New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Checkpoint 156-582 Dumps Questions Answers

Page: 1 / 6
Total 75 questions

Check Point Certified Troubleshooting Administrator - R81.20 (CCTA) Questions and Answers

Question 1

UserCenter/PartnerMAP access is based on what criteria?

Options:

A.

The certification level achieved by employees of an organization.

B.

User permissions assigned to company contacts.

C.

The certification level achieved by the partner.

D.

The level of Support purchased by a company manager.

Buy Now
Question 2

Which of the following is the most significant impact of not having a valid Policy Management license installed on a management server?

Options:

A.

Inability to make rule changes

B.

Inability to install policies

C.

Inability to review logs

D.

Inability to log in to SmartConsole

Question 3

When is the Enable Bypass Under Load used in IPS?

Options:

A.

When the threshold is reached for connections and throughput

B.

When there is a problem with IPS and connectivity cannot be guaranteed

C.

When the threshold is reached for CPU and memory

D.

When there is an ongoing attack, the Security Gateway puts its state to maintenance mode to prevent attackers from breaching the network

Question 4

Which of the following allows you to capture packets at four inspection points as they traverse a Check Point gateway?

Options:

A.

tcpdump

B.

Firewall logs

C.

Kernel debugs

D.

fw monitor

Question 5

How many captures does the command "fw monitor -p all" take?

Options:

A.

All 15 of the inbound and outbound modules

B.

The -p option takes the same number of captures, but gathers all of the data packet

C.

1 from every inbound and outbound module of the chain

D.

All 4 points of the fw VM modules

Question 6

What is the name of the Software Blade Package containing CDR (Content Disarm & Reconstruction) and Zero Day protection?

Options:

A.

TE - Threat Emulation

B.

SNBT - Sandblast

C.

NGTX - Next Generation Threat Prevention and Extraction

D.

NGTP - Next Generation Threat Prevention

Question 7

You want to work with a license for your gateway in User Center portal, but all options are greyed out. What is the reason?

Options:

A.

Your account has classification permission to Viewer

B.

Your account has classification permission to Licenser

C.

You are not defined as Support Contact

D.

Your account does not have any rights

Question 8

After reviewing the Install Policy report and error codes listed in it, you need to check if the policy installation port is open on the Security Gateway. What is the correct port to check?

Options:

A.

19009

B.

18190

C.

18210

D.

18191

Question 9

The communication between the Security Management Server and Security Gateway to forward logs is done using the following process and port number:

Options:

A.

fwd, TCP 257

B.

cpm, 19009

C.

fwm, TCP 18190

D.

fwm, TCP 257

Question 10

How would you check the connection status of a gateway to the Log server?

Options:

A.

Run netstat -anp | grep :257 in CLISH on Log server

B.

Run netstat -anp | grep :257 in expert mode on Log server

C.

Run netstat -anp | grep :18187 in expert mode on Log server

D.

Run netstat -anp | grep :18187 in CLISH on Log server

Question 11

You were asked to set up logging for a rule to log a full list of URLs when the rule hits in the Rule Base. How do you accomplish that?

Options:

A.

Set Extended logging under rule log type

B.

Click on the rule, column logging and set "log URL" under application control blade layer

C.

All URLs are logged by default

D.

For URL logging you need to modify blade settings of URL filtering blade under SmartConsole, Manage & Settings, blades, URL filtering

Question 12

You want to print the status of WatchDog-monitored processes. What command best meets your needs?

Options:

A.

cpwd_admin list

B.

tcpdump

C.

cppcap

D.

cpplic print

Question 13

What are some measures you can take to prevent IPS false positives?

Options:

A.

Capture packets, Update the IPS database, and Back up custom IPS files

B.

Use Recommended IPS profile

C.

Use IPS only in Detect mode

D.

Exclude problematic services from being protected by IPS (sip, H.323, etc.)

Question 14

After deploying a new Static NAT configuration, traffic is not getting through. What command would you use to troubleshoot internal problems with the NAT traffic?

Options:

A.

fw ctl kdebug + xlate xltrc nat

B.

cp ctl zdebug + xlate xltrc nat

C.

fw ctl zdebug + xlate xltrc nat

D.

cp ctl kdebug + xlate xltrc nat

Question 15

What is the most efficient way to view large fw monitor captures and run filters on the file?

Options:

A.

snoop

B.

CLI

C.

CLISH

D.

Wireshark

Question 16

You tested the connection from source to destination and you are not able to find logs in your Security Management. What is the best possible reason?

Options:

A.

The FWM process crashed on Security Management, therefore logging will not work.

B.

There is not enough storage in Security Management, so the logs can't be stored.

C.

The logging blade was not enabled on Security Gateway.

D.

The gateway is logging locally.

Question 17

After deploying a Hide NAT for a new network, users are unable to access the Internet. What command would you use to check the internal NAT behavior?

Options:

A.

cp ctl kdebug + xlate xltrc nat

B.

fw ctl zdebug + xlate xltrc nat

C.

cp ctl zdebug + xlate xltrc nat

D.

fw ctl kdebug + xlate xltrc nat

Question 18

SmartConsole closes immediately, what is the most likely reason?

Options:

A.

The process crashed in kernel space

B.

The process crashed in user space

C.

The user idle time expired and SmartConsole disconnected the user

D.

The Security Management server rejected the client connection

Question 19

The URL filtering cache limit exceeded. What issues can this cause?

Options:

A.

When URL filtering cache exceeds the limit, it will be disabled temporarily to overcome instability of the system

B.

RAD process will spawn multiple times to help populate the cache

C.

Resource Advisor (RAD) process on the Security Gateway consumes close to 100 percent of the CPU

D.

Nothing, the Security Gateway dynamically raises the cache when needed

Question 20

What is the name of a protocol for VPN establishment and negotiation?

Options:

A.

NAT-T

B.

IPsec

C.

VPN

D.

IKE

Question 21

How do you verify that Proxy ARP entries are loaded into the kernel?

Options:

A.

fw ctl arp

B.

show arp dynamic all

C.

This information can be viewed in the logs, under NAT section of log, field: Proxy ARP entry

D.

fw ctl get arp list all

Question 22

Services with expired licenses and contracts have,

Options:

A.

full functionality for 90 days after they expire

B.

full functionality for 45 days after they expire

C.

no functionality

D.

limited functionality

Page: 1 / 6
Total 75 questions