Академический Документы
Профессиональный Документы
Культура Документы
We guarantee you can pass any IT certification exam at your first attempt with just 10-12
hours study of our guides.
Our study guides contain actual exam questions; accurate answers with detailed explanation
verified by experts and all graphics and drag-n-drop exhibits shown just as on the real test.
To test the quality of our guides, you can download the one-fourth portion of any guide from
http://www.certificationking.com absolutely free. You can also download the guides for retired
exams that you might have taken in the past.
For other payment options and any further query, feel free to mail us at
info@certificationking.com
Checkpoint 156-115.77 Exam
Topic 1, Chain Modules
QUESTION NO: 1
What command would you use for a packet capture on an absolute position for TCP streaming
(out) 1ffffe0
Answer: B
Explanation:
QUESTION NO: 2
A. It captures all points of the chain as the packet goes through the firewall kernel.
B. This is not a valid command.
C. The -p is used to resolve MAC address in the firewall capture.
D. It does a firewall monitor capture on all interfaces.
Answer: A
Explanation:
QUESTION NO: 3
What does the IP Options Strip represent under the fw chain output?
Answer: B
Explanation:
QUESTION NO: 4
The command that lists the firewall kernel modules on a Security Gateway is:
www.CertificationKing.com 2
Checkpoint 156-115.77 Exam
A. fw list kernel modules
B. fw ctl kernel chain
C. fw ctl debug -m
D. fw list modules
Answer: C
Explanation:
QUESTION NO: 5
Which of the following BEST describes the command fw ctl chain function?
A. View how CoreXL is distributing traffic among the firewall kernel instances.
B. View established connections in the connections table.
C. View the inbound and outbound kernel modules and the order in which they are applied.
D. Determine if VPN Security Associations are being established.
Answer: C
Explanation:
QUESTION NO: 6
The command _____________ shows which firewall chain modules are active on a gateway.
A. fw stat
B. fw ctl debug
C. fw ctl chain
D. fw ctl multik stat
Answer: C
Explanation:
QUESTION NO: 7
Answer: B
Explanation:
www.CertificationKing.com 3
Checkpoint 156-115.77 Exam
QUESTION NO: 8
Compare these two images to establish which blade/feature was disabled on the firewall.
A. IPS
B. VPN
C. NAT
D. L2TP
Answer: B
Explanation:
QUESTION NO: 9
What command would give you a summary of all the tables available to the firewall kernel?
A. fw tab
B. fw tab -s
C. fw tab -h
D. fw tab -o
Answer: B
Explanation:
www.CertificationKing.com 4
Checkpoint 156-115.77 Exam
QUESTION NO: 10
What flag option(s) must be used to dump the complete table in friendly format, assuming there
are more than one hundred connections in the table?
A. fw tab -t connections -f
B. fw tab -t connect -f -u
C. fw tab -t connections -s
D. fw tab -t connections -f –u
Answer: B
Explanation:
QUESTION NO: 11
Which directory below contains the URL Filtering engine update info? Here you can also go to
see the status of the URL Filtering and Application Control updates.
A. $FWDIR/urlf/update
B. $FWDIR/appi/update
C. $FWDIR/appi/urlf
D. $FWDIR/update/appi
Answer: B
Explanation:
QUESTION NO: 12
For URL Filtering in the Cloud in R75 and above, what table is used to contain the URL Filtering
cache values?
A. urlf_blade_on_gw
B. urlf_cache_tbl
C. urlf_cache_table
D. url_scheme_tab
Answer: C
Explanation:
QUESTION NO: 13
You are troubleshooting a Security Gateway, attempting to determine which chain is causing a
problem. What command would you use to show all the chains through which traffic passed?
www.CertificationKing.com 5
Checkpoint 156-115.77 Exam
A. [Expert@HostName]# fw ctl chain
B. [Expert@HostName]# fw monitor -e "accept;" -p all
C. [Expert@HostName]# fw ctl debug –m
D. [Expert@HostName]# fw ctl zdebug all
Answer: B
Explanation:
QUESTION NO: 14
True or False: Software blades perform their inspection primarily through the kernel chain
modules.
Answer: B
Explanation:
QUESTION NO: 15
When using the command fw monitor, what command ensures the capture is accurate?
A. export TDERROR_ALL_ALL=5
B. fwaccel off
C. fwaccel on
D. fw accel off
Answer: B
Explanation:
C1O2 - Chain Modules
QUESTION NO: 16
You are running a debugging session and you have set the debug environment to
TDERROR_ALL_ALL=5 using the command export TDERROR_ALL_ALL=5. How do you return
the debug value to defaults?
www.CertificationKing.com 6
Checkpoint 156-115.77 Exam
D. unset TDERROR_ALL_ALL
Answer: D
Explanation:
QUESTION NO: 17
What command would you use to view which debugs are set in your current working environment?
Answer: A
Explanation:
QUESTION NO: 18
What causes the SIP Early NAT chain module to appear in the chain?
Answer: D
Explanation:
QUESTION NO: 19
When you perform an install database, the status window is filled with large amounts of text. What
could be the cause?
Answer: D
Explanation:
www.CertificationKing.com 7
Checkpoint 156-115.77 Exam
QUESTION NO: 20
When finished running a debug on the Management Server using the command fw debug fwm on
how do you turn this debug off?
Answer: D
Explanation:
QUESTION NO: 21
Which commands will properly set the debug level to maximum and then run a policy install in
debug mode for the policy Standard on gateway A-GW from an R77 GAiA Management Server?
A. setenv TDERROR_ALL_ALL=5
fwm –d load A-GW Standard
B. setenv TDERROR_ALL_ALL=5
fwm –d load Standard A-GW
C. export TDERROR_ALL_ALL=5
fwm –d load Standard A-GW
D. export TDERROR_ALL_ALL=5
fwm –d load A-GW Standard
Answer: C
Explanation:
QUESTION NO: 22
Which of the following items is NOT part of the columns of the chain modules?
A. Inbound/Outbound chain
B. Function Pointer
C. Chain position
D. Module location
Answer: A
Explanation:
QUESTION NO: 23
John is a Security Administrator of a Check Point platform. He has a mis-configuration issue that
www.CertificationKing.com 8
Checkpoint 156-115.77 Exam
points to the Rule Base. To obtain information about the issue, John runs the command:
Answer: C
Explanation:
QUESTION NO: 24
The user tried to connect in SmartDashboard and did not work. You started a FWM debug and
receive the logs below:
Answer: D
Explanation:
QUESTION NO: 25
When troubleshooting and trying to understand which chain is causing a problem on the Security
Gateway, you should use the command:
www.CertificationKing.com 9
Checkpoint 156-115.77 Exam
C. fw monitor -e "accept;" -p all
D. fw ctl chain
Answer: C
Explanation:
QUESTION NO: 26
A. fwm
B. cpd
C. fwd
D. DAService
Answer: A
Explanation:
QUESTION NO: 27
A fwm debug provides the following output. What prevents the customer from logging into
SmartDashboard?
Answer: D
Explanation:
www.CertificationKing.com 10
Checkpoint 156-115.77 Exam
QUESTION NO: 28
When performing a fwm debug, to which directory are the logs written?
A. $FWDIR/log
B. $FWDIR/log/fwm.elg
C. $FWDIR/conf/fwm.elg
D. $CPDIR/log/fwm.elg
Answer: B
Explanation:
Topic 2, NAT
QUESTION NO: 29
You are attempting to establish an FTP session between your computer and a remote server, but
it is not being completed successfully. You think the issue may be due to IPS. Viewing SmartView
Tracker shows no drops. How would you confirm if the traffic is actually being dropped by the
gateway?
Answer: D
Explanation:
QUESTION NO: 30
A. loglist
B. tablist
C. fwx_alloc
D. conns
Answer: C
Explanation:
www.CertificationKing.com 11
Checkpoint 156-115.77 Exam
QUESTION NO: 31
While troubleshooting a DHCP relay issue, you run a fw ctl zdebug drop and see the following
output:
Where 10.216.14.108 is the IP address of the DHCP server and 172.31.2.1 is the VIP of the
Cluster. What is the most likely cause of this drop?
Answer: D
Explanation:
QUESTION NO: 32
You are trying to troubleshoot a NAT issue on your network, and you use a kernel debug to verify
a connection is correctly translated to its NAT address. What flags should you use for the kernel
debug?
Answer: A
Explanation:
QUESTION NO: 33
Since switching your network to ISP redundancy you find that your outgoing static NAT
connections are failing. You use the command _________ to debug the issue.
www.CertificationKing.com 12
Checkpoint 156-115.77 Exam
D. fw tab -t fwx_alloc -x
Answer: C
Explanation:
QUESTION NO: 34
Remote VPN clients can initiate connections with internal hosts, but internal hosts are unable to
initiate connections with the remote VPN clients, even though the policy is configured to allow it.
You think that this is caused by NAT. What command can you run to see if NAT is occurring on a
packet?
A. fw tab -t fwx_alloc -x
B. fw ctl pstat
C. fwaccel stats misp
D. fw ctl debug -m fw + conn drop packet xlate xltrc nat
Answer: D
Explanation:
QUESTION NO: 35
Where in a fw monitor output would you see source address translation occur in cases of
automatic Hide NAT?
Answer: C
Explanation:
QUESTION NO: 36
Where in a fw monitor output would you see destination address translation occur in cases of
inbound automatic static NAT?
Answer: B
www.CertificationKing.com 13
Checkpoint 156-115.77 Exam
Explanation:
QUESTION NO: 37
Which flag in the fw monitor command is used to print the position of the kernel chain?
A. -all
B. -k
C. -c
D. -p
Answer: D
Explanation:
QUESTION NO: 38
Server A is subject to automatically static NAT and also resides on a network which is subject to
automatic Hide NAT. With regards to address translation what will happen when Server A initiates
outbound communication?
Answer: C
Explanation:
QUESTION NO: 39
In your SecurePlatform configuration you need to set up a manual static NAT entry. After creating
the proper NAT rule what step needs to be completed?
Answer: A
Explanation:
QUESTION NO: 40
www.CertificationKing.com 14
Checkpoint 156-115.77 Exam
How do you set up Port Address Translation?
A. Since Hide NAT changes to random high ports it is by definition PAT (Port Address
Translation).
B. Create a manual NAT rule and specify the source and destination ports.
C. Edit the service in SmartDashboard, click on the NAT tab and specify the translated port.
D. Port Address Translation is not support in Check Point environment
Answer: B
Explanation:
QUESTION NO: 41
You have set up a manual NAT rule, however fw monitor shows you that the device still uses the
automatic Hide NAT rule. How should you correct this?
A. Move your manual NAT rule above the automatic NAT rule.
B. In Global Properties > NAT ensure that server side NAT is enabled.
C. Set the following fwx_alloc_man kernel parameter to 1.
D. In Global Properties > NAT ensure that Merge Automatic to Manual NAT is selected.
Answer: A
Explanation:
QUESTION NO: 42
Since R76 GAiA, what is the method for configuring proxy ARP entries for manual NAT rules?
Answer: A
Explanation:
QUESTION NO: 43
Tom is troubleshooting NAT issues using fw monitor and Wireshark. He tries to initiate a
connection from the external network to a DMZ server using the public IP which the firewall
translates to the actual IP of the server. He analyzes the captured packets using Wireshark and
observes that the destination IP is being changed as required by the firewall but does not see the
packet leave the external interface. What could be the reason?
www.CertificationKing.com 15
Checkpoint 156-115.77 Exam
A. The translation might be happening on the client side and the packet is being routed by the OS
back to the external interface.
B. The translation might be happening on the server side and the packet is being routed by OS
back to the external interface.
C. Packet is dropped by the firewall.
D. After the translation, the packet is dropped by the Anti-Spoofing Protection.
Answer: B
Explanation:
QUESTION NO: 44
Tom has a Web server for which he has created a manual NAT rule. The rule is not working. He
tries to initiate a connection from the external network to a DMZ server using the public IP which
the firewall translates to the actual IP of the server. He analyzes the captured packets using
Wireshark and observes that the destination IP is being changed as required by the firewall but
does not see the packet leave the internal interface. Which box in Global Properties should be
checked?
www.CertificationKing.com 16
Checkpoint 156-115.77 Exam
A. Automatic NAT rules > Allow bi-directional NAT
B. Automatic NAT rules > Automatic ARP Configuration
C. Automatic NAT rules > Translate destination on client side
D. Manual NAT rules > Translate destination on client side
Answer: D
Explanation:
QUESTION NO: 45
Which FW-1 kernel flags should be used to properly debug and troubleshoot NAT issues?
Answer: C
Explanation:
QUESTION NO: 46
Which file should be edited to modify ClusterXL VIP Hide NAT rules, and where?
