It is impossible to pass Check Point 156-115.77 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Check Point 156-115.77 practice questions. You will get a surprising result by our Down to date Check Point Certified Security Master practice guides.
2021 Nov 156-115.77 free exam questions
Q161. - (Topic 1)
What command would you use for a packet capture on an absolute position for TCP streaming (out) 1ffffe0
A. fw ctl chain -po 1ffffe0 -o monitor.out
B. fw monitor -po -0x1ffffe0 -o monitor.out
C. fw monitor -e 0x1ffffe0 -o monitor.out
D. fw monitor -pr 1ffffe0 -o monitor.out
Answer: B
Q162. - (Topic 9)
“Tuning” IPS protections to suit the specific needs of an environment can be accomplished by all of the following EXCEPT:
A. Focusing on high confidence level protections.
B. Focusing on low capacity protections.
C. Focusing on low performance impact protections.
D. Focusing on high severity protections.
Answer: B
Q163. - (Topic 3)
Which is NOT a valid upgrade method in an R77 GAiA ClusterXL deployment?
A. Optimal Service Upgrade
B. Full Connectivity Upgrade
C. Minimal Effort Upgrade
D. Automatic Incremental Upgrade
Answer: D
Q164. - (Topic 3)
Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70 and R77 versions..A change was made to the file $FWDIR/lib/tables.def on one of the domains..However, it was found that the change was not applied to the R70 firewalls..What could be the problem?
A. Changes to the table.def can only be applied to firewalls matching the Management Server version..The customer needs to upgrade the firewalls to the same version as the firewall.
B. R70 is end of life and is not supported..Most functions will work, but modifying the table.def will not.
C. In order to make changes on R70 machines you need work within GuiDBedit
D. To support R70, the file in the compatibility directory should have been modified.
Answer: D
Down to date 156-115.77 vce:
Q165. - (Topic 2)
You have set up a manual NAT rule, however fw monitor shows you that the device still uses the automatic Hide NAT rule. How should you correct this?
A. Move your manual NAT rule above the automatic NAT rule.
B. In Global Properties > NAT ensure that server side NAT is enabled.
C. Set the following fwx_alloc_man kernel parameter to 1.
D. In Global Properties > NAT ensure that Merge Automatic to Manual NAT is selected.
Answer: A
Q166. - (Topic 7)
How does the Check Point Security Administrator enable NAT Templates?
A. Run commands with syntax fw ctl set int cphwd_nat_templates_support 1 and fw ctl set int cphwd_nat_templates_enabled 1.
B. Edit file $FWDIR/boot/modules/fwkern.conf with the lines “cphwd_nat_templates_support=1” and “cphwd_nat_templates_enabled=1”.
C. Set Firewall object > NAT > Advanced
D. Set Global properties > NAT-Network address translation
Answer: B
Q167. - (Topic 4)
You are troubleshooting a VPN issue between your gateway and a partner site and you get a drop log on your gateway that states “Clear text packet should be encrypted”. Which of the following would be the best troubleshooting step?
A. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving the initiating (partner) gateway as clear text.
B. Use the excluded services in the VPN community to exclude this traffic from the VPN or determine why the traffic is leaving local (your) gateway as clear text.
C. Your phase one algorithms are mismatched between gateways.
D. This is management traffic and we need to enable implied rule to address this issue.
Answer: A
Topic 5, SecureXL Acceleration debugging
Q168. - (Topic 3)
With the default ClusterXL settings what will be the state of an active gateway upon using the command ClusterXL_admin up?
A. Ready
B. Down
C. Standby
D. Active
Answer: C