156-585 Online Practice Questions and Answers

After kernel debug with "fw ctl debug" you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to solve this issue.

A. Use "fw ctl zdebug' because of 1024KB buffer size

B. Divide debug information into smaller files Use "fw ctl kdebug -f -o "filename" -m 25 - s "1024"

C. Reduce debug buffer to 1024KB and run debug for several times

D. Use Check Point InfoView utility to analyze debug output

Which kernel process is used by Content Awareness to collect the data from contexts?

A. dlpda

B. PDP

C. cpemd

D. CMI

Some users from your organization have been reporting some connection problems with CIFS since this morning

You suspect an IPS issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS chain module (position 4 in the chain) to check If the packets pass the IPS. What command do you need to run?

A. fw monitor -ml -pi 5 -e

B. fw monitor -pi 5 -e

C. tcpdump -eni any

D. fw monitor -pi asm

Which situation triggers an IPS bypass under load on a 24-core Check Point appliance?

A. any of the CPU cores is above the threshold for more than 10 seconds

B. all CPU core most be above the threshold for more than 10 seconds

C. a single CPU core must be above the threshold for more than 10 seconds, but is must be the same core during this time

D. the average cpu utilization over all cores must be above the threshold for 1 second

Which of the following is contained in the System Domain of the Postgres database?

A. Saved queries for applications

B. Configuration data of log servers

C. Trusted GUI clients

D. User modified configurations such as network objects

Check Point Access Control Daemons contains several daemons for Software Blades and features. Which Daemon is used for Application and Control Filtering?

A. rad

B. cprad

C. pepd

D. pdpd

Which command is most useful for debugging the fwaccel module?

A. fw zdebug

B. securexl debug

C. fwaccel dbg

D. fw debug

Check Point Threat Prevention policies can contain multiple policy layers and each layer consists of its own Rule Base

Which Threat Prevention daemon is used for Anti-virus?

A. in.emaild.mta

B. in.msd

C. ctasd

D. in emaild

What is the function of the Core Dump Manager utility?

A. To generate a new core dump for analysis

B. To limit the number of core dump files per process as well as the total amount of disk space used by core files

C. To determine which process is slowing down the system

D. To send crash information to an external analyzer

What is the most efficient way to view large fw monitor captures and run filters on the file?

A. wireshark

B. CLISH

C. CLI

D. snoop