156-115.77 Online Practice Questions and Answers

Which of the following BEST describes the command fw ctl chain function?

A. View how CoreXL is distributing traffic among the firewall kernel instances.

B. View established connections in the connections table.

C. View the inbound and outbound kernel modules and the order in which they are applied.

D. Determine if VPN Security Associations are being established.

What command would give you a summary of all the tables available to the firewall kernel?

A. fw tab

B. fw tab -s

C. fw tab -h

D. fw tab -o

Which FW-1 kernel flags should be used to properly debug and troubleshoot NAT issues?

A. nat, route, conn, fwd, zeco, err

B. nat, xlate, fwd, vm, ld, chain

C. nat, xltrc, xlate, drop, conn, vm

D. nat, drop, conn, xlate, filter, ioctl

What would be a reason to use the command cphaosu stat?

A. To determine the number of connections from OPSEC software using Open Source Licenses.

B. To decide when to fail over traffic to a new cluster member.

C. This is not a valid command.

D. To see the policy install dates on each of the members in the cluster.

Your customer reports that the time on the standby cluster member is not correct. After failing over and making it active, the time is now correct. NTP has been configured on both machines, so it is expected that both machines be in sync with the NTP server. Upon investigating, it was found that the standby member was never able to communicate with the NTP server while it was in standby configuration. What could be the problem?

A. You should be syncing your backup to the primary for time settings.

B. NTP is not supported in active-passive mode.

C. Traffic from the standby member was hidden behind the cluster IP address and was therefore returning to the active member.

D. Routing prevents the standby member from performing functions such as peering with dynamic routing and obtaining NTP updates.

You are in VPN troubleshooting with a Partner and you suspect a mismatch configuration in Diffie- Hellman (DH) group to Phase1. After starting a vpn debug, in which packet would you look to analyze this option in your debug file?

A. Packet3

B. Packet4

C. Packet5

D. Packet1

Which of the following statements are TRUE about SecureXL?

A. SecureXL is able to accelerate all connections through the firewall.

II. Medium path acceleration will still cause some CPU utilization of CoreXL cores.

III. F2F connections represent "forwarded to firewall" connections that are not accelerated and fully processed through the firewall kernel.

IV. Packets going through SecureXL must be inspected by the firewall kernel before being accelerated.

B. II and III

C. I, II, and III

D. III and IV

E. I and IV

What is the best way to see how a firewall is performing while processing packets in the firewall path, including resource usage?

A. fw getperf

B. SecureXL stat

C. fwaccel stats

D. fw ctl pstat

You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you see when these were updated?

A. In the IPS tree Protections > Select Check for Update.

B. Check asm_update_version_geo in GuiDBedit.

C. In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy.

D. Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv.

What considerations are required when configuring IPV6 with Wire mode?

A. IPv6 in Wire mode is only supported in R77.

B. IPV6 must be configured on both end points.

C. IPV6 is not supported in Wire mode.

D. You must use internal IPv6 addressing space to use Wire mode.