How Many Questions Of 156-585 Prep

NEW QUESTION 1
What process monitors, terminates, and restarts critical Check Point processes as necessary?

• A. CPWD
• B. CPM
• C. FWD
• D. FWM

Answer: A

NEW QUESTION 2
The Check Pom! Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process There are two procedures available for debugging the firewall kernel Which procedure/command is used for troubleshooting packet drops and other kernel activites while using minimal resources (1 MB buffer)?

• A. fw ctl zdebug
• B. fw ctl debug/kdebug
• C. fwk ctl debug
• D. fw debug ctl

Answer: A

NEW QUESTION 3
Which command do you need to execute to insert fw monitor after TCP streaming (out) in the outbound chain using absolute position? Given the chain was 1ffffe0, choose the correct answer.

• A. fw monitor –po -0x1ffffe0
• B. fw monitor –p0 ox1ffffe0
• C. fw monitor –po 1ffffe0
• D. fw monitor –p0 –ox1ffffe0

Answer: A

Explanation:
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_PerformanceTuning_AdminG

NEW QUESTION 4
Your users have some issues connecting Mobile Access VPN to the gateway. How can you debug the tunnel establishment?

• A. in the file $CVPNDIR/conf/httpd.conf change the line loglevel .. To LogLevel debug and run cvpnrestart
• B. run vpn debug truncon
• C. run fw ctl zdebug -m sslvpn all
• D. in the file $VPNDIR/conf/httpd.conf the line Loglevel .. To LogLevel debug and run vpn restart

Answer: A

NEW QUESTION 5
What is the best way to resolve an issue caused by a frozen process?

• A. Reboot the machine
• B. Restart the process
• C. Kill the process
• D. Power off the machine

Answer: B

NEW QUESTION 6
Which of the following daemons is used for Threat Extraction?

• A. scrubd
• B. extractd
• C. tex
• D. tedex

Answer: A

NEW QUESTION 7
How can you increase the ring buffer size to 1024 descriptors?

• A. set interface eth0 rx-ringsize 1024
• B. fw ctl int rx_ringsize 1024
• C. echo rx_ringsize=1024>>/etc/sysconfig/sysctl.conf
• D. dbedit>modify properties firewall_properties rx_ringsize 1024

Answer: A

NEW QUESTION 8
Select the technology that does the following actions
- provides reassembly via streaming for TCP
- handles packet reordering and congestion
- handles payload overlap
- provides consistent stream of data to protocol parsers

• A. Passive Streaming Library
• B. Context Management
• C. Pre-Protocol Parser
• D. fwtcpstream

Answer: A

NEW QUESTION 9
Vanessa is reviewing ike.elg file to troubleshoot failed site-to-site VPN connection After sending Mam Mode Packet 5 the response from the peer is PAYLOAD-MALFORMED"
What is the reason for failed VPN connection?

• A. The authentication on Phase 1 is causing the problem.Pre-shared key on local gateway encrypted by the hash algorithm created in Packet 3 and Packet 4 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• B. The authentication on Phase 2 is causing the problemPre-shared key on local gateway encrypted by the hash algorithm created in Packets 1 and 2 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• C. The authentication on Quick Mode is causing the problemPre-shared key on local gateway encrypted by the hash algorithm created in Packets 3 and 4 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• D. The authentication on Phase 1 is causing the problemPre-shared key on local gateway encrypted by the hash algorithm doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key created in Packet 1 and Packet 2

Answer: B

NEW QUESTION 10
When debugging is enabled on firewall kernel module using the ‘fw ctl debug’ command with required options, many debug messages are provided by the kernel that help the administrator to identify issues. Which of the following is true about these debug messages generated by the kernel module?

• A. Messages are written to a buffer and collected using ‘fw ctl kdebug’
• B. Messages are written to console and also /var/log/messages file
• C. Messages are written to /etc/dmesg file
• D. Messages are written to $FWDIR/log/fw.elg

Answer: B

NEW QUESTION 11
What table does the command "fwaccel conns" pull information from?

• A. fwxl_conns
• B. SecureXLCon
• C. cphwd_db
• D. sxl_connections

Answer: A

NEW QUESTION 12
Check Point's PostgreSQL is partitioned into several relational database domains. Which domain contains network objects and security policies?

• A. User Domain
• B. System Domain
• C. Global Domain
• D. Log Domain

Answer: C

NEW QUESTION 13
You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore you need to add a timestamp to the kernel debug and write the output to a file What is the correct syntax for this?

• A. fw ctl kdebug -T -f > filename.debug
• B. fw ctl kdebug -T > filename.debug
• C. fw ctl debug -T -f > filename.debug
• D. fw ctl kdebug -T -f -o filename.debug

Answer: C

NEW QUESTION 14
Check Point Access Control Daemons contains several daemons for Software Blades and features Which Daemon is used for Application & Control URL Filtering?

• A. rad
• B. cprad
• C. pepd
• D. pdpd

Answer: C

NEW QUESTION 15
If IPS protections that prevent SecureXL from accelerating traffic, such as Network Quota, Fingerprint Scrambling. TTL Masking etc, have to be used, what is a recommended practice to enhance the performance of the gateway?

• A. Use the IPS exception mechanism
• B. Disable all such protections
• C. Disable SecureXL and use CoreXL
• D. Upgrade the hardware to include more Cores and Memory

Answer: C

NEW QUESTION 16
What command is usually used for general firewall kernel debugging and what is the size of the buffer that is automatically enabled when using the command?

• A. fw ctl debug, buffer size is 1024 KB
• B. fw ell zdebu
• C. buffer size is 32768 KB
• D. fw dl zdebug, buffer size is 1 MB
• E. fw ctl kdeou
• F. buffer size is 32000 KB

Answer: D

NEW QUESTION 17
......