Exam Code: 156-115.77 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Master
Certification Provider: Check Point
Free Today! Guaranteed Training- Pass 156-115.77 Exam.
Q49. - (Topic 9)
You are adding a new gateway into your network. You must make sure that it is running the latest Corporate approved IPS profile. How can you get this information to your new gateway?
A. From the command line, run: ips_import <new-profile-name> -f <file-name> [-p <ip>].
B. IPS profiles must be manually configured on each gateway.
C. From the command line, run: ips_export_import import <new-profile-name> -f <file-name> [-p <ip>].
D. From the Smart Dashboard IPS tab select import IPS profiles and select the gateway to get the profile from.
Answer: C
Q50. - (Topic 3)
When viewing connections using the command fw tab -t connections, all entries are displayed with a 6-tuple key, the elements of the 6-tuple include the following EXCEPT:
A. destination port number
B. source port number
C. direction (inbound / outbound)
D. interface id
Answer: D
Q51. - (Topic 11)
When troubleshooting a VPN site-to-site to a peer, it may be necessary to "down" the tunnel. What is the best method to remove ONLY the tunnel to this peer?
A. Change the vpn tunnel sharing parameters to force the tunnel down.
B. Reboot your gateway.
C. Remove the peer from the community and install policy.
D. Delete the IKE and IPsec Security Associations using the command vpn tu.
Answer: D
Q52. - (Topic 3)
You run the commands:
fw ctl debug 0
fw ctl debug -buf 32000
Which of the following commands would be best to troubleshoot a clustering issue?
A. fw ctl zdebug -m cluster + all
B. fw ctl debug -m CLUSTER + conf stat
C. fw ctl debug -m cluster + pnote stat if
D. fw ctl kdebug -m CLUSTER all
Answer: C
Q53. - (Topic 9)
When performing a Clean IPS procedure to resolve a corrupt IPS files issue, what file is modified in order for the SDUU process to automatically update the IPS files after completing the procedure?
A. asm.C
B. inspect.C
C. objects_5_0.C
D. profiles.C
Answer: A
Q54. - (Topic 6)
Your gateway object is currently defined with a max connection count of 25k connections in Smart Dashboard. Which of the following commands would show you the current and peak connection counts?
A. show connections all
B. fw ctl conn
C. fw ctl chain
D. fw ctl pstat
Answer: D
Topic 7, Software Tuning
Q55. - (Topic 5)
In order to perform some connection troubleshooting, you run the command fw monitor –e accept dport = 443. You do NOT see the TCP ACK packet. Why is this?
A. The connection is encrypted.
B. The connection is NATted.
C. The connection is dropped.
D. The connection is accelerated.
Answer: D
Q56. - (Topic 1)
When finished running a debug on the Management Server using the command fw debug fwm on how do you turn this debug off?
A. fwm debug off
B. fw ctl debug off
C. fw debug off
D. fw debug fwm off
Answer: D