CheckPoint 156-585 practice test

When running a debug with fw monitor, which parameter will create a more verbose output?

• B. -i
• C. -0
• D. -d

What is connect about the Resource Advisor (RAD) service on the Security Gateways?

• A. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization
• B. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There is no user space involvement in this process
• C. RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
• D. RAD is not a separate module, it is an integrated function of the 'fw1 kernel module and does all operations in the kernel space

What are some measures you can take to prevent IPS false positives?

• A. Exclude problematic services from being protected by IPS (sip, H 323, etc )
• B. Use IPS only in Detect mode
• C. Use Recommended IPS profile
• D. Capture packets. Update the IPS database, and Back up custom IPS files

RAD is initiated when Application Control and URL Filtering blades are active on the Security
Gateway What is the purpose of the following RAD configuration file SFWDIR/conf/rad_settings.C?

• A. This file contains the location information tor Application Control and/or URL Filtering entitlements
• B. This file contains the information on how the Security Gateway reaches the Security Managers RAD service for Application Control and URL Filtering
• C. This file contains RAD proxy settings
• D. This file contains all the host name settings for the online application detection engine

What is the main SecureXL database for tracking the acceleration status of traffic?

• A. cphwd_db
• B. cphwd_tmp1
• C. cphwd_dev_conn_table
• D. cphwd_dev_identity_table

What is the buffer size set by the fw ctl zdebug command?

• A. 1 MB
• B. 1 GB
• C. 8MB
• D. 8GB

What is the benefit of running "vpn debug trunc over "vpn debug on"?

• A. "vpn debug trunc" purges ike.elg and vpnd elg and creates limestarnp while starting ike debug and vpn debug
• B. "vpn debug trunc* truncates the capture hence the output contains minimal capture
• C. "vpn debug trunc* provides verbose capture
• D. No advantage one over the other

the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

• A. there is no difference
• B. the C2S VPN uses a different VPN deamon and there a second VPN debug
• C. the C2S VPN can not be debugged as it uses different protocols for the key exchange
• D. the C2S client uses Browser based SSL vpn and cant be debugged

Which of the following daemons is used for Threat Extraction?

• A. scrubd
• B. extractd
• C. tex
• D. tedex

You are upgrading your NOC Firewall (on a Check Point Appliance) from R77 to R80 30 but you did
not touch the security policy After the upgrade you can't connect to the new R80 30 SmartConsole of
the upgraded Firewall anymore What is a possible reason for this?

• A. new new console port is 19009 and a access rule ts missing
• B. the license became invalig and the firewall does not start anymore
• C. the upgrade process changed the interfaces and IP adresses and you have to switch cables
• D. the IPS System on the new R80.30 Version prohibits direct Smartconsole access to a standalone firewall