Update Check Point Certified Troubleshooting Expert 156-585 Prep

NEW QUESTION 1
What file contains the RAD proxy settings?

• A. rad_settings.C
• B. rad_services.C
• C. rad_scheme.C
• D. rad_control.C

Answer: A

NEW QUESTION 2
Which command is most useful for debugging the fwaccel module?

• A. fw zdebug
• B. securexl debug
• C. fwaccel dbg
• D. fw debug

Answer: C

NEW QUESTION 3
What are some measures you can take to prevent IPS false positives?

• A. Exclude problematic services from being protected by IPS (sip, H 323, etc )
• B. Use IPS only in Detect mode
• C. Use Recommended IPS profile
• D. Capture packet
• E. Update the IPS database, and Back up custom IPS files

Answer: A

NEW QUESTION 4
Which command is used to write a kernel debug to a file?

• A. fw ctl debug -T -f > debug.txt
• B. fw ctl kdebug -T -l > debug.txt
• C. fw ctl debug -S -t > debug.txt
• D. fw ctl kdebug -T -f > debug.txt

Answer: D

NEW QUESTION 5
Some users from your organization have been reported some connection problems with CIFS since this morning. You suspect an IPS Issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to check if the packets pass the IPS. What command do you need to run?

• A. fw monitor -ml -pl 5 -e <filterexpression>
• B. fw monitor -pi 5 -e <filterexpression>
• C. tcpdump -eni any <filterexpression>
• D. fw monitor -pl asm <filterexpression>

Answer: A

NEW QUESTION 6
Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources, such as Application Control and IPS. and compiles them together into unified Pattern Matchers?

• A. CMI Loader
• B. cpas
• C. PSL - Passive Signature Loader
• D. Context Loader

Answer: A

NEW QUESTION 7
The management configuration stored in the Postgres database is partitioned into several relational database Domains, like - System, User, Global and Log Domains. The User Domain stores the network objects and security policies. Which of the following is stored in the Log Domain?

• A. Configuration data of Log Servers and saved queries for applications
• B. Active Logs received from Security Gateways and Management Servers
• C. Active and past logs received from Gateways and Servers
• D. Log Domain is not stored in Postgres database, it is part of Solr indexer only

Answer: D

NEW QUESTION 8
Joey is configuring a site-to-site VPN with his business partner. On Joey’s site he has a Check Point R80.10 Gateway and his partner uses Cisco ASA 5540 as a gateway.
Joey’s VPN domain on the Check Point Gateway object is manually configured with a group object that contains two network objects:
VPN_Domain3 = 192.168.14.0/24 VPN_Domain4 = 192.168.15.0/24
Partner’s site ACL as viewed from “show run”
access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.14.0 255.255.255.0
access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.15.0 255.255.255.0 When they try to establish VPN tunnel, it fails. What is the most likely cause of the failure given the
information provided?

• A. Tunnel falls on partner sit
• B. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation.Check Point continues to present its own encryption domain as 192.168.14.0/24 and 192.168.15.0/24, but the peer expects the one network 192.168.14.0/23
• C. Tunnel fails on partner sit
• D. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation.Check Point continues to present its own encryption domain as 192.168.14.0/23, but the peer expects the two distinct networks 192.168.14.0/24 and 192.168.15.0/24.
• E. Tunnel fails on Joey’s site, because he misconfigured IP address of VPN peer.
• F. Tunnel falls on partner sit
• G. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation due to the algorithm mismatch.

Answer: B

NEW QUESTION 9
What file extension should be used with fw monitor to allow the output file to be imported and read in Wireshark?

• A. .cap
• B. .exe
• C. .tgz
• D. .pcap

Answer: A

NEW QUESTION 10
You are trying to establish a VPN tunnel between two Security Gateways but fail. What initial steps will you make to troubleshoot the issue

• A. capture traffic on both tunnel members and collect debug of IKE and VPND daemon
• B. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags, then collect debug of IKE and VPND daemon
• C. collect debug of IKE and VPND daemon and collect kernel debug for fw module with vm, crypt, conn and drop flags
• D. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags

Answer: A

NEW QUESTION 11
How many captures does the command "fw monitor -p all" take?

• A. All 15 of the inbound and outbound modules
• B. All 4 points of the fw VM modules
• C. 1 from every inbound and outbound module of the chain
• D. The -p option takes the same number of captures, but gathers all of the data packet

Answer: C

NEW QUESTION 12
Where will the usermode core files be located?

• A. /var/log/dump/usermode
• B. /var/suroot
• C. SFWDlR/var'log/dump/usermode
• D. SCPDIR/var/log/dump/usermode

Answer: A

NEW QUESTION 13
What is the function of the Core Dump Manager utility?

• A. To generate a new core dump for analysis
• B. To limit the number of core dump files per process as well as the total amount of disk space used by core files
• C. To determine which process is slowing down the system
• D. To send crash information to an external analyzer

Answer: B

NEW QUESTION 14
What components make up the Context Management Infrastructure?

• A. CMI Loader and Pattern Matcher
• B. CPMI and FW Loader
• C. CPX and FWM
• D. CPM and SOLR

Answer: A

NEW QUESTION 15
How does the URL Filtering Categorization occur in the kernel?
* 1. RAD provides the status of the search to the client.
* 2. The a-sync request is forwarded to the RAD User space via the RAD kernel for online categorization.
* 3. The online detection service responds with categories and the kernel cache is updated.
* 4. The kernel cache notifies the RAD kernel of hits and misses.
* 5. URL lookup initiated by the client.
* 6. URL lookup occurs in the kernel cache.
* 7. The client sends an a-sync request back to RAD If the URL was not found.

• A. 5, 6, 7, 1, 3, 2, 4
• B. 5, 6, 2, 4, 1, 7, 3
• C. 5, 6, 4, 1, 7, 2, 3
• D. 5, 6, 3, 1, 2, 4, 7

Answer: C

NEW QUESTION 16
How can you start debug of the Unified Policy with all possible flags turned on?

• A. fw ctl debug -m UP all
• B. fw ctl debug -m UnifiedPolicy all
• C. fw ctl debug -m fw + UP
• D. fw ctl debug -m UP *

Answer: D

NEW QUESTION 17
......