156-115.77 Exam Questions

ACME Corp has a cluster consisting of two 13500 appliances. As the Firewall Administrator, you notice that on an output of top, you are seeing high CPU usage of the cores assigned...

The CoreXL software architecture includes the Secure Network Dispatcher (SND). One of the responsibilities of SND is to:

What is the method to change the number of cores that CoreXL will use?

What command verifies which core each gateway interface and firewall instance is currently running on?

A Security Administrator wants to increase the amount of processing cores on a Check Point Security Gateway. He starts by increasing the number of cores, however the number of kern...

What command displays the Connections Table for a specified CoreXL firewall instance?

Why would you not see a CoreXL configuration option in cpconfig?

Where would you go to adjust the number of Kernels in CoreXL?

CoreXL on IPSO R77.20 does NOT support which of the following features?

When troubleshooting a performance problem on multicore firewall that is using CoreXL, what command checks the number of connections each core is processing?

A firewall has 8 CPU cores and the correct license. CoreXL is enabled. How could you set kernel instance #3 to run on processing core #5?

What command would you use to check if CoreXL is enabled?

Which command will allow you to change firewall affinity and survive a reboot with no further modification?

What does the output of the commands fw ctl multik stat and fw6ctl multik stat show?

You are at a customer site, and when you run cphaprob stat you are not seeing a normal ClusterXL Health. What command could you run verify the number of cores are not matched on bo...

What is required when changing the configuration of the number of workers in CoreXL?

In IPS which of the two initial profiles is the more resource intensive?

In IPS what does a high confidence rating mean?

Which of the following CANNOT be used as a source/destination for an IPS network exception?

When using Geo Protections, you find there are logs for a country that you believe is incorrect. What file do you review to verify what country Geo Protections should identify the...

When performing a Clean IPS procedure to resolve a corrupt IPS files issue, what file is modified in order for the SDUU process to automatically update the IPS files after completi...

How would one enable `INSPECT debugging' if one suspects IPS false positives?

You have configured IPS on your network; you find you are being overwhelmed with what you believe are false positives. You investigated this traffic and confirmed they are false po...

You have spent time configuring the IPS profile on your primary gateway firewall. You want to ensure that this profile can be applied to all gateway firewalls in your environment....

You are adding a new gateway into your network. You must make sure that it is running the latest Corporate approved IPS profile. How can you get this information to your new gatewa...

SNORT is a popular open source IDS, you would like to import SNORT rules from plain text into Check Point Smart Center. How can you accomplish this?

You would like to import SNORT rules but to comply with corporate policy you need to test the conversion prior to import. How can you do this?

You are a system administrator and would like to configure Geo Protection on your gateway to comply with a new corporate policy. What must you have to do this?

You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you...

What would be considered Best Practice to determine which IPS protections you can safely disable for your environment?

You are troubleshooting an issue for your HR team. One of the users is using IP 10.10.10.24. They having been trying to access the vacation servers but all connections are failing....

In R77, Under what circumstances would IPS bypass be enforced?

Your Customer would like to enable IPS in his Corporate Cluster, but he is concerned about high CPU usage because if the IPS inspection. What feature would you configure to disable...

Where do you run the command get_ips_statistics.sh from?

"Tuning" IPS protections to suit the specific needs of an environment can be accomplished by all of the following EXCEPT:

OF the following, which is NOT a kernel parameter relating to the IPS "Bypass Under Load" settings:

"If the machine is under stress, we do not want to leave the stress condition due to a single measurement (which could be an anomaly), but rather wait for a given length of time, b...

Jerry is a network administrator for ACME Co. Their network contains 5 gateways all managed by a single Management Server. They are currently receiving an exorbitant amount of fals...

You have created a number of profiles and activated the relevant protections. Afterwards, you decide that the `Enterprise gateway' should allow instant messaging. The current profi...

What steps can be taken if IPS is causing a High Performance Impact?

When the IPS `Bypass under Load' mechanism detects that the certain CPU and memory usage thresholds have been reached, which of the following occurs?

Which of the following IPS Layers is responsible for ensuring that only valid retransmission packets are allowed to proceed to destinations?

One of IPS Layers' main functions are to ensure compliance to well-defined protocol standards, detect anomalies if any exist, and assemble the data for further inspection by other...

Which of the following IPS Layers is the "brain" of the IPS? That is, what coordinates between different components, decides which protections should run on a certain packet, decid...

Which of the following IPS Layers is a set of signatures and/or handlers, where: - Signature is a malicious pattern that is searched for. - Handler is the INSPECT code that perform...

You have strict IPS corporate guidelines. This is having a performance impact on the firewall. What steps could you take to minimize this impact without compromising the corporate...

Which of the following is true when IPv6 is enabled on a Security Gateway?

Which of the following is true about Node / Host objects?

Which of these commands can be used to display the IPv6 routes?

Which of these commands can be used to display the IPv6 status?