CheckPoint 156-585 practice test

Check Point Certified Troubleshooting Expert Exam

Last exam update: Dec 15 ,2024
Page 1 out of 7. Viewing questions 1-15 out of 114

Question 1

What file contains the RAD proxy settings?

  • A. rad_settings.C
  • B. rad_services.C
  • C. rad_scheme.C
  • D. rad_control.C
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

James is using the same filter expression in fw monitor for CITRIX very often and instead of typing
this all the time he wants to add it as a macro to the fw monitor definition file. Whats the name and
location of this file?

  • A. $FWDIR/lib/fwmonltor.def
  • B. $FWDIR/conf/fwmonltor.def
  • C. $FWDIR/lib/tcpip.def
  • D. $FWDIR/lib/fw.monitor
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

How many tiers of pattern matching can a packet pass through during IPS inspection?

  • A. 2
  • B. 1
  • C. 5
  • D. 9
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What acceleration mode utilizes multi-core processing to assist with traffic processing?

  • A. CoreXL
  • B. SecureXL
  • C. HyperThreading
  • D. Traffic Warping
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented,
which layer of IPS corrects this to allow for proper inspection?

  • A. Passive Streaming Library
  • B. Protections
  • C. Protocol Parsers
  • D. Context Management
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Some users from your organization have been reported some connection problems with CIFS since
this morning. You suspect an IPS Issue after an automatic IPS update last night. So you want to
perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to
check if the packets pass the IPS. What command do you need to run?

  • A. fw monitor -ml -pl 5 -e <filterexpression>
  • B. fw monitor -pi 5 -e <filterexpression>
  • C. tcpdump -eni any <filterexpression>
  • D. fw monitor -pl asm <filterexpression>
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

What is the correct syntax to set all debug flags for Unified Policy related issues?

  • B. fw ctl debug -m up all
  • C. fw ctl kdebug -m UP all
  • D. fw ctl debug -m fw all
Answer:

A

User Votes:
B
50%
C
50%
D
50%
Discussions
vote your answer:
B
C
D
0 / 1000

Question 8

To check the current status of hyper-threading, which command would you execute in expert mode?

  • A. cat /proc/hypert_status
  • B. cat /proc/smt_status
  • C. cat /proc/hypert_stat
  • D. cat /proc/smt_stat
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

How does the URL Filtering Categorization occur in the kernel?
1. RAD provides the status of the search to the client.
2. The a-sync request is forwarded to the RAD User space via the RAD kernel for online
categorization.
3. The online detection service responds with categories and the kernel cache is updated.
4. The kernel cache notifies the RAD kernel of hits and misses.
5. URL lookup initiated by the client.
6. URL lookup occurs in the kernel cache.
7. The client sends an a-sync request back to RAD If the URL was not found.

  • A. 5, 6, 7, 1, 3, 2, 4
  • B. 5, 6, 2, 4, 1, 7, 3
  • C. 5, 6, 4, 1, 7, 2, 3
  • D. 5, 6, 3, 1, 2, 4, 7
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What is the most efficient way to view large fw monitor captures and run filters on the file?

  • A. wireshark
  • B. CLISH
  • C. CLI
  • D. snoop
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

In Security Management High Availability, if the primary and secondary managements, running the
same version of R80.x, are in a state of Collision, how can this be resolved?

  • A. Administrator should manually synchronize the servers using SmartConsole
  • B. The Collision state does not happen in R80.x as the synchronizing automatically on every publish action
  • C. Reset the SIC of the secondary management server
  • D. Run the command fw send synch force on the primary server and fw get sync quiet on the secondary server
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

The customer is using Check Point appliances that were configured long ago by third-party
administrators. Current policy includes different enabled IPS protections and Bypass Under Load
function. Bypass Under Load is configured to disable IPS inspections of CPU and Memory usage is
higher than 80%. The Customer reports that IPS protections are not working at all regardless of CPU
and
Memory
usage.
What is the possible reason of such behavior?

  • A. The kernel parameter ids_assume_stress is set to 0
  • B. The kernel parameter ids_assume_stress is set to 1
  • C. The kernel parameter ids_tolerance_no_stress is set to 10
  • D. The kernel parameter ids_tolerance_stress is set to 10
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Check Point provides tools & commands to help you to identify issues about products and
applications. Which Check Point command can help you to display status and statistics information
for various Check Point products and applications?

  • B. CPstat
  • C. CPview
  • D. fwstat
Answer:

A

User Votes:
B
50%
C
50%
D
50%
Discussions
vote your answer:
B
C
D
0 / 1000

Question 14

You need to run a kernel debug over a longer period of time as the problem occurs only once or
twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a
file but you cant afford to fill up all the remaining disk space and you only have 10 GB free for saving
the debugs. What is the correct syntax for this?

  • A. fw ctl kdebug -T -f -m 10 -s 1000000 -o debugfilename
  • B. fw ctl kdebug -T -f -m 10 -s 1000000 > debugfilename
  • C. fw ctl kdebug -T -m 10 -s 1000000 -o debugfilename
  • D. fw ctl debug -T -f -m 10 -s 1000000 -o debugfilename
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which kernel process is used by Content Awareness to collect the data from contexts?

  • A. dlpda
  • B. PDP
  • C. cpemd
  • D. CMI
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2