Use 156-587 Dumps to Obtain Check Point Certification

If you're serious about obtaining the CCTE certification, practicing with Check Point 156-587 dumps questions is a must. By doing so, you'll become familiar with the exam format, identify knowledge gaps, develop time management skills, boost your confidence, and increase your chances of success. So, start practicing 156-587 exam dumps today and give yourself the best chance of passing the 156-587 exam! Test free Check Point Certified Troubleshooting Expert - R81.20 (CCTE) 156-587 exam dumps below.

Page 1 of 4

1. The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel.

Which procedure/command is used for detailed troubleshooting and needs more resources?

fw ctl zdebug Questions and Answers PDF

fw debug/kdebug

fw ctl debug/kdebug

fw debug/kdebug ctl

 Loading...

2. What component is NOT part of Unified policy manager?

Classifier

CMI

Handle

Observer

 Loading...

3. You are using the identity Collector with identity Awareness in large environment. Users report that they cannot access resources on Internet You identify that the traffic is matching the cleanup rule Instead of the proper rule with Access Roles using the IDC.

How can you check if IDC is working?

pdp connections idc

ad query I debug on

pep debug idc on

pdp debug set IDP all

 Loading...

4. For Identity Awareness, what is the PDP process?

Identity server

Log Sifter

Captive Portal Service

UserAuth Database

 Loading...

5. What is the benefit of fw ctl debug over fw ctl zdebug?

There is no difference Both are used for debugging kernel

You don't need timestamps

It allows you to debug multiple modules at the same time

You only need 1MB buffer

 Loading...

6. The FileApp parser in the Content Awareness engine does not extract text from which of the following file types?

Microsoft Office Excel files

Microsoft Office PowerPoint files

Microsoft Office.docx files

PDFs

 Loading...

7. Which kernel process is used by Content Awareness to collect the data from contexts?

A. PDP

B. cpemd

C. dlpda

D. CMI

 Loading...

8. You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore you need to add a timestamp to the kernel debug and write the output to a file but you cant afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs.

What is the correct syntax for this?

A fw ctl kdebug -T -f -m 10 -s 1000000 -o debugfilename

fw ctl debug -T -f-m 10 -s 1000000 -o debugfilename

fw ctl kdebug -T -f -m 10 -s 1000000 > debugfilename

fw ctl kdebug -T -m 10 -s 1000000 -o debugfilename

 Loading...

9. The Check Point Watch Daemon (CPWD) monitors critical Check Point processes, terminating them or restarting them as needed to maintain consistent, stable operating conditions. When checking the status/output of CPWD you are able to see some columns like APP, PID, STAT, START, etc.

What is the column "STAT" used for?

Shows the Watch Dog name of the monitored process

Shows the status of the monitored process

Shows how many times the Watch Dog started the monitored process

Shows what monitoring method Watch Dog is using to track the process

 Loading...

10. What command would you run to verify the communication between the Security Gateway and the Identity Collector?

fw ctl debug -m IDAPI

pdp connections idc

fw ctl debug -m fw + nac

adlog

 Loading...

Page 2 of 4

11. Captive Portal, PDP and PEP run in what space?

User

CPM

FWD

Kernel

 Loading...

12. RAD is initiated when Application Control and URL Filtering blades are active on the Security Gateway.

What is the purpose of the following RAD configuration file $FWDIR/conf/rad_settings.C?

This file contains the location information for Application Control and/or URL Filtering entitlements

This file contains the information on how the Security Gateway reaches the Security Management Server's RAD service for Application Control and URL Filtering

This file contains RAD proxy settings

This file contains all the host name settings for the online application detection engine

 Loading...

13. Which of these packet processing components stores Rule Base matching state-related information?

Classifiers

Manager

Handlers

Observers

 Loading...

14. Your users are having trouble opening a Web page and you need to troubleshoot it. You open the Smart Console, and you get the following message when you navigate to the Logs and Monitor "SmartLog is not active or Failed to parse results from server".

What is the first thing you can try to resolve it?

Run the commands on the SMS: smartlogstart and smartlogstop

smartlog debug on and smartlog debug off

smartlog_server restart

cpmstop and cpmstart

 Loading...

15. What is NOT monitored as a PNOTE by ClusterXL?

TED

Policy

RouteD

VPND

 Loading...

