10 Tips For 156-115.77 IT professionals

Proper study guides for Rebirth Check Point Check Point Certified Security Master certified begins with Check Point 156-115.77 preparation products which designed to deliver the Top Quality 156-115.77 questions by making you pass the 156-115.77 test at your first time. Try the free 156-115.77 demo right now.

Q111. - (Topic 9) 

You have strict IPS corporate guidelines. This is having a performance impact on the firewall. What steps could you take to minimize this impact without compromising the corporate policy? 

A. Select “Protect Internal hosts only” 

B. Select “Bypass IPS inspection when gateway is under heavy load” 

C. Select “Perform IPS inspection on all traffic” 

D. Without minimizing signatures you cannot improve performance 

Answer:


Q112. - (Topic 6) 

From a Best Practices perspective, what percentage of your packets should be accelerated? 

A. 65% 

B. 90% 

C. 100% 

D. 75% 

Answer:


Q113. - (Topic 4) 

You are setting up VPN between two gateways Local-GW and New-GW and want to use shared secret. For some reason New-GW is not showing up in the shared secret properties under mesh community properties. What is the most likely reason why the New-GW is not displayed? 

A. Gateway is locally managed by the same management station as Local-GW and shared secret is not supported for this configuration 

B. New-GW has to have Advanced properties > shared secret enabled. 

C. You need to install database by selecting Policy > Install database before gateway can be added. 

D. Gateway is 600 appliance and does not support “shared secret” option. 

Answer:


Q114. - (Topic 8) 

Why would you not see a CoreXL configuration option in cpconfig? 

A. The gateway only has one processor core. 

B. CoreXL is not enabled in the gateway object. 

C. CoreXL is not licensed. 

D. CoreXL is disabled via policy. 

Answer:


Q115. - (Topic 3) 

Which is NOT a valid upgrade method in an R77 GAiA ClusterXL deployment? 

A. Optimal Service Upgrade 

B. Full Connectivity Upgrade 

C. Minimal Effort Upgrade 

D. Automatic Incremental Upgrade 

Answer:


Q116. - (Topic 6) 

From which version can you add Proxy ARP entries through the GAiA portal? 

A. R77.10 

B. R77 

C. R75.40 

D. R76 

Answer:


Q117. - (Topic 1) 

The user tried to connect in SmartDashboard and did not work. You started a FWM debug and receive the logs below: 

What is the error cause? 

A. IP not defined in $FWDIR/conf/gui-clients 

B. Wrong user and password 

C. Wrong password 

D. Wrong user 

Answer:


Q118. - (Topic 7) 

ACME Corp has a cluster consisting of two 13500 appliances. As the Firewall Administrator, you notice that on an output of top, you are seeing high CPU usage of the cores assigned as SNDs, but low CPU usage on cores assigned to individual fw_worker_X processes. What command should you run next to performance tune your cluster? 

A. fw ctl debug –m cluster + all – this will show you all the connections being processed by ClusterXL and explain the high CPU usage on your appliance. 

B. fwaccel off – this will turn off SecureXL, which is causing your SNDs to be running high in the first place. 

C. fwaccel stats –s – this will show you the acceleration profile of your connections and potentially why your SNDs are running high while other cores are running low. 

D. fw tab –t connections –s – this will show you a summary of your connections table, and allow you to determine whether there is too much traffic traversing your firewall. 

Answer:


Q119. - (Topic 9) 

“If the machine is under stress, we do not want to leave the stress condition due to a single measurement (which could be an anomaly), but rather wait for a given length of time, before changing the condition.” …describes which of the following “Bypass under Load” setting kernel parameters? 

A. ids_assume_stress 

B. ide_tolerance_no_stress 

C. ids_tolerance_stress 

D. ids_timeout 

Answer:


Q120. - (Topic 5) 

SecureXL uses templating to accelerate traffic passing through the gateway. What command should you run to determine if Accept, Drop and NAT templating is enabled? 

A. fwaccel stat 

B. fw ctl pstat 

C. cphaprob -a if 

D. cpconfig 

Answer: