156-115.80 Dumps

156-115.80 Braindumps

156-115.80 Real Questions

156-115.80 Practice Test

156-115.80 Actual Questions


killexams.com


Checkpoint


156-115.80


Check Point Certified Security Master - R80 (CCSM)


https://killexams.com/pass4sure/exam-detail/156-115.80


QUESTION 91

When troubleshooting acceleration issues on a Security Gateway, you notice that the fw_worker_x process is consuming about 100% processing power. What can be done to stop this from happening?


  1. Assign more CPU cores to the system

  2. Use fwaccel stop/start release process

  3. Edit the registry file to increase virtual memory

  4. Remove the memory file in /proc/ and recreate it


Answer: A


QUESTION 92

Which of the following is NOT a feature of ClusterXL?


  1. Transparent upgrades

  2. Zero downtime for mission-critical environments with State Synchronization

  3. Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway)

  4. Transparent failover in case of device failures


Answer: C


https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm


QUESTION 93

Static NAT has been configured and NAT rules were created automatically. The global properties option “Translate destination on client side” is not checked. Clients are complaining that they are not able to connect to one of your web servers using its public address. How would you solve the problem without changing the global properties and reinstalling the security policy?


  1. On the security gateway, add a static route for the web server’s public ip address

  2. Rebooting the security gateway will resolve the problem

  3. You will have the global properties and reinstall the security policy

  4. Configure manual NAT


Answer: D


QUESTION 94

Consider an IKE debug file that has been generated when debugging an issue with site to site VPN. What is the purpose of a NONCE?


  1. Randomly generated part of key generation

  2. Vendor ID and Remote Gateway ID

  3. Protocol 50 and 51 representations

  4. Fixed hex value of Phase 2 keys with PFS


Answer: A


QUESTION 95

Fill in the blank: The command provides the most complete restoration of a R80 configuration.


  1. upgrade_import

  2. cpconfig

  3. fwm dbimport –p <export file>

  4. cpinfo -recover


Answer: A


QUESTION 96

In order to review the IPS statistics to determine if adjustments can be made to improve performance, which command would you use to get the appropriate information?


  1. fw monitor –e “accept IPS_stats;” >> ips_statistics.xml

  2. fw ctl debug –m ips debug_compilation

  3. fw ctl set int enable_ips_debug_output 1

  4. $FWDIR/scripts/get_ips_statistics.sh 10.1.1.1 60


Answer: D


QUESTION 97

The CPM process uses what ports?


A. 19009 and 18120

B. 18265 and 257

C. 19009 and 9009

D. 18265 and 9009


Answer: C


https://sc1.checkpoint.com/documents/R80/CP_R80_MultiDomainSecurity/html_frameset.htm?topic=documents/R80/ CP_R80_MultiDomainSecurity/15420


QUESTION 98

You need to investigate issues with policy installation on the Security Gateway side. Which process will you debug and how?


  1. cpd; cpd_admin debug on TDERROR_ALL_ALL=5

  2. cpd; fw ctl debug on –m cpd

  3. fwm; fw debug fwm on TDERROR_ALL_ALL=5

  4. fwd; fw debug fwd on TDERROR_ALL_ALL=5


Answer: A


https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/11844/FILE/How-To-Troubleshoot-Policy-Installation-Issues.pdf


QUESTION 99

What is the proper syntax to enter the “central database” that contains all objects within the Postgres database?


  1. psql_client cpm postgres

  2. psql_client checkpoint postgres

  3. psql_client central_database postgres

  4. In clish: show postgres main


Answer: A


QUESTION 100

In a high traffic network, which feature allows for more than one traffic path on an interface so that more than one CPU can be used for acceleration?


  1. interface bonding

  2. vlan

  3. asic

  4. multi queue


Answer: D