It is impossible to pass Check Point 156-115.77 exam without any help in the short term. Come to Pass4sure soon and find the most advanced, correct and guaranteed Check Point 156-115.77 practice questions. You will get a surprising result by our Rebirth Check Point Certified Security Master practice guides.
Q57. - (Topic 4)
In the process of troubleshooting traffic issues across a VPN tunnel, you notice on the output of fw monitor -e host(172.21.1.10), accept; that packets are going through the inbound chain (i > I) and then disappearing after the outbound chain (o > __), while you were expecting to see the packet leave on O. What could be causing this issue?
A. When packets are destined to leave through a VPN tunnel, it is encrypted and encapsulated in an ESP packet, and thus will not show up on a fw monitor.
B. It’s not showing up on the fw monitor because it is exiting the wrong interface
C. The packet is getting silently dropped because there is no route for the packet.
D. The gateway never completed the IKE and IPSec key exchange, and the tunnel does not exist yet.
Answer: A
Q58. - (Topic 5)
Which of the following statements are TRUE about SecureXL?
I. SecureXL is able to accelerate all connections through the firewall.
II. Medium path acceleration will still cause some CPU utilization of CoreXL cores.
III. F2F connections represent “forwarded to firewall” connections that are not accelerated and fully processed through the firewall kernel.
IV.
Packets going through SecureXL must be inspected by the firewall kernel before being accelerated.
A.
II and III
B.
I, II, and III
C.
III and IV
D.
I and IV
Answer: A
Q59. - (Topic 6)
Which of the following is a valid synchronization status as an output to fw ctl pstat?
A. Unable to receive sync packets
B. Sync member down
C. Synchronized
D. Communicating
Answer: A
Q60. - (Topic 4)
While troubleshooting a VPN issue between your gateway and a partner site you see an entry in Smartview Tracker that states “Info: encryption failure: Different community ID: possible NAT problem”. Which of the following is the most likely cause?
A. You have an encryption method mismatch.
B. Implied rules in global properties such as ICMP and DNS are set to first instead of before last.
C. You have not created a specific rule allowing VPN traffic.
D. You have the wrong encryption domains configured.
Answer: B
Q61. - (Topic 9)
Where do you run the command get_ips_statistics.sh from?
A. $FWDIR/conf on the Management Server
B. $FWDIR/scripts on the Management Server
C. $FWDIR/conf on the gateway
D. $FWDIR/scripts on the gateway
Answer: B
Q62. - (Topic 2)
Where in a fw monitor output would you see destination address translation occur in cases of inbound automatic static NAT?
A. Static NAT does not adjust the destination IP
B. Between the “i” and “I”
C. Between the “I” and “o”
D. Between the “o” and “O”
Answer: B
Q63. - (Topic 6)
You have a user-defined SMTP trap configured to send an alert to your mail server, and you also have SmartView Monitor configured to trigger the alert whenever policy is pushed to your gateway. However, you are not getting any mails even when you test for pushing policy. What process should you troubleshoot on the Management Server?
A. fwd
B. fwm
C. cpwd_admin
D. cpstat_monitor
Answer: D
Q64. - (Topic 6)
Running the command fw ctl pstat –l would return what information?
A. Additional hmem details B. General Security Gateway statistics
C. Additional kmem details
D. Additional smem details
Answer: B