156-587 Exam Dumps : Check Point Certified Troubleshooting Expert - R81.20 (CCTE)

The process responsible for log indexing and text searching is solr, which is a child process of cpm. The solr process is responsible for indexing the logs and providing the search engine for SmartLog and SmartConsole. The solr process is started by the cpm process and can be monitored by the command cpwd_admin list. The solr process uses the PostgreSQL database to store the indexed data and the Lucene library to perform the text search. The solr process can be affected by various factors, such as the size and number of log files, the hardware resources, the network connectivity, and the configuration settings. If the solr process is not running correctly, the administrator may experience issues with log indexing and text searching, such as slow performance, missing logs, or incorrect results. 

While specific Check Point CCTE R81.20 official documentation that explicitly singles out "Handlers" from the given options as the sole component for storing Rule Base matching state-related information is not readily available in the provided search snippets, CCTE exam preparation materials consistently point to "Handlers" as the correct answer for this question.

In the broader context of Check Point's packet processing and Unified Policy architecture, several components are involved in rule base matching:

According to Check Point's sk120964 - ATRG: Unified Policy (relevant for R81.20):

Connection/Transaction: This logical entity "Saves rulebase matching state and classification objects (CLOBs)."

Manager: This component acts as a "Mediator between other components. Responsible for the whole rule base execution process. Creates connection/transactions, as required. Sends logs."  

Classifiers: These are "CMI_LOADER applications" (e.g., Network, Identity, Application Control) that provide classification data (CLOBs) used in the matching process.

Observers: An "Observer is a unit collecting CLOBs for classification refinement."

"Handlers" in a general firewall architecture are typically components (which can be kernel modules or processes) responsible for managing active connections and their progression through policy enforcement. As such, they would inherently be involved in maintaining and accessing state information related to rule base matching for those connections. The "Connection/Transaction" objects, which store the rule base matching state, are created by the Manager and would be managed by such Handlers during the lifecycle of a connection.

Therefore, in the context of the CCTE R81.20 exam, "Handlers" are understood to be the packet processing components that store this Rule Base matching state-related information. The state itself is conceptually saved within Connection/Transaction objects, which are orchestrated by the Manager and utilized by various processing components often referred to as Handlers.

Reference (based on Unified Policy component roles from official Check Point documentation):

Check Point Support Center sk120964: ATRG: Unified Policy. (Last Modified: 2024-12-29, relevant for R81.20)."Connection/Transaction. Saves rulebase matching state and classification objects (CLOBs)."

"Manager. Mediator between other components. Responsible for the whole rule base execution process. Creates connection/transactions, as required.