Accurate of 156-115.77 exam guide materials and software for Check Point certification for IT engineers, Real Success Guaranteed with Updated 156-115.77 pdf dumps vce Materials. 100% PASS Check Point Certified Security Master exam Today!

2021 Nov 156-115.77 latest exam

Q111. - (Topic 6) 

A Rule Base has been improperly configured with a rule which disables templating at the top of the Rule Base. How will this impact traffic acceleration? 

A. SecureXL is disabled. 

B. Templates are disabled, and throughput acceleration only functions for rules above this one. 

C. Templates are disabled for this rule but it does not impact the rest of the Rule Base. 

D. Templates are disabled but throughput acceleration is still taking place. 

Answer:


Q112. - (Topic 4) 

You are experiencing an issue where Endpoint Connect client connects successfully however, it disconnects every 20 seconds. What is the most likely cause of this issue? 

A. The Accept Remote Access control connections is not enabled in Global Properties > FireWall Implied Rules. 

B. You have selected IKEv2 only in Global Properties > Remote Access > VPN – Authentication and Encryption. 

C. You are not licensed for Endpoint Connect client. 

D. Your remote access community is not configured. 

Answer:


Q113. - (Topic 3) 

Which of the following commands shows the high watermark threshold for triggering the cluster under load mechanism in R77? 

A. fw ctl get int fwha_cul_mechanism_enable 

B. fw ctl get int fwha_cul_cluster_short_timeout 

C. fw ctl get int fwha_cul_member_cpu_load_limit 

D. fw ctl get int fwha_cul_policy_freeze_event_timeout_millisec 

Answer:


Q114. - (Topic 11) 

In Check Point, Domain-based VPN's take precedence over route-based VPN. If implementing a route-based VPN, what is one configuration step you must make on the gateway object taking part in the route-based VPN? 

A. You should remove the gateway from all communities. 

B. Check Point does not support route-based VPN's. 

C. You need to create a new simple group with no objects in it and apply this as the VPN domain under that gateway's topology tab. 

D. You should check the "Use route-based VPN" checkbox in the community properties. 

Answer:


Q115. - (Topic 6) 

Which of the following is a valid synchronization status as an output to fw ctl pstat? 

A. Unable to receive sync packets 

B. Sync member down 

C. Synchronized 

D. Communicating 

Answer:


Rebirth 156-115.77 practice question:

Q116. - (Topic 1) 

A fwm debug provides the following output. What prevents the customer from logging into SmartDashboard? 

A. There are not any policy to login in SmartDashboard 

B. FWM process is crashed and returned null to access 

C. User and password are incorrect 

D. IP not defined in $FWDIR/conf/gui-clients 

Answer:

25. - (Topic 1) 

Compare these two images to establish which blade/feature was disabled on the firewall. 

A. IPS 

B. VPN 

C. NAT 

D. L2TP 

Answer:


Q117. - (Topic 1) 

What command would you use to view which debugs are set in your current working environment? 

A. “env” and “fw ctl debug” 

B. “cat /proc/etc” 

C. “fw ctl debug all” 

D. “export” 

Answer:


Q118. - (Topic 3) 

Which command can be used to see all active modules on the Security Gateway: 

A. fw ctl zdebug drop 

B. fw ctl debug -h 

C. fw ctl chain 

D. fw ctl debug -m 

Answer:


Q119. - (Topic 2) 

While troubleshooting a connectivity issue with an internal web server, you know that packets are getting to the upstream router, but when you run a tcpdump on the external interface of the gateway, the only traffic you observe is ARP requests coming from the upstream router. Does the problem lie on the Check Point Gateway? 

A. Yes – This could be due to a misconfigured route on the firewall. 

B. No – This is a layer 2 connectivity issue and has nothing to do with the firewall. 

C. No – The firewall is not dropping the traffic, therefore the problem does not lie with the firewall. 

D. Yes – This could be due to a misconfigured Static NAT in the firewall policy. 

Answer:


Q120. - (Topic 11) 

How do you add the route entry for the “Enforcement Point Gateway” on the Management Server? 

A. Designate this gateway in the VPN community properties. 

B. Update file $FWDIR/conf/user.def on each peer with a route entry to the enforcement point gateway. 

C. Edit file $FWDIR/conf/vpn_route.conf with a new route entry. 

D. Edit peers’ WebUI to add a static route to the “designated enforcement point”. 

Answer: