156-315.77 study guides（331 to 340） for IT examinee: Jan 2018 Edition
It is more faster and easier to pass the Check Point 156-315.77 exam by using Printable Check Point Check Point Security Expert R77 questuins and answers. Immediate access to the Refresh 156-315.77 Exam and find the same core area 156-315.77 questions with professionally verified answers, then PASS your exam with a high score now.
Q331. - (Topic 4)
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
Q332. - (Topic 3)
Which of the following commands would you run to remove site-to-site IKE and IPSec Keys?
A. vpn tu
C. vpn export_p12
D. vpn accel off
Q333. - (Topic 6)
David is the MultiCorp Security Manager and approves the proposals submitted by the Security Administrator Peter. One day, David believes he has detected a vulnerability in the Security Policy. He submits a change proposal and tries to approve his own submission. The system does not allow him to perform this procedure.
What is the reason for this behavior?
A. The company does not allow David to submit and also approve the same policy change. David was assigned the Approve only permission (instead of Submit and Approve).
B. The company does not allow David to submit and approve the same policy change. The setting Manager cannot approve their submitted sessions in Global Properties was set to On.
C. The company does not allow David to submit and approve the same policy change. The setting Manager cannot approve their submitted sessions in theSmart Workflowsection of the Firewall object properties was set to On.
D. The proposal contains some logical contradictions. The Check Point verification control does not permit this change to be carried out.
Q334. - (Topic 6)
You are responsible for the IPS configuration of your Check Point firewall. Inside the Denial of service section you need to set the protection parameters against the Teardrop attack tool with high severity. How would you characterize this attack tool? Give the BEST answer.
A. Hackers can send high volumes of non-TCP traffic in an effort to fill up a firewall State Table. This results in a Denial of Service by preventing the firewall from accepting new connections. Teardrop is a widely available attack tool that exploits this vulnerability.
B. A remote attacker may attack a system by sending a specially crafted RPC request to execute arbitrary code on a vulnerable system. Teardrop is a widely available attack tool that exploits this vulnerability.
C. Some implementations of TCP/IP are vulnerable to packets that are crafted in a particular way (a SYN packet in which the source address and port are the same as the destination, i.e., spoofed). Teardrop is a widely available attack tool that exploits this vulnerability
D. Some implementations of the TCP/IP IP fragmentation re-assembly code do not properly handle overlapping IP fragments. Sending two IP fragments, the latter entirely contained inside the former, causes the server to allocate too much memory and crash. Teardrop is a widely available attack tool that exploits this vulnerability.
Q335. - (Topic 2)
What is the reason for the following error?
A. A third-party cluster solution is implemented.
B. Cluster membership is not enabled on the gateway.
C. Objects.C does not contain a cluster object.
D. Device Name contains non-ASCII characters.
Q336. - (Topic 7)
What is the meaning of the option Connect to the Internet?
A. Smart Dashboardwill retrieve information from Check Point over the Internet. No information will be sent.
B. Smart Dashboardwill retrieve information from Check Point over the Internet. Your information will be sent anonymously to Check Point.
C. Smart Dashboardwill retrieve information from Check Point over the Internet using your User Center login.
D. Smart Dashboardwill retrieve information from Check Point over the Internet.
Q337. - (Topic 7)
Which three of the following are ClusterXL member requirements?
1) same operating systems 2) same Check Point version 3) same appliance model 4) same policy
A. 1, 2, and 4
B. 1, 2, and 3
C. 1, 3, and 4
D. 2, 3, and 4
Topic 8, Volume H
Q338. CORRECT TEXT - (Topic 7)
Fill in the blank. In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2 Internal host 10.4.8.108 pings 10.4.8.3, and receives replies.
Review the ARP table from the internal Windows host 10.4.8.108. According to the output, which member is the standby machine?
Q339. - (Topic 4)
To help organize events,Smart Reporteruses filtered queries. Which of the following is NOT anSmart Eventeventproperty you can query?
A. Event: Critical, Suspect, False Alarm
B. Time:Last Hour, Last Day, Last Week
C. State:Open, Closed, False Alarm
D. Type:Scans, Denial of Service, Unauthorized Entry
Q340. - (Topic 3)
Your customer asks you about the Performance Pack. You explain to him that a Performance Pack is a software acceleration product which improves the performance of the Security Gateway. You may enable or disable this acceleration by either:
1) thecommand:cpconfig 2) the commanD .fwaccel on|off
What is the difference between these two commands?
A. The fwaccel command determines the default setting. The command cpconfig can dynamically change the setting, but after the reboot it reverts to the default setting.
B. Both commands function identically.
C. The command cpconfig works on the Security Platform only. The command fwaccel can be used on all platforms.
D. The cpconfig command enables acceleration. The command fwaccel can dynamically change the setting, but after the reboot it reverts to the default setting.