factor do you think is contributing most to the high amount of false positives Jerry is receiving?

Options:

A.

She is performing IPS inspection on all traffic

B.

She has set protections to run in “Detect” mode

C.

She has enabled protections based on the network devices and requirements

D.

She has created a dedicated IPS profile for each Security Gateway

Buy Now
Questions 33

What do the ‘F’ flags mean in the output of fwaccel conns?

Options:

A.

Forward to firewall

B.

Flag set for debug

C.

Fast path packets

D.

Flow established

Buy Now
Questions 34

In R77, Under what circumstances would IPS bypass be enforced?

Options:

A.

Single CoreXL fw instance usage over ‘High’ threshold, Average Memory over ‘High’ threshold

B.

Single CoreXL fw instance usage over ‘Low’ threshold, Average Memory over ‘High’ threshold

C.

Average CPU over ‘High’ threshold, Average Memory over ‘Low’ threshold

D.

Average CPU over ‘High’ threshold, Average Memory over ‘High’ threshold

Buy Now
Questions 35

You are attempting to establish an FTP session between your computer and a remote server, but it is not being completed successfully. You think the issue may be due to IPS. Viewing SmartView Tracker shows no drops. How would you confirm if the traffic is actually being dropped by the gateway?

Options:

A.

Search the connections table for that connection.

B.

Run a fw monitor packet capture on the gateway.

C.

Look in SmartView Monitor for that connection to see why it’s being dropped.

D.

Run fw ctl zdebug drop on the gateway.

Buy Now
Questions 36

When viewing connections using the command fw tab -t connections, all entries are displayed with a 6-tuple key, the elements of the 6-tuple include the following EXCEPT:

Options:

A.

destination port number

B.

source port number

C.

direction (inbound / outbound)

D.

interface id

Buy Now
Questions 37

You run the command fw tab -t connections -s on both members in the cluster.  Both members report differing values for "vals" and "peaks".  Which may NOT be a reason for this difference?

Options:

A.

Synchronization is not working between the two members

B.

SGMs in a 61k environment only sync selective parts of the connections table.

C.

Heavily used short-lived services have had synchronization disabled for performance improvement.

D.

Standby member does not synchronize until a failover is needed.

Buy Now
Questions 38

In some situations, switches may not play nicely with a Check Point Cluster and it is necessary to change from multicast to broadcast. What command should you invoke to correct the issue?

Options:

A.

set ccp broadcast

B.

cphaconf set_ccp broadcast

C.

cpha_conf set ccp broadcast

D.

This can only be changed via GuiDbEdit.

Buy Now
Questions 39

Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?

Options:

A.

The source IP of the packet.

B.

The packet has a TTL value of less than 255.

C.

The source MAC address of the packet.

D.

The destination IP of the packet.

Buy Now
Questions 40

What causes the SIP Early NAT chain module to appear in the chain?

Options:

A.

The SIP traffic is trying to pass through the firewall.

B.

SIP is configured in IPS.

C.

A VOIP domain is configured.

D.

The default SIP service is used in the Rule Base.

Buy Now
Questions 41

When you perform an install database, the status window is filled with large amounts of text. What could be the cause?

Options:

A.

There is an active fw monitor running.

B.

There is an environment variable of TDERROR_ALL_ALL set on the gateway.

C.

There is an active debug on the SmartConsole.

D.

There is an active debug on the FWM process.

Buy Now
Questions 42

When troubleshooting and trying to understand which chain is causing a problem on the Security Gateway, you should use the command:

Options:

A.

fw ctl zdebug drop

B.

fw tab –t connections

C.

fw monitor -e "accept;" -p all

D.

fw ctl chain

Buy Now
Questions 43

What command would you use for a packet capture on an absolute position for TCP streaming (out) 1ffffe0

Options:

A.

fw ctl chain -po 1ffffe0 -o monitor.out

B.

fw monitor -po -0x1ffffe0 -o monitor.out

C.

fw monitor -e 0x1ffffe0 -o monitor.out

D.

fw monitor -pr 1ffffe0 -o monitor.out

Buy Now
Questions 44

You have just configured HA and find that connections are not being synced. When you have a failover, users complain that they are losing their connections. What command could you run to see the state synchronization statistics?

Options:

A.

fw ctl pstat

B.

fw sync stats

C.

cphaprob stat

D.

fw ctl get int fw_state_sync_stats

Buy Now
Exam Code: 156-115.77
Exam Name: Check Point Certified Security Master
Last Update: Nov 27, 2023
Questions: 295
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 28 Mar 2024