156-115.77 Royal Pack Testengine pdf
100% Actual & Verified — 100% PASS
Unlimited access to the world's largest Dumps library!Download 156-115.77 Dumps Free
Exam Number/Code: 156-115.77
Exam name: Check Point Certified Security Master
n questions with full explanations
Certification: Check Point Certification
we provide Vivid Check Point 156-115.77 rapidshare which are the best for clearing 156-115.77 test, and to get certified by Check Point Check Point Certified Security Master. The 156-115.77 Questions & Answers covers all the knowledge points of the real 156-115.77 exam. Crack your Check Point 156-115.77 Exam with latest dumps, guaranteed!
Q11. - (Topic 2)
Since switching your network to ISP redundancy you find that your outgoing static NAT connections are failing. You use the command _________ to debug the issue.
A. fwaccel stats misp
B. fw ctl pstat
C. fw ctl debug -m fw + nat drop
D. fw tab -t fwx_alloc -x
Q12. - (Topic 2)
Which flag in the fw monitor command is used to print the position of the kernel chain?
40. - (Topic 2)
While troubleshooting a DHCP relay issue, you run a fw ctl zdebug drop and see the following output:
;[cpu_1];[fw_0];fw_log_drop: Packet proto=17 10.216.14.108:67 > 172.31.2.1:67 dropped by fw_handle_first_packet Reason: fwconn_init_links (INBOUND) failed;
Where 10.216.14.108 is the IP address of the DHCP server and 172.31.2.1 is the VIP of the Cluster. What is the most likely cause of this drop?
A. An inbound collision due to a connections table check on pre-existing connections.
B. An outbound collision due to a Rule Base check, and dropped by incorrectly configuring DHCP in the firewall policy.
C. A link collision due to more than one NAT symbolic link being created for outgoing connections to the DHCP server.
D. A link collision due to more than one NAT symbolic link being created for connections returning from the DHCP server back to the VIP of the Cluster.
Q13. - (Topic 1)
What flag option(s) must be used to dump the complete table in friendly format, assuming there are more than one hundred connections in the table?
A. fw tab -t connections -f
B. fw tab -t connect -f -u
C. fw tab -t connections -s
D. fw tab -t connections -f –u
Q14. - (Topic 2)
By default, the size of the fwx_alloc table is:
Q15. - (Topic 1)
What causes the SIP Early NAT chain module to appear in the chain?
A. The SIP traffic is trying to pass through the firewall.
B. SIP is configured in IPS.
C. A VOIP domain is configured.
D. The default SIP service is used in the Rule Base.
Q16. - (Topic 10)
You enabled IPv6 in your environment and would like to erase all IPv6 connection tables. How can you do it?
A. fw tab –t connections –x
B. fw tab –t connections6 –x
C. clear connections table ipv6
D. fw6 tab –t connections –x
Q17. - (Topic 5)
A new packet has arrived to a firewall's interface. The packet was compared with the connection table and there is no match. What process does the firewall start with that connection?
A. The packet will be then forwarded to the outbound interface for handling.
B. The new packet represents a new flow and requires a new connection table entry.
C. The packet will be rejected by the kernel firewall.
D. The packet will be forwarded to the firewall to apply the Security Policy.
Q18. - (Topic 5)
SecureXL uses templating to accelerate traffic passing through the gateway. What command should you run to determine if Accept, Drop and NAT templating is enabled?
A. fwaccel stat
B. fw ctl pstat
C. cphaprob -a if
Q19. - (Topic 2)
In your SecurePlatform configuration you need to set up a manual static NAT entry. After creating the proper NAT rule what step needs to be completed?
A. Edit or create the file local.arp.
B. No further actions are required.
C. Edit or create the file discntd.if.
D. Edit the file netconf.conf.
Q20. - (Topic 6)
Your company has grown significantly over the past few months. You are seeing that new connections are being dropped but note that the connections table is not full. You suspect that the kernel memory allocated to the firewall has reached its full capacity. To check the “Machine Capacity Summary” statistics, you use command:
A. ps -aux
C. cat /proc/net/capacity
D. fw ctl pstat
C6O4 - Hardware Optimization
[TRY FREE] BUY 156-115.77 Full version( pdf+software ):