★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 156-315.77 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/156-315.77-dumps.html
Testking is a recognized Check Point 156-315.77 exam questions and answers supplier. Youll get a higher score which assure your success and get certified. We all promise 100% money back if you do not get by means of at initial time. The actual Check Point Check Point exam practice tests are revised as well as upgraded by our experienced authorities in accordance with all the real Check Point Check Point 156-315.77. Hurry approximately get the Check Point 156-315.77 training materials as well as make full preparation for the Check Point certification.
2021 Dec 156-315.77 real exam
Q91. - (Topic 2)
Which of the following commands can be used to troubleshoot ClusterXL sync issues?
A. fw debug cxl connections > file_name
B. fw tab -s -t connections > file_name
C. fw tab -u connections > file_name
D. fw ctl -s -t connections > file_name
Answer: B
Q92. - (Topic 1)
When, during policy installation, does the atomic load task run?
A. It is the first task during policy installation.
B. It is the last task during policy installation.
C. Before CPD runs on the Gateway.
D. Immediately after fwm load runs on theSmart Center.
Answer: B
Q93. - (Topic 4)
Wayne configures an HTTP Security Server to work with the content vectoring protocol to screen forbidden sites. He has created a URI resource object using CVP with the following settings:
Use CVP
Allow CVP server to modify content
Return data after content is approved
He adds two rules to his Rule Base: one to inspect HTTP traffic going to known forbidden sites, the other to allow all other HTTP traffic.
Wayne sees HTTP traffic going to those problematic sites is not prohibited.
What could cause this behavior?
A. The Security Server Rule is after the general HTTP Accept Rule.
B. The Security Server is not communicating with the CVP server.
C. The Security Server is not configured correctly.
D. The Security Server is communicating with the CVP server, but no restriction is defined in the CVP server.
Answer: A
Q94. - (Topic 1)
You are running aR76Security Gateway onSecure Platform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What backup method could be used to quickly put the secondary firewall into production?
A. upgrade export
B. manual backup
C. snapshot
D. backup
Answer: C
Q95. - (Topic 4)
You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from for the new Gateway, and you must conform to the following requirements:
Operating-system vendor's license agreement
Check Point's license agreement
Minimum operating-system hardware specification
Minimum Gateway hardware specification
Gateway installed on a supported operating system (OS)
Which machine meets ALL of the following requirements?
A. Processor: 1.1 GHz RAM: 512MB Hard disk: 10 GB OS: Windows 2000 Workstation
B. Processor: 2.0 GHz RAM: 512MB Hard disk: 10 GB OS: Windows ME
C. Processor: 1.5 GHz RAM: 256 MB Hard disk: 20 GB OS: Red Hat Linux 8.0
D. Processor: 1.67 GHz RAM: 128 MB Hard disk: 5 GB OS: FreeBSD
E. Processor: 2.2 GHz RAM: 256 MB Hard disk: 20 GB OS: Windows 2000 Server
Answer: E
Renewal 156-315.77 free question:
Q96. - (Topic 6)
You are responsible for the IPS configuration of your Check Point firewall. Inside the Denial of service section you need to set the protection parameters against the Teardrop attack tool with high severity. How would you characterize this attack tool? Give the BEST answer.
A. Hackers can send high volumes of non-TCP traffic in an effort to fill up a firewall State Table. This results in a Denial of Service by preventing the firewall from accepting new connections. Teardrop is a widely available attack tool that exploits this vulnerability.
B. A remote attacker may attack a system by sending a specially crafted RPC request to execute arbitrary code on a vulnerable system. Teardrop is a widely available attack tool that exploits this vulnerability.
C. Some implementations of TCP/IP are vulnerable to packets that are crafted in a particular way (a SYN packet in which the source address and port are the same as the destination, i.e., spoofed). Teardrop is a widely available attack tool that exploits this vulnerability
D. Some implementations of the TCP/IP IP fragmentation re-assembly code do not properly handle overlapping IP fragments. Sending two IP fragments, the latter entirely contained inside the former, causes the server to allocate too much memory and crash. Teardrop is a widely available attack tool that exploits this vulnerability.
Answer: D
Q97. - (Topic 3)
_____________ generates aSmart EventReport from its SQL database.
A. Smart EventClient
B. Security Management Server
C. Smart Reporter
D. Smart DashboardLog Consolidator
Answer: C
Q98. - (Topic 5)
If you check the box "Use Aggressive Mode", in the IKE Properties dialog box:
A. The standardthreepacket IKE Phase 1 exchange is replaced by a six-packet exchange.
B. The standard six-packet IKE Phase 2 exchange is replaced by athreepacket exchange.
C. The standardthreepacket IKE Phase 2 exchange is replaced by a six-packet exchange.
D. The standard six-packet IKE Phase 1 exchange is replaced by athreepacket exchange.
E. The standard six-packet IKE Phase 1 exchange is replaced by atwelvepacket exchange.
Answer: D
Q99. - (Topic 8)
You have pushed a policy to your firewall and you are not able to access the firewall. What command will allow you to remove the current policy from the machine?
A. fw purge active
B. fw purge policy
C. fw fetch policy
D. fw unloadlocal
Answer: B
Q100. - (Topic 7)
Which is the lowest Gateway version manageable by SmartCenter R77?
A. R65
B. S71
C. R55
D. R60A
Answer: A