Answer: B
Explanation:
QUESTION NO: 47
When viewing a NAT Table, What represents the second hexadecimal number of the 6-tuple:
A. Source port
B. Protocol
C. Source IP
D. Destination port
Answer: C
www.CertificationKing.com 17
Checkpoint 156-115.77 Exam
Explanation:
QUESTION NO: 48
A. 65535
B. 65536
C. 25000
D. 1024
Answer: C
Explanation:
QUESTION NO: 49
Given the screen configuration shown, the failure’s probable cause is:
A. Packet 1 Proposes SA life Type , Sa Life Duration, Authentication and Encapsulation Algorithm.
B. Packet 1 proposes a symmetrical key.
C. Packet 1 proposes a subnet and host ID, an encryption and hash algorithm.
D. Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm, and ID data.
Answer: D
www.CertificationKing.com 18
Checkpoint 156-115.77 Exam
Explanation:
QUESTION NO: 50
Ann wants to hide FTP traffic behind the virtual IP of her cluster. Where is the relevant file
table.def located to make this modification?
A. $FWDIR/log/table.def
B. $FWDIR/conf/table.def
C. $FWDIR/bin/table.def
D. $FWDIR/lib/table.def
Answer: D
Explanation:
QUESTION NO: 51
While troubleshooting a connectivity issue with an internal web server, you know that packets are
getting to the upstream router, but when you run a tcpdump on the external interface of the
gateway, the only traffic you observe is ARP requests coming from the upstream router. Does the
problem lie on the Check Point Gateway?
Answer: D
Explanation:
QUESTION NO: 52
In a production environment, your gateway is configured to apply a Hide NAT for all internal traffic
destined to the Internet. However, you are setting up a VPN tunnel with a remote gateway, and
you are concerned about the encryption domain that you need to define on the remote gateway.
Does the remote gateway need to include your production gateway’s external IP in its encryption
domain?
A. No – all packets destined through a VPN will leave with original source and destination packets
without translation.
B. No – all packets destined to go through the VPN tunnel will have the payload encapsulated in
an ESP packet and after decryption at the remote site, will have the same internal source and
www.CertificationKing.com 19
Checkpoint 156-115.77 Exam
destination IP addresses.
C. Yes – all packets destined to go through the VPN tunnel will have the payload encapsulated in
an ESP packet and after decryption at the remote site, the packet will contain the source IP of the
Gateway because of Hide NAT.
D. Yes – The gateway will apply the Hide NAT for this VPN traffic.
Answer: B
Explanation:
QUESTION NO: 53
The "Hide internal networks behind the Gateway's external IP" option is selected. What defines
what traffic will be NATted?
Answer: D
Explanation:
Topic 3, ClusterXL
QUESTION NO: 54
With the default ClusterXL settings what will be the state of an active gateway upon using the
command ClusterXL_admin up?
A. Ready
B. Down
C. Standby
D. Active
Answer: C
Explanation:
QUESTION NO: 55
Which command should you use to stop kernel module debugging (excluding SecureXL)?
A. fw ctl debug 0
B. fw ctl zdebug - all
C. fw debug fwd off; vpn debug off
www.CertificationKing.com 20
Checkpoint 156-115.77 Exam
D. fw debug fwd off
Answer: A
Explanation:
QUESTION NO: 56
Which command should you run to debug the VPN-1 kernel module?
A. fw debug vpn on
B. vpn debug on TDERROR_ALL_ALL=5
C. fw ctl zdebug crypt kbuf
D. fw ctl debug -m VPN all
Answer: D
Explanation:
QUESTION NO: 57
Which command can be used to see all active modules on the Security Gateway:
Answer: C
Explanation:
QUESTION NO: 58
In some situations, switches may not play nicely with a Check Point Cluster and it is necessary to
change from multicast to broadcast. What command should you invoke to correct the issue?
Answer: B
Explanation:
www.CertificationKing.com 21
Checkpoint 156-115.77 Exam
QUESTION NO: 59
Which of the following commands shows the high watermark threshold for triggering the cluster
under load mechanism in R77?
Answer: C
Explanation:
QUESTION NO: 60
Answer: A
Explanation:
QUESTION NO: 61
When you have edited the local.arp configuration, to support a manual NAT, what must be done to
ensure proxy arps for both manual and automatic NAT rules function?
A. In Global Properties > NAT tree select Merge manual proxy ARP configuration check box
B. Run the command fw ctl ARP –a on the gateway
C. In Global Properties > NAT tree select Translate on client side check box
D. Create and run a script to forward changes to the local.arp tables of your gateway
Answer: A
Explanation:
QUESTION NO: 62
Which command clears all the connection table entries on a Security Gateway?
A. fw tab –t connetion –u
B. fw ctl tab –t connetions –u
www.CertificationKing.com 22
Checkpoint 156-115.77 Exam
C. fw tab –t connetion -s
D. fw tab –t connections -x
Answer: D
Explanation:
QUESTION NO: 63
How can you see a dropped connection and the cause from the kernel?
A. fw zdebug drop
B. fw ctl debug drop on
C. fw debug drop on
D. fw ctl zdebug drop
Answer: D
Explanation:
QUESTION NO: 64
After creating and pushing out a new policy, Joe finds that an old connection is still being allowed
that should have been closed after his changes. He wants to delete the connection on the
gateway, and looks it up with fw tab –t connections –u. Joe finds the connection he is looking for.
What command should Joe use to remove this connection?
<0,a128c22,89,a158508,89,11;10001,2281,25,15b,a1,4ecdfeee,ac,691400ac,7b6,3e,ffffffff,3c,3c,
0,0,0,0,0,0,0,0,0,0,0,0,0,0>
Answer: B
Explanation:
QUESTION NO: 65
Using the default values in R77 how many kernel instances will there be on a 16-core gateway?
A. 16
B. 8
C. 12
D. 14
www.CertificationKing.com 23
Checkpoint 156-115.77 Exam
Answer: D
Explanation:
QUESTION NO: 66
When viewing connections using the command fw tab -t connections, all entries are displayed with
a 6-tuple key, the elements of the 6-tuple include the following EXCEPT:
Answer: D
Explanation:
QUESTION NO: 67
Each connection allowed by a Security Gateway, will have a real entry and some symbolic link
entries in the connections state table. The symbolic link entries point back to the real entry using
this:
Answer: B
Explanation:
C3O3 - ClusterXL
QUESTION NO: 68
Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a
gateway in the cluster is being spoofed?
Answer: B
Explanation:
www.CertificationKing.com 24
Checkpoint 156-115.77 Exam
QUESTION NO: 69
Answer: A
Explanation:
QUESTION NO: 70
In order to prevent outgoing NTP traffic from being hidden behind a Cluster IP you should?
A. Edit the relevant table.def on the Management Server and add the line no_hide_services_ports
= { <17, 123> }; and then push policy.
B. Edit the relevant table.def on the gateway and add the line no_hide_services_ports = { <17,
123> };.
C. Edit the relevant table.def on the Management Server and add the line no_hide_services_ports
= { <123, 17> }; and then push policy.
D. Edit the relevant table.def on the gateway and add the line no_hide_services_ports = { <123,
17> }.
Answer: C
Explanation:
QUESTION NO: 71
Of the following answer choices, which best describes a possible effect of expanding the
connections table?
Answer: A
Explanation:
www.CertificationKing.com 25
Checkpoint 156-115.77 Exam
QUESTION NO: 72
Adam wants to find idle connections on his gateway. Which command would be best suited for
viewing the connections table?
A. fw tab -t connections
B. fw tab -t connections -u –f
C. fw tab -t connections –x
D. fw tab -t connections –s
Answer: B
Explanation:
QUESTION NO: 73
From the output of the following cphaprob -i list, what is the most likely cause of the clustering
issue?
Built-in Devices:
Registered Devices:
Device Name: Synchronization Registration number: 0 Timeout: none Current state: OK Time
since last report: 3651.5 sec
Device Name: Filter Registration number: 1 Timeout: none Current state: problem Time since last
report: 139 sec
Device Name: routed Registration number: 2 Timeout: none Current state: OK Time since last
report: 3651.9 sec
Device Name: cphad Registration number: 3 Timeout: none Current state: OK Time since last
report: 3696.5 sec
Device Name: fwd Registration number: 4 Timeout: none Current state: OK Time since last report:
3696.5 sec
www.CertificationKing.com 26
Checkpoint 156-115.77 Exam
D. Cluster B and Cluster A have different versions of policy installed.
Answer: D
Explanation:
QUESTION NO: 74
Which command would a troubleshooter use to verify table connection info (peak, concurrent) and
verify information about cluster synchronization state?
A. fw tab –t connections –s
B. fw ctl pstat
C. fw ctl multik stat
D. Show info all
Answer: D
Explanation:
QUESTION NO: 75
Which definition best describes the file table.def function? It is a placeholder for:
Answer: A
Explanation:
QUESTION NO: 76
Your customer receives an alert from their network operation center, they are seeing ARP and
Ping scans of their network originating from the firewall. What could be the reason for the
behaviour?
A. Check Point firewalls probe adjacent networking devices during normal operation.
B. IPS is disabled on the firewalls and there is a known OpenSSL vulnerability that allows a
hacker to cause a network scan to originate from the firewall.
C. One or both of the firewalls in a cluster have stopped receiving CCP packets on an interface.
D. Check Point's Antibot blade performs anti-bot scans of the surrounding network.
Answer: C
Explanation:
www.CertificationKing.com 27
Checkpoint 156-115.77 Exam
QUESTION NO: 77
Your cluster member is showing a state of "Ready". Which of the following is NOT a reason one
would expect for this behaviour?
A. One cluster member is configured for 32 bit and the other is configured for 64 bit
B. CoreXL is configured differently on the two machines
C. The firewall that is showing "Ready" has been upgraded but the other firewall has not yet been
upgraded
D. Firewall policy has not yet been installed to the firewall
Answer: D
Explanation:
QUESTION NO: 78
A. “Standby”
B. “Active”
C. “Backup”
D. “Down Attention” (or “Down!” in VSX mode)
Answer: D
Explanation:
QUESTION NO: 79
Answer: C
Explanation:
QUESTION NO: 80
www.CertificationKing.com 28
Checkpoint 156-115.77 Exam
A. fwha_magic_mac and fw_forward_magic_mac
B. fwha_mac_magic and fw_mac_forward_magic
C. cpha_mac_magic and cp_mac_forward_magic
D. cpha_magic_mac and cpha_mac_forward_magic
Answer: B
Explanation:
QUESTION NO: 81
How many sync interfaces are supported on Check Point R77 GAiA?
A. 3
B. 4
C. 2
D. 1
Answer: D
Explanation:
QUESTION NO: 82
Answer: D
Explanation:
QUESTION NO: 83
A. To determine the number of connections from OPSEC software using Open Source Licenses.
B. To decide when to fail over traffic to a new cluster member.
C. This is not a valid command.
D. To see the policy install dates on each of the members in the cluster.
Answer: B
Explanation:
www.CertificationKing.com 29
Checkpoint 156-115.77 Exam
QUESTION NO: 84
fw ctl debug 0
Answer: C
Explanation:
QUESTION NO: 85
You run the command fw tab -t connections -s on both members in the cluster. Both members
report differing values for "vals" and "peaks". Which may NOT be a reason for this difference?
Answer: D
Explanation:
QUESTION NO: 86
Your customer reports that the time on the standby cluster member is not correct. After failing
over and making it active, the time is now correct. NTP has been configured on both machines, so
it is expected that both machines be in sync with the NTP server. Upon investigating, it was found
that the standby member was never able to communicate with the NTP server while it was in
standby configuration. What could be the problem?
A. You should be syncing your backup to the primary for time settings.
B. NTP is not supported in active-passive mode.
www.CertificationKing.com 30
Checkpoint 156-115.77 Exam
C. Traffic from the standby member was hidden behind the cluster IP address and was therefore
returning to the active member.
D. Routing prevents the standby member from performing functions such as peering with dynamic
routing and obtaining NTP updates.
Answer: C
Explanation:
QUESTION NO: 87
Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70
and R77 versions. A change was made to the file $FWDIR/lib/tables.def on one of the domains.
However, it was found that the change was not applied to the R70 firewalls. What could be the
problem?
A. Changes to the table.def can only be applied to firewalls matching the Management Server
version. The customer needs to upgrade the firewalls to the same version as the firewall.
B. R70 is end of life and is not supported. Most functions will work, but modifying the table.def will
not.
C. In order to make changes on R70 machines you need work within GuiDBedit
D. To support R70, the file in the compatibility directory should have been modified.
Answer: D
Explanation:
QUESTION NO: 88
A. Preventing the secondary member from hiding its presence by not forwarding any packets.
B. Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.
C. Hiding the particular tables from being synchronized to the other cluster member.
D. Preventing outbound traffic from being hidden behind the cluster IP address.
Answer: D
Explanation:
QUESTION NO: 89
A. fw tab -t vpn_active
www.CertificationKing.com 31