Proper study guides for Refresh Check Point Check Point Certified Security Master certified begins with Check Point 156-115.77 preparation products which designed to deliver the Free 156-115.77 questions by making you pass the 156-115.77 test at your first time. Try the free 156-115.77 demo right now.
Q113. - (Topic 3)
Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?
A. The source IP of the packet.
B. The packet has a TTL value of less than 255.
C. The source MAC address of the packet.
D. The destination IP of the packet.
Answer: B
Q114. - (Topic 7)
What is the best way to see how a firewall is performing while processing packets in the firewall path, including resource usage?
A. fw getperf
B. SecureXL stat
C. fwaccel stats
D. fw ctl pstat
Answer: D
Q115. - (Topic 2)
You have set up a manual NAT rule, however fw monitor shows you that the device still uses the automatic Hide NAT rule. How should you correct this?
A. Move your manual NAT rule above the automatic NAT rule.
B. In Global Properties > NAT ensure that server side NAT is enabled.
C. Set the following fwx_alloc_man kernel parameter to 1.
D. In Global Properties > NAT ensure that Merge Automatic to Manual NAT is selected.
Answer: A
Q116. - (Topic 11)
In Check Point, Domain-based VPN's take precedence over route-based VPN. If implementing a route-based VPN, what is one configuration step you must make on the gateway object taking part in the route-based VPN?
A. You should remove the gateway from all communities.
B. Check Point does not support route-based VPN's.
C. You need to create a new simple group with no objects in it and apply this as the VPN domain under that gateway's topology tab.
D. You should check the "Use route-based VPN" checkbox in the community properties.
Answer: C
Q117. - (Topic 11)
You are configuring VTIs in a clustered environment. On Peer A the VTI name is VT_Cluster_GWA and on Peer B the VTI name is VT_Cluster_GWB. You find that the route-based tunnel is not coming up. What could be the cause?
A. The names for your peers have been reversed.
B. You have not issued the command “vpn write config’ command.
C. You have not licensed your gateways for VTIs.
D. All VTIs going to the same remote peer must have the same name.
Answer: D
Q118. - (Topic 3)
Which command should you use to stop kernel module debugging (excluding SecureXL)?
A. fw ctl debug 0
B. fw ctl zdebug - all
C. fw debug fwd off; vpn debug off
D. fw debug fwd off
Answer: A
Q119. - (Topic 3)
From the output of the following cphaprob -i list, what is the most likely cause of the clustering issue?
Cluster B> cphaprob -i list Built-in Devices: Device Name: Interface Active Check Current state: OK Device Name: HA Initialization Current state: OK Device Name: Recovery Delay Current state: OK Registered Devices: Device Name: Synchronization Registration number: 0 Timeout: none Current state: OK
Time since last report: 3651.5 sec
Device Name: Filter Registration number: 1 Timeout: none Current state: problem Time since last report: 139 sec Device Name: routed Registration number: 2 Timeout: none Current state: OK Time since
last report: 3651.9 sec
Device Name: cphad Registration number: 3 Timeout: none Current state: OK Time since last report: 3696.5 sec Device Name: fwd Registration number: 4 Timeout: none Current state: OK Time since last
report: 3696.5 sec
A. There is an interface down on Cluster A
B. There is a sync network issue between Cluster A and Cluster B
C. The routing table on Cluster B is different from Cluster A
D. Cluster B and Cluster A have different versions of policy installed.
Answer: D
60. - (Topic 3)
What is the function of the setting "no_hide_services_ports" in the tables.def files?
A. Preventing the secondary member from hiding its presence by not forwarding any packets.
B. Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.
C. Hiding the particular tables from being synchronized to the other cluster member.
D. Preventing outbound traffic from being hidden behind the cluster IP address.
Answer: D
Q120. - (Topic 11)
Which technology is not supported with route-based VPNs?
A. Unnumbered VTI
B. Numbered VTI
C. IKEv2
D. OSPF
Answer: C