Exam Code: 156-115.77 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Master
Certification Provider: Check Point
Free Today! Guaranteed Training- Pass 156-115.77 Exam.

2021 Nov 156-115.77 exams

Q61. - (Topic 7) 

What is the best way to see how much traffic went through the firewall that was TCP, UDP and ICMP? 

A. fwaccel conns 

B. fw tab –t connections –p 

C. fwaccel stats 

D. fw ctl pstat 

Answer:


Q62. - (Topic 11) 

When troubleshooting a VPN site-to-site to a peer, it may be necessary to "down" the tunnel. What is the best method to remove ONLY the tunnel to this peer? 

A. Change the vpn tunnel sharing parameters to force the tunnel down. 

B. Reboot your gateway. 

C. Remove the peer from the community and install policy. 

D. Delete the IKE and IPsec Security Associations using the command vpn tu. 

Answer:


Q63. - (Topic 3) 

What are the kernel parameters that control “Magic MACs”? 

A. fwha_magic_mac and fw_forward_magic_mac 

B. fwha_mac_magic and fw_mac_forward_magic 

C. cpha_mac_magic and cp_mac_forward_magic 

D. cpha_magic_mac and cpha_mac_forward_magic 

Answer:


Q64. - (Topic 10) 

Which of the following statements about Full HA support with IPv6 is NOT true? 

A. There is no Dynamic Routing with IPv6. 

B. Mirrored Interfaces must have IPv4 addresses. 

C. Sync traffic must be IPv4. 

D. IPv6 does not support a Secondary Management Server. 

Answer:

Topic 11, Advanced VPN 


Q65. - (Topic 6) 

Which command will NOT display information related to memory usage? 

A. free 

B. fw ctl pstat 

C. cat /proc/meminfo 

D. memoryinfo.conf 

Answer:


Rebirth 156-115.77 sample question:

Q66. - (Topic 3) 

What would be a reason for changing the “Magic MAC”? 

A. To allow for automatic upgrades. 

B. To allow two or more cluster members to exist on the same network. 

C. To allow two or more clusters to exist on the same network. 

D. To allow the two cluster members to use the same virtual IP address. 

Answer:


Q67. - (Topic 8) 

A Security Administrator wants to increase the amount of processing cores on a Check Point Security Gateway. He starts by increasing the number of cores, however the number of kernel instances remain the same way. What is the correct process to increase the number of kernel instances? 

A. Cpconfig- Enable Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cprestart 

B. Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-reboot 

C. Cpconfig- Enable Check Point ClusterXL- Change the number of firewall instances-define how many firewall instances to enable-reboot 

D. Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cpstop,cpstart 

Answer:


Q68. - (Topic 9) 

You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you see when these were updated? 

A. In the IPS tree Protections > Select Check for Update. 

B. Check asm_update_version_geo in GuiDBedit. 

C. In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy. 

D. Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv. 

Answer:


Q69. - (Topic 3) 

What would be a reason to use the command cphaosu stat? 

A. To determine the number of connections from OPSEC software using Open Source Licenses. 

B. To decide when to fail over traffic to a new cluster member. 

C. This is not a valid command. 

D. To see the policy install dates on each of the members in the cluster. 

Answer:


Q70. - (Topic 4) 

In the process of troubleshooting traffic issues across a VPN tunnel, you notice on the output of fw monitor -e host(172.21.1.10), accept; that packets are going through the inbound chain (i > I) and then disappearing after the outbound chain (o > __), while you were expecting to see the packet leave on O. What could be causing this issue? 

A. When packets are destined to leave through a VPN tunnel, it is encrypted and encapsulated in an ESP packet, and thus will not show up on a fw monitor. 

B. It’s not showing up on the fw monitor because it is exiting the wrong interface 

C. The packet is getting silently dropped because there is no route for the packet. 

D. The gateway never completed the IKE and IPSec key exchange, and the tunnel does not exist yet. 

Answer: