The Secret of 156-115.77 exam question

Actualtests 156-115.77 Questions are updated and all 156-115.77 answers are verified by experts. Once you have completely prepared with our 156-115.77 exam prep kits you will be ready for the real 156-115.77 exam without a problem. We have Improve Check Point 156-115.77 dumps study guide. PASSED 156-115.77 First attempt! Here What I Did.

Q91. - (Topic 11) 

Which feature is not supported with unnumbered VTI? 

A. Proxy interfaces 

B. High availability 

C. Policy based routing 

D. Anti-spoofing 


Q92. - (Topic 5) 

When are rules that include Identity Awareness Access (IDA) roles accelerated through SecureXL? 

A. Only when ‘Unauthenticated Guests’ is included in the access role. 

B. Never, the inclusion of an IDA role disables SecureXL. 

C. The inclusion of an IDA role has no bearing on whether the connection for the rule is accelerated. 

D. Always, the inclusion of an IDA role guarantees the connection for the rule is accelerated. 


Q93. - (Topic 11) 

What are the common Best Practices for configuring QoS over a route-based VPN? 

A. IKE traffic must have a minimum Guarantee of 50% of the external interface throughput. 

B. QoS is not supported. 

C. Ensure the VTI is numbered. 

D. Ensure the VTI is unnumbered. 


253. - (Topic 11) 

How do you designate the “enforcement point gateway” for the peers involved in “VPN Directional Enforcement”? 

A. From the WebUI’s of the peers add a static route to the “designated enforcement point”. 

B. In the file $FWDIR/conf/user.def on each peer with a route entry to the enforcement point gateway. 

C. Designate this gateway in the VPN community properties. 

D. Editing file $FWDIR/conf/vpn_route.conf on each peer with a route entry to the enforcement point gateway. 


Q94. - (Topic 11) 

What utility would you use to configure route-based VPNs? 

A. vpn sw_topology 

B. vpn shell 

C. vpn set_slim_server 

D. vpn tu 


Q95. - (Topic 1) 

What causes the SIP Early NAT chain module to appear in the chain? 

A. The SIP traffic is trying to pass through the firewall. 

B. SIP is configured in IPS. 

C. A VOIP domain is configured. 

D. The default SIP service is used in the Rule Base. 


Q96. - (Topic 2) 

The fw tab –t ___________ command displays the NAT table. 

A. loglist B. tablist 

C. fwx_alloc 

D. conns 


Q97. - (Topic 9) 

You would like to import SNORT rules but to comply with corporate policy you need to test the conversion prior to import. How can you do this? 

A. You must manually review each signature. 

B. SnortConvertor update -f <inputfile> --dry-run 

C. Check Point does not support third party signatures. 

D. Under the IPS tree Protections > By Protocol > IPS Software Blade > Application Intelligence > SNORT import and select the SNORT import option. 


Q98. - (Topic 10) 

How do you disable IPv6 on an IPSO gateway? 

A. Run $FWDIR/scripts/fwipv6_enable off and reboot. 

B. Remove the IPv6 license from the gateway. 

C. You cannot disable IPv6. 

D. In IPSO go to System Management > System Configuration, set IPv6 Support to off, and click Apply. 


Q99. - (Topic 2) 

Which FW-1 kernel flags should be used to properly debug and troubleshoot NAT issues? 

A. nat, route, conn, fwd, zeco, err 

B. nat, xlate, fwd, vm, ld, chain 

C. nat, xltrc, xlate, drop, conn, vm 

D. nat, drop, conn, xlate, filter, ioctl 


Topic 3, ClusterXL 

Q100. - (Topic 10) 

Which of these commands can be used to display the IPv6 routes? 

A. show route 

B. show ipv6 route 

C. show routes all D. show route ipv6