Exam Code: 156-115.77 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Master
Certification Provider: Check Point
Free Today! Guaranteed Training- Pass 156-115.77 Exam.
Q161. - (Topic 3)
After creating and pushing out a new policy, Joe finds that an old connection is still being allowed that should have been closed after his changes. He wants to delete the connection on the gateway, and looks it up with fw tab –t connections –u. Joe finds the connection he is looking for. What command should Joe use to remove this connection?
<0,a128c22,89,a158508,89,11;10001,2281,25,15b,a1,4ecdfeee,ac,691400ac,7b6,3e,ffffffff, 3c,3c,0,0,0,0,0,0,0,0,0,0,0,0,0,0>
A. fw tab –t connections –x –d “0,a128c22,89,0a158508,89,11"
B. fw tab –t connections –x –e "0,a128c22,00000089,0a158508,00000089,00000011"
C. fw tab –t connections –x –d “00000000,a128c22,00000089,0a158508,00000089,00000011"
D. fw tab –t connections –x –e “0,a128c22,89,0a158508,89,11"
Answer: B
Q162. - (Topic 3)
Which command clears all the connection table entries on a Security Gateway?
A. fw tab –t connetion –u
B. fw ctl tab –t connetions –u
C. fw tab –t connetion -s
D. fw tab –t connections -x
Answer: D
Q163. - (Topic 2)
Where in a fw monitor output would you see source address translation occur in cases of automatic Hide NAT?
A. Between the “I” and “o”
B. Hide NAT does not adjust the source IP
C. Between the “o” and “O”
D. Between the “i” and “I”
Answer: C
Q164. - (Topic 11)
Where can you configure OSPF on a GAiA firewall?
A. cpconfig
B. WebUI
C. SmartDashboard
D. sysconfig
Answer: B
Q165. - (Topic 7)
What does “cphwd_nat_templates_enabled=1” do when entered into fwkern.conf?
A. Disables NAT templates when SecureXL is turned on.
B. Enables NAT templates when SecureXL is turned on.
C. Enables NAT templates at all times.
D. Disables NAT templates at all times.
Answer: B
Q166. - (Topic 11)
You are configuring a VTI in a clustered environment. Which of the following must be TRUE?
A. Every interface on each member requires a unique IP address.
B. Each member must have the same source IP address.
C. You do not need to have cluster IP addresses.
D. You cannot set up a VTI in a clustered environment.
Answer: A
Q167. - (Topic 2)
Since switching your network to ISP redundancy you find that your outgoing static NAT connections are failing. You use the command _________ to debug the issue.
A. fwaccel stats misp
B. fw ctl pstat
C. fw ctl debug -m fw + nat drop
D. fw tab -t fwx_alloc -x
Answer: C
Q168. - (Topic 8)
What command displays the Connections Table for a specified CoreXL firewall instance?
A. fw tab –t connections –s
B. fw -i.FW_INSTANCE_ID.tab -t connections [flags] C. fw tab –t connection | grep fw<FW_INSTANCE_ID>
D. fw tab –t connections
Answer: B