Most Up-to-date Check Point Certified Troubleshooting Expert 156-585 Questions Pool

NEW QUESTION 1
What does SIM handle?

• A. Accelerating packets
• B. FW kernel to SXL kernel hand off
• C. OPSEC connects to SecureXL
• D. Hardware communication to the accelerator

Answer: D

NEW QUESTION 2
What acceleration mode utilizes multi-core processing to assist with traffic processing?

• A. CoreXL
• B. SecureXL
• C. HyperThreading
• D. Traffic Warping

Answer: C

NEW QUESTION 3
If IPS protections that prevent SecureXL from accelerating traffic, such as Network Quota, Fingerprint Scrambling. TTL Masking etc, have to be used, what is a recommended practice to enhance the performance of the gateway?

• A. Use the IPS exception mechanism
• B. Disable all such protections
• C. Disable SecureXL and use CoreXL
• D. Upgrade the hardware to include more Cores and Memory

Answer: C

NEW QUESTION 4
VPN's allow traffic to pass through the Internet securely by encrypting the traffic as it enters the VPN tunnel and then decrypting the exists. Which process is responsible for Mobile VPN connections?

• A. cvpnd
• B. vpnd
• C. vpnk
• D. fwk

Answer: C

NEW QUESTION 5
The Check Pom! Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process There are two procedures available for debugging the firewall kernel Which procedure/command is used for troubleshooting packet drops and other kernel activites while using minimal resources (1 MB buffer)?

• A. fw ctl zdebug
• B. fw ctl debug/kdebug
• C. fwk ctl debug
• D. fw debug ctl

Answer: A

NEW QUESTION 6
During firewall kernel debug with fw ctl zdebug you received less information than expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?

• A. Increase debug buffer; Use fw ctl debug –buf 32768
• B. Redirect debug output to file; Use fw ctl zdebug –o ./debug.elg
• C. Increase debug buffer; Use fw ctl zdebug –buf 32768
• D. Redirect debug output to file; Use fw ctl debug –o ./debug.elg

Answer: A

NEW QUESTION 7
Check Point provides tools & commands to help you to identify issues about products and applications. Which Check Point command can help you to display status and statistics information for various Check Point products and applications?

• A. cpstat
• B. CPstat
• C. CPview
• D. fwstat

Answer: A

NEW QUESTION 8
What process monitors, terminates, and restarts critical Check Point processes as necessary?

• A. CPWD
• B. CPM
• C. FWD
• D. FWM

Answer: A

NEW QUESTION 9
Where will the usermode core files be located?

• A. /var/log/dump/usermode
• B. /var/suroot
• C. SFWDlR/var'log/dump/usermode
• D. SCPDIR/var/log/dump/usermode

Answer: A

NEW QUESTION 10
What command is usually used for general firewall kernel debugging and what is the size of the buffer that is automatically enabled when using the command?

• A. fw ctl debug, buffer size is 1024 KB
• B. fw ell zdebu
• C. buffer size is 32768 KB
• D. fw dl zdebug, buffer size is 1 MB
• E. fw ctl kdeou
• F. buffer size is 32000 KB

Answer: D

NEW QUESTION 11
What are some measures you can take to prevent IPS false positives?

• A. Exclude problematic services from being protected by IPS (sip, H 323, etc )
• B. Use IPS only in Detect mode
• C. Use Recommended IPS profile
• D. Capture packet
• E. Update the IPS database, and Back up custom IPS files

Answer: A

NEW QUESTION 12
The customer is using Check Point appliances that were configured long ago by third-party administrators. Current policy includes different enabled IPS protections and Bypass Under Load function. Bypass Under Load is configured to disable IPS inspections of CPU and Memory usage is higher than 80%. The Customer reports that IPS protections are not working at all regardless of CPU and Memory usage.
What is the possible reason of such behavior?

• A. The kernel parameter ids_assume_stress is set to 0
• B. The kernel parameter ids_assume_stress is set to 1
• C. The kernel parameter ids_tolerance_no_stress is set to 10
• D. The kernel parameter ids_tolerance_stress is set to 10

Answer: D

NEW QUESTION 13
Which of the following inputs is suitable for debugging HTTPS inspection issues?

• A. vpn debug cptls on
• B. fw ctl debug –m fw + conn drop cptls
• C. fw diag debug tls enable
• D. fw debug tls on TDERROR_ALL_ALL=5

Answer: B

NEW QUESTION 14
Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation files and communications with Threat Cloud?

• A. ctasd
• B. inmsd
• C. ted
• D. scrub

Answer: C

Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=

NEW QUESTION 15
Which situation triggers an IPS bypass under load on a 24-core Check Point appliance?

• A. any of the CPU cores is above the threshold for more than 10 seconds
• B. all CPU core most be above the threshold for more than 10 seconds
• C. a single CPU core must be above the threshold for more than 10 seconds, but is must be the same core during this time
• D. the average cpu utilization over all cores must be above the threshold for 1 second

Answer: A

NEW QUESTION 16
What file contains the RAD proxy settings?

• A. rad_settings.C
• B. rad_services.C
• C. rad_scheme.C
• D. rad_control.C

Answer: A

NEW QUESTION 17
What are the maximum kernel debug buffer sizes, depending on the version

• A. 8MB or 32MB
• B. 8GB or 64GB
• C. 4MB or 8MB
• D. 32MB or 64MB

Answer: A

NEW QUESTION 18
James is using the same filter expression in fw monitor for CITRIX very often and instead of typing this all the time he wants to add it as a macro to the fw monitor definition file. What’s the name and location of this file?

• A. $FWDIR/lib/fwmonltor.def
• B. $FWDIR/conf/fwmonltor.def
• C. $FWDIR/lib/tcpip.def
• D. $FWDIR/lib/fw.monitor

Answer: A

NEW QUESTION 19
Which kernel process is used by Content Awareness to collect the data from contexts?

• A. dlpda
• B. PDP
• C. cpemd
• D. CMI

Answer: D

NEW QUESTION 20
......