Independence Day Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

156-585 Exam Dumps - Check Point Certified Troubleshooting Expert

Question # 4

What are some measures you can take to prevent IPS false positives?

A.

Exclude problematic services from being protected by IPS (sip, H 323, etc )

B.

Use IPS only in Detect mode

C.

Use Recommended IPS profile

D.

Capture packets. Update the IPS database, and Back up custom IPS files

Full Access
Question # 5

RAD is initiated when Application Control and URL Filtering blades are active on the Security Gateway What is the purpose of the following RAD configuration file SFWDIR/conf/rad_settings.C?

A.

This file contains the location information tor Application Control and/or URL Filtering entitlements

B.

This file contains the information on how the Security Gateway reaches the Security Managers RAD service for Application Control and URL Filtering

C.

This file contains RAD proxy settings

D.

This file contains all the host name settings for the online application detection engine

Full Access
Question # 6

Check Point provides tools & commands to help you to identify issues about products and applications. Which Check Point command can help you to display status and statistics information for various Check Point products and applications?

A.

cpstat

B.

CPstat

C.

CPview

D.

fwstat

Full Access
Question # 7

Which of the following is NOT a vpn debug command used for troubleshooting?

A.

fw ctl debug -m fw + conn drop vm crypt

B.

vpn debug trunc

C.

pclient getdata sslvpn

D.

vpn debug on TDERROR_ALL_ALL=5

Full Access
Question # 8

How many captures does the command "fw monitor -p all" take?

A.

All 15 of the inbound and outbound modules

B.

All 4 points of the fw VM modules

C.

1 from every inbound and outbound module of the chain

D.

The -p option takes the same number of captures, but gathers all of the data packet

Full Access
Question # 9

What is the function of the Core Dump Manager utility?

A.

To generate a new core dump for analysis

B.

To limit the number of core dump files per process as well as the total amount of disk space used by core files

C.

To determine which process is slowing down the system

D.

To send crash information to an external analyzer

Full Access
Question # 10

Check Point Access Control Daemons contains several daemons for Software Blades and features Which Daemon is used for Application & Control URL Filtering?

A.

rad

B.

cprad

C.

pepd

D.

pdpd

Full Access
Question # 11

What are the four ways to insert an FW Monitor into the firewall kernel chain?

A.

Relative position using location, relative position using alias, absolute position, all positions

B.

Absolute position using location, absolute position using alias, relative position, all positions

C.

Absolute position using location, relative position using alias, general position, all positions

D.

Relative position using geolocation, relative position using inertial navigation, absolute position, all positions

Full Access
Question # 12

Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation files and communications with Threat Cloud?

A.

ctasd

B.

inmsd

C.

ted

D.

scrub

Full Access
Question # 13

If you run the command "fw monitor -e accept src=10.1.1.201 or src=172.21.101.10 or src=192.0.2.10;" from the cli sh What will be captured?

A.

Packets from 10 1 1 201 going to 192.0 2.10

B.

Packets destined to 172 21 101 10 from 10.1.1.101

C.

Only packet going to 192.0.2.10

D.

fw monitor only works in expert mode so no packets will be captured

Full Access
Question # 14

For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented, which layer of IPS corrects this to allow for proper inspection?

A.

Passive Streaming Library

B.

Protections

C.

Protocol Parsers

D.

Context Management

Full Access
Question # 15

What are the main components of Check Point's Security Management architecture?

A.

Management server, management database, log server, automation server

B.

Management server, Security Gateway. Multi-Domain Server, SmartEvent Server

C.

Management Server. Log Server. LDAP Server, Web Server

D.

Management server Log server, Gateway server. Security server

Full Access
Question # 16

What is the kernel process for Content Awareness that collects the data from the contexts received from the CMI and decides if the file is matched by a data type?

A.

dlpda

B.

dlpu

C.

cntmgr

D.

cntawmod

Full Access
Question # 17

An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution she wants to check if the process responsible for this feature is running correctly. What is true about the related process?

A.

fwm manages this database after initialization of the ICA

B.

cpd needs to be restarted manual to show in the list

C.

fwssd crashes can affect therefore not show in the list

D.

solr is a child process of cpm

Full Access