16. What is the proper command for allowing the system to create core files?

service core-dump start

SFWDIR/scripts/core-dump-enable.sh

set core-dump enable >save config

# set core-dump enable # save config

 Loading...

17. Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources such as Application Control and IPS. and compiles them together into unified Pattern Matchers?

Context Loader

PSL - Passive Signature Loader

cpas

CMI Loader

 Loading...

18. What is the name of the VPN kernel process?

VPND

CVPND

FWK

VPNK

 Loading...

19. What are the three main component of Identity Awareness?

Client, SMS and Secure Gateway

Identity Source Identity Server (POP) and Identity Enforcement (PEP)

Identity Awareness Blade on Security Gateway, User Database on Security Management Server and Active Directory

User, Active Directory and Access Role

 Loading...

20. After kernel debug with “fw ctl debug you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to solve this issue

Reduce debug buffer to 1024KB and run debug for several times

Use Check Point InfoView utility to analyze debug output

Use “fw ctl zdebug because of 1024KB buffer size

Divide debug information into smaller files. Use “ fw ctl kdebug -f -o “filename -m 25 - s ‘’1024’’

 Loading...

Page 3 of 4

21. User defined URLS and HTTPS inspection User defined URLs on the Security Gateway are stored in which database file?

https_urif.bin

urlf db.bin

urtf_https.bin

https_db.bin

 Loading...

22. What is the correct syntax to turn a VPN debug on and create new empty debug files'?

vpndebug trunc on

vpn debug truncon

vpn debug trunkon

vpn kdebug on

 Loading...

23. 1.You run a free-command on a gateway and notice that the Swap column is not zero Choose the best answer

A. Utilization of ram is high and swap file had to be used

B. Swap file is used regularly because RAM memory is reserved for management traffic

C. Swap memory is used for heavy connections when RAM memory is full

D. Its ole Swap is used to increase performance

 Loading...

24. You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week Therefore you need to add a timestamp to the kernel debug and write the output to a file.

What is the correct syntax for this?

fw ctl debug -T -f > filename debug

fw ctl kdebug -T -f -o filename debug

fw ell kdebug -T > filename debug

fw ctl kdebug -T -f > filename.debug

 Loading...

25. You run cpwd_admin list on a Security Gateway and notice that the CPM process is not listed. Select the best answer.

The output is different between Gateway and Management Server.

CPM is not running and can’t be monitored by WatchDog.

If you want to monitor CPM, you have to manually add it to WatchDog.

CPM is not there because it has its own monitoring system. Only lower processes are monitored by WatchDog.

 Loading...

26. When a User process or program suddenly crashes, a core dump is often used to examine the problem.

Which command is used to enable the core-dumping via GAIA clish?

set core-dump enable

set core-dump total

set user-dump enable

set core-dump per_process

 Loading...

27. What is the function of the Core Dump Manager utility?

To determine which process is slowing down the system

To send crash information to an external analyzer

To limit the number of core dump files per process as well as the total amount of disk space used by core files

To generate a new core dump for analysis

 Loading...

28. Where do you enable log indexing on the SMS?

SMS object under "Other"

SMS object under "Advanced"

SMS object under "Logs"

SMS object under "General Properties"

 Loading...

29. URL Filtering is an essential part of Web Security in the Gateway.

For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required?

URLF Kernel Client

RAD User Space

RAD Kernel Space

URLF Online Service

 Loading...

30. What is correct about the Resource Advisor (RAD) service on the Security Gateways?

RAD is not a separate module, it is an integrated function of the ‘fw’ kernel module and does all operations in the kernel space

RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization

RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There is no user space involvement in this process

RAD has a kernel module that looks up the kernel cache notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization

 Loading...

Page 4 of 4

31. Which of the following inputs is suitable for debugging HTTPS inspection issues?

fw debug tls on TDERROR_ALL_ALL=5

fw ctl debug -m fw + conn drop cptls

vpn debug cptls on

fw diag debug tls enable

 Loading...

32. You want to fully investigate the VPN establishment, what will you do?

vpn debug and use IKEview

debug FWD because VPND Is child process

use vpn tu command and use option 8 to start debug

use kernel debug with fw ctl debug -m VPN all

 Loading...

33. What is the Security Gateway directory where an administrator can find vpn debug log files generated during Site-to-Site VPN troubleshooting?

SFWDIR/conf/

SCPDIR/conf/

SFWDIR/log/

opt/CPsuiteR80/vpn/log/

 Loading...

 Loading...