Cause all that matters here is passing the Check Point 156-115.77 exam. Cause all that you need is a high score of 156-115.77 Check Point Certified Security Master exam. The only one thing you need to do is downloading Actualtests 156-115.77 exam study guides now. We will not let you down with our money-back guarantee.

2021 Nov 156-115.77 book

Q21. - (Topic 2) 

Given the screen configuration shown, the failure’s probable cause is: 

A. Packet 1 Proposes SA life Type , Sa Life Duration, Authentication and Encapsulation Algorithm. 

B. Packet 1 proposes a symmetrical key. 

C. Packet 1 proposes a subnet and host ID, an encryption and hash algorithm. 

D. Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm, and ID data. 

Answer:


Q22. - (Topic 1) 

You are running a debugging session and you have set the debug environment to TDERROR_ALL_ALL=5 using the command export TDERROR_ALL_ALL=5. How do you return the debug value to defaults? 

A. fw ctl debug 0x1ffffe0 

B. fw debug 0x1ffffe0 

C. export TDERROR_ALL_ALL 

D. unset TDERROR_ALL_ALL 

Answer:


Q23. - (Topic 9) 

Which of the following IPS Layers is a set of signatures and/or handlers, where: 

?Signature is a malicious pattern that is searched for. 

?Handler is the INSPECT code that performs more complex inspection. 

A. Passive Streaming Library (PSL) 

B. Protections 

C. Context Management Interface layer (CMI) 

D. Protocol Parsers 

Answer:


Q24. - (Topic 9) 

You have strict IPS corporate guidelines. This is having a performance impact on the firewall. What steps could you take to minimize this impact without compromising the corporate policy? 

A. Select “Protect Internal hosts only” 

B. Select “Bypass IPS inspection when gateway is under heavy load” 

C. Select “Perform IPS inspection on all traffic” 

D. Without minimizing signatures you cannot improve performance 

Answer:


Q25. - (Topic 8) 

Why would you not see a CoreXL configuration option in cpconfig? 

A. The gateway only has one processor core. 

B. CoreXL is not enabled in the gateway object. 

C. CoreXL is not licensed. 

D. CoreXL is disabled via policy. 

Answer:


Leading 156-115.77 exam cram:

Q26. - (Topic 6) 

What will be the outcome if you set the kernel parameters cphwd_nat_templates_enabled and cphwd_nat_templates_support? 

A. This would enable Hide NAT support. 

B. These parameters are mutually exclusive and cannot be used at the same time. 

C. This would enable SecureXL NAT templates. 

D. These are not valid parameters. 

Answer:


Q27. - (Topic 2) 

Which FW-1 kernel flags should be used to properly debug and troubleshoot NAT issues? 

A. nat, route, conn, fwd, zeco, err 

B. nat, xlate, fwd, vm, ld, chain 

C. nat, xltrc, xlate, drop, conn, vm 

D. nat, drop, conn, xlate, filter, ioctl 

Answer:

Topic 3, ClusterXL 


Q28. - (Topic 11) 

What does the command vpn shell interface add numbered 192.168.0.1 192.168.0.2 Gateway_A to_B accomplish? 

A. Between Security Gateways A and B, 192.168.0.1 is assigned as the endpoint IP address to Gateway A. 192.168.0.2 is assigned to Gateway B. 

B. Between Security Gateways A and B 192.168.0.2 is assigned as the endpoint IP address to Gateway A. 192.168.0.1 is assigned to Gateway B. 

C. shell is not a valid option for the command vpn. 

D. This command can be used to create a VPN tunnel from the command line without having any VPN configuration in Smart Dashboard (although “IPSec VPN” must still be enabled on the gateway). 

Answer:


Q29. - (Topic 3) 

Each connection allowed by a Security Gateway, will have a real entry and some symbolic link entries in the connections state table. The symbolic link entries point back to the real entry using this: 

A. serial number of the real entry. 

B. 6-tuple. 

C. memory pointer. 

D. date and time of the connection establishment. 

Answer:

Explanation: 

C3O3 - ClusterXL 


Q30. - (Topic 7) 

When a cluster member is completely powered down, how will the other member identify if there is network connectivity? 

A. The working member will ARP for the default gateway. 

B. The working member will look for replies to traffic sent from internal hosts. 

C. The working member will automatically assume connectivity. 

D. The working member will Ping IPs in the subnet until it gets a response. 

Answer: