CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Checkpoint 156-586 Dumps Questions Answers

Page: 1 / 6
Total 75 questions
Get 156-586 Full Access Download 156-586 PDF

Check Point Certified Troubleshooting Expert - R81 (CCTE) Questions and Answers

Question 1

The two procedures available for debugging in the firewall kernel are

i. fw ctl zdebug

ii. fw ctl debug/kdebug

Choose the correct statement explaining the differences in the two

Options:

A.

(i) is used to debug only issues related to dropping of traffic, however (ii) can be used for any firewall issue including NATing, clustering etc.

B.

(i) is used to debug the access control policy only, however (ii) can be used to debug a unified policy

C.

(i) is used on a Security Gateway, whereas (ii) is used on a Security Management Server

D.

(i) is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to getan output via command line whereas (ii) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line

Buy Now
Question 2

The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?

Options:

A.

fw debug/kdebug

B.

fw ctl zdebug

C.

fw debug/kdebug ctl

D.

fw ctl debug/kdebug

Question 3

You do not see logs in the SMS. When you login on the SMS shell and run cpwd_admin list you notice that the RFL process is with status T. What command can you run to try to resolve it?

Options:

A.

RFLstop and RFLstart

B.

evstart and evstop

C.

smartlog_server stop and smartlog_server restart

D.

rflsop and rflstart

Question 4

What is correct about the Resource Advisor (RAD) service on the Security Gateways?

Options:

A.

RAD functions completely in user space. The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization

B.

RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization. There is no user space involvement in this process

C.

RAD is not a separate module, it is an integrated function of the W kernel module and does all operations in the kernel space

D.

RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization

Question 5

URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required?

Options:

A.

RAD User Space

B.

URLF Online Service

C.

URLF Kernel Client

D.

RAD Kernel Space

Question 6

What information does the doctor-log script supply?

Options:

A.

Logging errors. Exceptions, Repair options

B.

Current and daily average logging rates. Indexing status, Size

C.

Logging rates. Logging Directories, List of troubleshooting tips

D.

Repair options. Logging Rates, Logging Directories

Question 7

That is the proper command for allowing the system to create core files?

Options:

A.

$FWDIR/scripts/core-dump-enable.sh

B.

# set core-dump enable

# save config

C.

> set core-dump enable

> save config

D.

service core-dump start

Question 8

PostgreSQL is a powerful, open source relational database management system. Check Point offers a command for viewing the database to interact with Postgres interactive shell. Which command do you need to enter the PostgreSQL interactive shell?

Options:

A.

mysql_client cpm postgres

B.

mysql -u root

C.

psql_client cpm postgres

D.

psql_client postgres cpm

Question 9

Which of the following daemons is used for Threat Extraction?

Options:

A.

tedex

B.

extractd

C.

tex

D.

scrubd

Question 10

For Identity Awareness, what is the PDP process?

Options:

A.

Identity server

B.

Log Sifter

C.

Captive Portal Service

D.

UserAuth Database

Question 11

What version of Check Point can Security Gateways begin dynamically distributing Logs between log servers?

Options:

A.

R81

B.

R77

C.

R30

D.

R75

Question 12

What is the port for the Log Collection on Security Management Server?

Options:

A.

253

B.

443

C.

18191

D.

257

Question 13

SmartEvent utilizes the Log Server, Correlation Unit and SmartEvent Server to aggregate logs and identify security events. The three main processes that govern these SmartEvent components are:

Options:

A.

cpcu, cplog, cpse

B.

eventiasv, eventiarp,eventiacu

C.

cpsemd, cpsead, and DBSync

D.

fwd, secu, sesrv

Question 14

An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution she wants to check if the process responsible for this feature is running correctly. What is true about the related process?

Options:

A.

cpd needs to be restarted manual to show in the list

B.

fwm manaqes this database after initialization of the 1CA

C.

solr is a child process of cpm

D.

fwssd crashes can affect therefore not show in the list

Question 15

Which of the following inputs is suitable for debugging HTTPS inspection issues?

Options:

A.

fw debug tls on TDERROR_ALL_ALL=5

B.

fw ctl debug -m fw + conn drop cptls

C.

vpn debug cptls on

D.

fw diag debug tls enable

Question 16

Captive Portal, PDP and PEP run in what space?

Options:

A.

Kernel

B.

User

C.

CPM

D.

FWD

Question 17

When dealing with monolithic operating systems such as Gaia, where are system calls initiated from to achieve a required system level function?

Options:

A.

Kernel Mode

B.

User Mode

C.

Slow Path

D.

Medium Path

Question 18

What command(s) will turn off all vpn debug collection?

Options:

A.

fw ctl debug 0

B.

vpn debug -a off

C.

vpn debug off

D.

vpn debug off and vpn debug ikeoff

Question 19

Your users have some issues connecting with Mobile Access VPN to your gateway. How can you debug the tunnel establishment?

Options:

A.

in the file $CVPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run cvpnrestart

B.

in the file $VPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run vpn restart

C.

run vpn debug truncon

D.

run fw ctl zdebug -m sslvpn all

Question 20

Which of the following would NOT be a flag when debugging a unified policy?

Options:

A.

tls

B.

rulebase

C.

clob

D.

connection

Question 21

What is the simplest and most efficient way to check all dropped packets in real time?

Options:

A.

tail -f $FWDIR/log/fw.log |grep drop in expert mode

B.

cat /dev/fw1/log in expert mode

C.

fw ctl zdebug + drop in expert mode

D.

Smartlog

Question 22

VPN's allow traffic to pass through the Internet securely by encrypting the traffic as it enters the VPN tunnel and then decrypting the traffic as it exists. Which process is responsible for Mobile VPN connections?

Options:

A.

cvpnd

B.

vpnk

C.

fwk

D.

vpnd

Exam Detail
Vendor: Checkpoint
Certification: Checkpoint Other Certification
Exam Code: 156-586
Exam Name: Check Point Certified Troubleshooting Expert - R81 (CCTE)
Last Update: Jan 15, 2025
156-586 Question Answers
Page: 1 / 6
Total 75 questions
Get 156-586 Full Access Download 156-586 PDF