What Does 156-115.77 exam fees Mean?
It is more faster and easier to pass the Check Point 156-115.77 exam by using High quality Check Point Check Point Certified Security Master questuins and answers. Immediate access to the Down to date 156-115.77 Exam and find the same core area 156-115.77 questions with professionally verified answers, then PASS your exam with a high score now.
Q131. - (Topic 11)
Henry is attempting to verify VPN connectivity between two hosts, x and y. Of the following commands, which could be BEST used to verify connectivity of this VPN?
A. [Expert@HostName]# fw monitor -e "((src=x.x.x.x , dst=y.y.y.y) or (src=y.y.y.y, dst=x.x.x.x)), accept;" x-o /var/log/fw_mon.cap
B. [Expert@HostName]# fw monitor -e "host(x.x.x.x) and host(y.y.y.y), accept;" -o /var/log/fw_mon.capw monitor -e "accept;" -o /var/log/fw_mon.cap
C. [Expert@HostName]# fw monitor -e "(ip_p=X) or (ip_p=Y, port(Z)), accept;" -o /var/log/fw_mon.cap
D. [Expert@HostName]# fw monitor -e "ip_p=X, accept;" -o /var/log/fw_mon.cap
Answer: A
Q132. - (Topic 10)
A system administrator wants to convert an IPv6 gateway from a standard gateway into a gateway running VSX mode. What does he need to consider?
A. It is not possible to convert a gateway with IPv6 enabled to VSX mode.
B. There needs to be proper IPv6 routing setup.
C. At least two interfaces need to be configured with IPv6.
D. Policy needs to be properly applied to the gateway before converting the system to VSX mode.
Answer: A
Q133. - (Topic 9)
Jerry is a network administrator for ACME Co. Their network contains 5 gateways all managed by a single Management Server. They are currently receiving an exorbitant amount of false positive for traffic traversing their network. Based on this information, what factor do you think is contributing most to the high amount of false positives Jerry is receiving?
A. She is performing IPS inspection on all traffic
B. She has set protections to run in “Detect” mode
C. She has enabled protections based on the network devices and requirements
D. She has created a dedicated IPS profile for each Security Gateway
Answer: A
Q134. - (Topic 4)
Which command will you run to list established VPN tunnels?
A. fw tab -t vpn_active
B. vpn compstat
C. fw tab -t vpn_routing
D. vpn tu
Answer: D
Q135. - (Topic 11)
In Wire mode. if a packet reaches the gateway from a trusted source and is destined to a trusted destination, will the firewall do stateful inspection?
A. No, but IPS inspection will still be enforced.
B. Yes, the Firewall always performs stateful inspection.
C. Yes, but only if SecureXL is disabled.
D. No
Answer: D
Q136. - (Topic 4)
Given the following IKEView output, what do we know about QuickMode Packet 1?
A. Packet 1 proposes a symmetrical key
B. Packet 1 proposes a subnet and host ID, an encryption and hash algorithm
C. Packet 1 Proposes SA life Type, Sa Life Duration, Authentication and Encapsulation Algorithm
D. Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm, and ID data
Answer: D
Q137. - (Topic 4)
You are troubleshooting your VPN and are reviewing the output of your command fw monitor, shown below. What can you determine from the following output?
A. The fw monitor command cannot display the relevant information since it is encrypted
traffic
B. NAT is not being applied to the IP address 10.10.10.86
C. There is no issue, since the traffic is being seen at all points in the inspection kernel
D. Traffic is not being encrypted
Answer: D
Q138. - (Topic 2)
You are trying to troubleshoot a NAT issue on your network, and you use a kernel debug to verify a connection is correctly translated to its NAT address. What flags should you use for the kernel debug?
A. fw ctl debug -m fw + conn drop nat vm xlate xltrc
B. fw ctl debug -m fw + conn drop ld
C. fw ctl debug -m nat + conn drop nat xlate xltrc
D. fw ctl debug -m nat + conn drop fw xlate xltrc
Answer: A
Q139. - (Topic 2)
Server A is subject to automatically static NAT and also resides on a network which is subject to automatic Hide NAT. With regards to address translation what will happen when Server A initiates outbound communication?
A. This will cause a policy verification error.
B. This is called hairpin NAT, the traffic will return to the server.
C. The static NAT will take precedence.
D. The Hide NAT will take precedence.
Answer: C
Q140. - (Topic 9)
Where do you run the command get_ips_statistics.sh from?
A. $FWDIR/conf on the Management Server
B. $FWDIR/scripts on the Management Server
C. $FWDIR/conf on the gateway
D. $FWDIR/scripts on the gateway
Answer: B