Check Point Certified Troubleshooting Expert v1.0 (156-585)

Page:    1 / 5   
Total 81 questions

Which of the following daemons is used for Threat Extraction?

  • A. scrubd
  • B. extractd
  • C. tex
  • D. tedex


Answer : A

What is the correct syntax to set all debug flags for Unified Policy related issues?

  • A. fw ctl debug -m UP all
  • B. fw ctl debug -m up all
  • C. fw ctl kdebug -m UP all
  • D. fw ctl debug -m fw all


Answer : A

Some users from your organization have been reported some connection problems with CIFS since this morning. You suspect an IPS Issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to check if the packets pass the IPS. What command do you need to run?

  • A. fw monitor -ml -pl 5 -e <filterexpression>
  • B. fw monitor -pi 5 -e <filterexpression>
  • C. tcpdump -eni any <filterexpression>
  • D. fw monitor -pl asm <filterexpression>


Answer : A

For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented, which layer of IPS corrects this to allow for proper inspection?

  • A. Passive Streaming Library
  • B. Protections
  • C. Protocol Parsers
  • D. Context Management


Answer : A

What acceleration mode utilizes multi-core processing to assist with traffic processing?

  • A. CoreXL
  • B. SecureXL
  • C. HyperThreading
  • D. Traffic Warping


Answer : C

How many tiers of pattern matching can a packet pass through during IPS inspection?

  • A. 2
  • B. 1
  • C. 5
  • D. 9


Answer : A

James is using the same filter expression in fw monitor for CITRIX very often and instead of typing this all the time he wants to add it as a macro to the fw monitor definition file. What’s the name and location of this file?

  • A. $FWDIR/lib/fwmonltor.def
  • B. $FWDIR/conf/fwmonltor.def
  • C. $FWDIR/lib/tcpip.def
  • D. $FWDIR/lib/fw.monitor


Answer : A

What command is used to find out which port Multi-Portal has assigned to the Mobile Access Portal?

  • A. mpclient getdata sslvpn
  • B. netstat -nap | grep mobile
  • C. mpclient getdata mobi
  • D. netstat getdata sslvpn


Answer : A

What file contains the RAD proxy settings?

  • A. rad_settings.C
  • B. rad_services.C
  • C. rad_scheme.C
  • D. rad_control.C


Answer : A

Your users have some issues connecting Mobile Access VPN to the gateway. How can you debug the tunnel establishment?

  • A. in the file $CVPNDIR/conf/httpd.conf change the line loglevel .. To LogLevel debug and run cvpnrestart
  • B. run vpn debug truncon
  • C. run fw ctl zdebug -m sslvpn all
  • D. in the file $VPNDIR/conf/httpd.conf the line Loglevel .. To LogLevel debug and run vpn restart


Answer : A

Which Threat Prevention Daemon is the core Threat Emulation engine and responsible for emulation files and communications with Threat Cloud?

  • A. ctasd
  • B. in.msd
  • C. ted
  • D. scrub


Answer : C

John has renewed his NGTX License but he gets an error (contract for Anti-Bot expired). He wants to check the subscription status on the CLI of the gateway, what command can he use for this?

  • A. cpstat antimalware -f subscription_status
  • B. fw monitor license status
  • C. fwm lic print
  • D. show license status


Answer : A

When a User Mode process suddenly crashes, it may create a core dump file. Which of the following information is available in the core dump and may be used to identify the root cause of the crash? i. Program Counter ii. Stack Pointer iii. Memory management information iv. Other Processor and OS flags / information

  • A. i, ii, iii and iv
  • B. i and ii only
  • C. iii and iv only
  • D. Only iii


Answer : C

What file extension should be used with fw monitor to allow the output file to be imported and read in WireShark?

  • A. .cap
  • B. .exe
  • C. .tgz
  • D. .pcap


Answer : A

Which situation triggers an IPS bypass under load on a 24-core Check Point appliance?

  • A. any of the CPU cores is above the threshold for more than 10 seconds
  • B. all CPU core must be above the threshold for more than 10 seconds
  • C. a single CPU core must be above the threshold for more than 10 seconds, but is must be the same core during this time
  • D. the average CPU utilization over all cores must be above the threshold for 1 second


Answer : A

Page:    1 / 5   
Total 81 questions