156-585 | The Secret Of CheckPoint 156-585 Free Practice Questions

NEW QUESTION 1
What is the correct syntax to set all debug flags for Unified Policy related issues?

• A. fw ctl debug -m UP all
• B. fw ctl debug -m up all
• C. fw ctl kdebug -m UP all
• D. fw ctl debug -m fw all

Answer: A

NEW QUESTION 2
What is the most efficient way to view large fw monitor captures and run filters on the file?

• A. wireshark
• B. CLISH
• C. CLI
• D. snoop

Answer: A

NEW QUESTION 3
For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented, which layer of IPS corrects this to allow for proper inspection?

• A. Passive Streaming Library
• B. Protections
• C. Protocol Parsers
• D. Context Management

Answer: A

NEW QUESTION 4
What table does command “fwaccel conns” pull information from?

• A. fwxl_conns
• B. SecureXLCon
• C. cphwd_db
• D. sxl_connections

Answer: A

NEW QUESTION 5
If IPS protections that prevent SecureXL from accelerating traffic, such as Network Quota, Fingerprint Scrambling. TTL Masking etc, have to be used, what is a recommended practice to enhance the performance of the gateway?

• A. Use the IPS exception mechanism
• B. Disable all such protections
• C. Disable SecureXL and use CoreXL
• D. Upgrade the hardware to include more Cores and Memory

Answer: C

NEW QUESTION 6
What is the main SecureXL database for tracking the acceleration status of traffic?

• A. cphwd_db
• B. cphwd_tmp1
• C. cphwd_dev_conn_table
• D. cphwd_dev_identity_table

Answer: D

NEW QUESTION 7
Check Point's PostgreSQL is partitioned into several relational database domains. Which domain contains network objects and security policies?

• A. User Domain
• B. System Domain
• C. Global Domain
• D. Log Domain

Answer: C

NEW QUESTION 8
What is the simplest and most efficient way to check all dropped packets in real time?

• A. fw ctl zdebug * drop in expert mode
• B. Smartlog
• C. cat /dev/fwTlog in expert mode
• D. tail -f SFWDIR/log/fw log |grep drop in expert mode

Answer: D

NEW QUESTION 9
You are trying to establish a VPN tunnel between two Security Gateways but fail. What initial steps will you make to troubleshoot the issue

• A. capture traffic on both tunnel members and collect debug of IKE and VPND daemon
• B. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags, then collect debug of IKE and VPND daemon
• C. collect debug of IKE and VPND daemon and collect kernel debug for fw module with vm, crypt, conn and drop flags
• D. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags

Answer: A

NEW QUESTION 10
The Check Pom! Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process There are two procedures available for debugging the firewall kernel Which procedure/command is used for troubleshooting packet drops and other kernel activites while using minimal resources (1 MB buffer)?

• A. fw ctl zdebug
• B. fw ctl debug/kdebug
• C. fwk ctl debug
• D. fw debug ctl

Answer: A

NEW QUESTION 11
You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file but you can’t afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs. What is the correct syntax for this?

• A. fw ctl kdebug -T -f -m 10 -s 1000000 -o debugfilename
• B. fw ctl kdebug -T -f -m 10 -s 1000000 > debugfilename
• C. fw ctl kdebug -T -m 10 -s 1000000 -o debugfilename
• D. fw ctl debug -T -f -m 10 -s 1000000 -o debugfilename

Answer: D

NEW QUESTION 12
Which situation triggers an IPS bypass under load on a 24-core Check Point appliance?

• A. any of the CPU cores is above the threshold for more than 10 seconds
• B. all CPU core most be above the threshold for more than 10 seconds
• C. a single CPU core must be above the threshold for more than 10 seconds, but is must be the same core during this time
• D. the average cpu utilization over all cores must be above the threshold for 1 second

Answer: A

NEW QUESTION 13
The customer is using Check Point appliances that were configured long ago by third-party administrators. Current policy includes different enabled IPS protections and Bypass Under Load function. Bypass Under Load is configured to disable IPS inspections of CPU and Memory usage is higher than 80%. The Customer reports that IPS protections are not working at all regardless of CPU and Memory usage.
What is the possible reason of such behavior?

• A. The kernel parameter ids_assume_stress is set to 0
• B. The kernel parameter ids_assume_stress is set to 1
• C. The kernel parameter ids_tolerance_no_stress is set to 10
• D. The kernel parameter ids_tolerance_stress is set to 10

Answer: D

NEW QUESTION 14
What is NOT a benefit of the fw ctl zdebug command?

• A. Cannot be used to debug additional modules
• B. Collect debug messages from the kernel
• C. Clean the buffer
• D. Automatically allocate a 1MB buffer

Answer: A

NEW QUESTION 15
How many captures does the command "fw monitor -p all" take?

• A. All 15 of the inbound and outbound modules
• B. All 4 points of the fw VM modules
• C. 1 from every inbound and outbound module of the chain
• D. The -p option takes the same number of captures, but gathers all of the data packet

Answer: C

NEW QUESTION 16
Troubleshooting issues with Mobile Access requires the following:

• A. Standard VPN debugs, packet captures, and debugs of cvpnd' process on Security Gateway
• B. Standard VPN debugs and packet captures on Security Gateway, debugs of "cvpnd' process on Security Management
• C. 'ma_vpnd' process on Secunty Gateway
• D. Debug logs of FWD captured with the command - 'fw debug fwd on TDERROR_MOBILE_ACCESS=5'

Answer: A

NEW QUESTION 17
What is the name of the VPN kernel process?

• A. VPNK
• B. VPND
• C. CVPND
• D. FWK

Answer: A

NEW QUESTION 18
PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell Which command do you need to enter the PostgreSQL interactive shell?

• A. psql_client cpm postgres
• B. mysql_client cpm postgres
• C. psql_c!ieni postgres cpm
• D. mysql -u root

Answer: A

NEW QUESTION 19
John has renewed his NGTX License but he gets an error (contract for Anti-Bot expired). He wants to check the subscription status on the CU of the gateway, what command can he use for this?

• A. cpstat antimalware -f subscription_status
• B. fw monitor license status
• C. fwm lie print
• D. show license status

Answer: A

NEW QUESTION 20
Jenna has to create a VPN tunnel to a CISCO ASA but has to set special property to renegotiate the Phase 2 tunnel after 10 MB of transferee1 data. This can not be configured in the smartconsole, so how can she modify this property?

• A. using GUIDBEDIT located in same directory as Smartconsole on the Windows client
• B. she need to install GUIDBEDIT which can be downloaded from the Usercenter
• C. she need to run GUIDBEDIT from CLISH which opens a graphical window on the smartcenter
• D. this cant be done anymore as GUIDBEDIT is not supported in R80 anymore

Answer: C

NEW QUESTION 21
......