156-585 Exam - Check Point Certified Troubleshooting Expert

NEW QUESTION 1
What is NOT a benefit of the fw ctl zdebug command?

• A. Cannot be used to debug additional modules
• B. Collect debug messages from the kernel
• C. Clean the buffer
• D. Automatically allocate a 1MB buffer

Answer: A

NEW QUESTION 2
PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell Which command do you need to enter the PostgreSQL interactive shell?

• A. psql_client cpm postgres
• B. mysql_client cpm postgres
• C. psql_c!ieni postgres cpm
• D. mysql -u root

Answer: A

NEW QUESTION 3
How many tiers of pattern matching can a packet pass through during IPS inspection?

• A. 2
• B. 1
• C. 5
• D. 9

Answer: A

NEW QUESTION 4
How many captures does the command "fw monitor -p all" take?

• A. All 15 of the inbound and outbound modules
• B. All 4 points of the fw VM modules
• C. 1 from every inbound and outbound module of the chain
• D. The -p option takes the same number of captures, but gathers all of the data packet

Answer: C

NEW QUESTION 5
What is connect about the Resource Advisor (RAD) service on the Security Gateways?

• A. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization
• B. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There is no user space involvement in this process
• C. RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
• D. RAD is not a separate module, it is an integrated function of the 'fw1 kernel module and does all operations in the kernel space

Answer: C

NEW QUESTION 6
What is the name of the VPN kernel process?

• A. VPNK
• B. VPND
• C. CVPND
• D. FWK

Answer: A

NEW QUESTION 7
What acceleration mode utlizes multi-core processing to assist with traffic processing?

• A. CoreXL
• B. SecureXL
• C. HyperThreading
• D. Traffic Warping

Answer: C

NEW QUESTION 8
What is the correct syntax to turn a VPN debug on and create new empty debug files?

• A. vpn debug truncon
• B. vpndebug trunc on
• C. vpn kdebug on
• D. vpn debug trunkon

Answer: D

NEW QUESTION 9
URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required''

• A. RAD Kernel Space
• B. URLF Kernel Client
• C. URLF Online Service
• D. RAD User Space

Answer: B

NEW QUESTION 10
What are the four ways to insert an FW Monitor into the firewall kernel chain?

• A. Relative position using location, relative position using alias, absolute position, all positions
• B. Absolute position using location, absolute position using alias, relative position, all positions
• C. Absolute position using location, relative position using alias, general position, all positions
• D. Relative position using geolocation, relative position using inertial navigation, absolute position, all positions

Answer: D

NEW QUESTION 11
What is the kernel process for Content Awareness that collects the data from the contexts received from the CMI and decides if the file is matched by a data type?

• A. dlpda
• B. dlpu
• C. cntmgr
• D. cntawmod

Answer: D

NEW QUESTION 12
Your fwm constantly crashes and is restarted by the watchdog. You can't find any coredumps related to this process, so you need to check If coredumps are enabled at all How can you achieve that?

• A. in dish run show core-dump status
• B. in expert mode run show core-dump status
• C. in dish run set core-dump status
• D. in dish run show coredumb status

Answer: D

NEW QUESTION 13
Which process is responsible for the generation of certificates?

• A. cpm
• B. cpca
• C. dbsync
• D. fwm

Answer: B

NEW QUESTION 14
When debugging is enabled on firewall kernel module using the ‘fw ctl debug’ command with required options, many debug messages are provided by the kernel that help the administrator to identify issues. Which of the following is true about these debug messages generated by the kernel module?

• A. Messages are written to a buffer and collected using ‘fw ctl kdebug’
• B. Messages are written to console and also /var/log/messages file
• C. Messages are written to /etc/dmesg file
• D. Messages are written to $FWDIR/log/fw.elg

Answer: B

NEW QUESTION 15
The two procedures available for debugging in the firewall kernel are
i fw ctl zdebug
ii fw ctl debug/kdebug
Choose the correct statement explaining the differences in the two

• A. (i) Is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to get an output via command linewhereas (11) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line
• B. (i) is used to debug the access control policy only, however (n) can be used to debug a unified policy
• C. (i) is used to debug only issues related to dropping of traffic, however (n) can be used for any firewall issue including NATing, clustering etc.
• D. (i) is used on a Security Gateway, whereas (11) is used on a Security Management Server

Answer: C

NEW QUESTION 16
What is the function of the Core Dump Manager utility?

• A. To generate a new core dump for analysis
• B. To limit the number of core dump files per process as well as the total amount of disk space used by core files
• C. To determine which process is slowing down the system
• D. To send crash information to an external analyzer

Answer: B

NEW QUESTION 17
If the cpsemd process of SmartEvent has crashed or is having trouble coming up. then it usually indicates that .

• A. Postgres database ts down
• B. Cpd daemon is unable to connect to the log server
• C. The SmartEvent core on the Solr mdexer has been deleted
• D. The logged in administrator does not have permissions to run SmartEvent

Answer: C

NEW QUESTION 18
......