All About 156-115.77 free exam questions Jan 2021

Exam Code: 156-115.77 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Master
Certification Provider: Check Point
Free Today! Guaranteed Training- Pass 156-115.77 Exam.

Q101. - (Topic 11) 

In Check Point, Domain-based VPN's take precedence over route-based VPN. If implementing a route-based VPN, what is one configuration step you must make on the gateway object taking part in the route-based VPN? 

A. You should remove the gateway from all communities. 

B. Check Point does not support route-based VPN's. 

C. You need to create a new simple group with no objects in it and apply this as the VPN domain under that gateway's topology tab. 

D. You should check the "Use route-based VPN" checkbox in the community properties. 

Answer:


Q102. - (Topic 3) 

Which command should you use to stop kernel module debugging (excluding SecureXL)? 

A. fw ctl debug 0 

B. fw ctl zdebug - all 

C. fw debug fwd off; vpn debug off 

D. fw debug fwd off 

Answer:


Q103. - (Topic 2) 

You are attempting to establish an FTP session between your computer and a remote server, but it is not being completed successfully. You think the issue may be due to IPS. Viewing SmartView Tracker shows no drops. How would you confirm if the traffic is actually being dropped by the gateway? 

A. Search the connections table for that connection. 

B. Run a fw monitor packet capture on the gateway. 

C. Look in SmartView Monitor for that connection to see why it’s being dropped. 

D. Run fw ctl zdebug drop on the gateway. 

Answer:


Q104. - (Topic 2) 

You have set up a manual NAT rule, however fw monitor shows you that the device still uses the automatic Hide NAT rule. How should you correct this? 

A. Move your manual NAT rule above the automatic NAT rule. 

B. In Global Properties > NAT ensure that server side NAT is enabled. 

C. Set the following fwx_alloc_man kernel parameter to 1. 

D. In Global Properties > NAT ensure that Merge Automatic to Manual NAT is selected. 

Answer:


Q105. - (Topic 2) 

Remote VPN clients can initiate connections with internal hosts, but internal hosts are unable to initiate connections with the remote VPN clients, even though the policy is configured to allow it. You think that this is caused by NAT. What command can you run to see if NAT is occurring on a packet? 

A. fw tab -t fwx_alloc -x 

B. fw ctl pstat 

C. fwaccel stats misp 

D. fw ctl debug -m fw + conn drop packet xlate xltrc nat 

Answer:


Q106. - (Topic 6) 

You have just configured HA and find that connections are not being synced. When you have a failover, users complain that they are losing their connections. What command could you run to see the state synchronization statistics? 

A. fw ctl pstat 

B. fw sync stats 

C. cphaprob stat 

D. fw ctl get int fw_state_sync_stats 

Answer:


Q107. - (Topic 9) 

How would one enable ‘INSPECT debugging’ if one suspects IPS false positives? 

A. Run command fw ctl set int enable_inspect_debug.1.from the command line. 

B. Toggle the checkbox in Global Properties > Firewalls > Inspection section. 

C. WebUI 

D. Set the following parameter to true using GuiDBedit: enable_inspect_debug_compilation. 

Answer:


Q108. - (Topic 10) 

Which of the following is true when IPv6 is enabled on a Security Gateway? 

A. An interface on the Gateway can either have IPv4 or IPv6 IP address or have both. 

B. As of version R77, IPv6 is only supported on Security Management Server. 

C. IPv4 will be completely disabled when IPv6 has been enabled. 

D. An interface on the Gateway can either have IPv4 or IPv6 IP address but cannot have both. 

Answer:

240. - (Topic 10) 

What VSX components do not support IPv6 in R77 VSX mode? 

A. VSX mode does not support IPv6 

B. All devices support IPv6 

C. Virtual Systems 

D. Virtual Routers 

Answer:


Q109. - (Topic 3) 

How do you clear the connections table? 

A. Run the command fw tab –t connections –x 

B. In Gateway Properties > Optimizations click Clear connections table 

C. Run the command fw tab –t conns –c 

D. Run the command fw tab –t connections –c 

Answer:


Q110. - (Topic 5) 

In order to perform some connection troubleshooting, you run the command fw monitor –e accept dport = 443. You do NOT see the TCP ACK packet. Why is this? 

A. The connection is encrypted. 

B. The connection is NATted. 

C. The connection is dropped. 

D. The connection is accelerated. 

Answer: