156-585 Exam - Check Point Certified Troubleshooting Expert

NEW QUESTION 1
Joey is configuring a site-to-site VPN with his business partner. On Joey’s site he has a Check Point R80.10 Gateway and his partner uses Cisco ASA 5540 as a gateway.
Joey’s VPN domain on the Check Point Gateway object is manually configured with a group object that contains two network objects:
VPN_Domain3 = 192.168.14.0/24 VPN_Domain4 = 192.168.15.0/24
Partner’s site ACL as viewed from “show run”
access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.14.0 255.255.255.0
access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.15.0 255.255.255.0 When they try to establish VPN tunnel, it fails. What is the most likely cause of the failure given the
information provided?

• A. Tunnel falls on partner sit
• B. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation.Check Point continues to present its own encryption domain as 192.168.14.0/24 and 192.168.15.0/24, but the peer expects the one network 192.168.14.0/23
• C. Tunnel fails on partner sit
• D. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation.Check Point continues to present its own encryption domain as 192.168.14.0/23, but the peer expects the two distinct networks 192.168.14.0/24 and 192.168.15.0/24.
• E. Tunnel fails on Joey’s site, because he misconfigured IP address of VPN peer.
• F. Tunnel falls on partner sit
• G. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation due to the algorithm mismatch.

Answer: B

NEW QUESTION 2
What are four main database domains?

• A. System, Global, Log, Event
• B. System, User, Host, Network
• C. Local, Global, User, VPN
• D. System, User, Global, Log

Answer: D

NEW QUESTION 3
Check Point Threat Prevention policies can contain multiple policy layers and each layer consists of its own Rule Base Which Threat Prevention daemon is used for Anti-virus?

• A. in.emaild.mta
• B. in.msd
• C. ctasd
• D. in emaild

Answer: D

NEW QUESTION 4
What process monitors, terminates, and restarts critical Check Point processes as necessary?

• A. CPWD
• B. CPM
• C. FWD
• D. FWM

Answer: A

NEW QUESTION 5
Which command do you need to execute to insert fw monitor after TCP streaming (out) in the outbound chain using absolute position? Given the chain was 1ffffe0, choose the correct answer.

• A. fw monitor –po -0x1ffffe0
• B. fw monitor –p0 ox1ffffe0
• C. fw monitor –po 1ffffe0
• D. fw monitor –p0 –ox1ffffe0

Answer: A

Explanation:
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_PerformanceTuning_AdminG

NEW QUESTION 6
Check Point Access Control Daemons contains several daemons for Software Blades and features Which Daemon is used for Application & Control URL Filtering?

• A. rad
• B. cprad
• C. pepd
• D. pdpd

Answer: C

NEW QUESTION 7
What is the best way to resolve an issue caused by a frozen process?

• A. Reboot the machine
• B. Restart the process
• C. Kill the process
• D. Power off the machine

Answer: B

NEW QUESTION 8
During firewall kernel debug with fw ctl zdebug you received less information than expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?

• A. Increase debug buffer; Use fw ctl debug –buf 32768
• B. Redirect debug output to file; Use fw ctl zdebug –o ./debug.elg
• C. Increase debug buffer; Use fw ctl zdebug –buf 32768
• D. Redirect debug output to file; Use fw ctl debug –o ./debug.elg

Answer: A

NEW QUESTION 9
What is the simplest and most efficient way to check all dropped packets in real time?

• A. fw ctl zdebug * drop in expert mode
• B. Smartlog
• C. cat /dev/fwTlog in expert mode
• D. tail -f SFWDIR/log/fw log |grep drop in expert mode

Answer: D

NEW QUESTION 10
Which one of the following is NOT considered a Solr core partition:

• A. CPM_0_Revisions
• B. CPM_Global_A
• C. CPM_Gtobal_R
• D. CPM_0_Disabled

Answer: D

NEW QUESTION 11
The Check Pom! Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process There are two procedures available for debugging the firewall kernel Which procedure/command is used for troubleshooting packet drops and other kernel activites while using minimal resources (1 MB buffer)?

• A. fw ctl zdebug
• B. fw ctl debug/kdebug
• C. fwk ctl debug
• D. fw debug ctl

Answer: A

NEW QUESTION 12
Which of the following is NOT a valid "fwaccel" parameter?

• A. stat
• B. stats
• C. templates
• D. packets

Answer: D

NEW QUESTION 13
Vanessa is reviewing ike.elg file to troubleshoot failed site-to-site VPN connection After sending Mam Mode Packet 5 the response from the peer is PAYLOAD-MALFORMED"
What is the reason for failed VPN connection?

• A. The authentication on Phase 1 is causing the problem.Pre-shared key on local gateway encrypted by the hash algorithm created in Packet 3 and Packet 4 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• B. The authentication on Phase 2 is causing the problemPre-shared key on local gateway encrypted by the hash algorithm created in Packets 1 and 2 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• C. The authentication on Quick Mode is causing the problemPre-shared key on local gateway encrypted by the hash algorithm created in Packets 3 and 4 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• D. The authentication on Phase 1 is causing the problemPre-shared key on local gateway encrypted by the hash algorithm doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key created in Packet 1 and Packet 2

Answer: B

NEW QUESTION 14
Check Point Access Control Daemons contains several daemons for Software Blades and features. Which Daemon is used for Application & Control Filtering?

• A. rad
• B. cprad
• C. pepd
• D. pdpd

Answer: A

NEW QUESTION 15
An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution she wants to check if the process responsible for this feature is running correctly. What is true about the related process?

• A. fwm manages this database after initialization of the ICA
• B. cpd needs to be restarted manual to show in the list
• C. fwssd crashes can affect therefore not show in the list
• D. solr is a child process of cpm

Answer: D

NEW QUESTION 16
After kernel debug with "fw ctl debug" you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to solve this issue.

• A. Use "fw ctl zdebug' because of 1024KB buffer size
• B. Divide debug information into smaller files Use "fw ctl kdebug -f -o "filename" -m 25 - s "1024"
• C. Reduce debug buffer to 1024KB and run debug for several times
• D. Use Check Point InfoView utility to analyze debug output

Answer: C

NEW QUESTION 17
What is the proper command for allowing the system to create core files?

• A. $FWDIR/scripts/core-dump-enable.sh
• B. # set core-dump enable# save config
• C. service core-dump start
• D. >set core-dump enable>save config

Answer: D

NEW QUESTION 18
......