CheckPoint 156-585 Exam Practice Test Instant Access

Question 1

Which Threat Prevention Daemon is the core Threat Emulation engine and responsible for emulation files and communications with Threat Cloud?

Actasd

Bin.msd

Cted

Dscrub

Answer : C

Question 2

An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution she wants to check if the process responsible for this feature is running correctly. What is true about the related process?

Afwm manages this database after initialization of the ICA

Bcpd needs to be restarted manual to show in the list

Cfwssd crashes can affect therefore not show in the list

Dsolr is a child process of cpm

Answer : D

Question 3

You are trying to establish a VPN tunnel between two Security Gateways but fail. What initial steps will you make to troubleshoot the issue

Acapture traffic on both tunnel members and collect debug of IKE and VPND daemon

Bcapture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags, then collect debug of IKE and VPND daemon

Ccollect debug of IKE and VPND daemon and collect kernel debug for fw module with vm, crypt, conn and drop flags

Dcapture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags

Answer : A

Question 4

Which daemon governs the Mobile Access VPN blade and works with VPND to create Mobile Access VPN connections? It also handles interactions between HTTPS and the Multi-Portal Daemon.

AConnectra VPN Daemon - cvpnd

BMobile Access Daemon - MAD

Cmvpnd

DSSL VPN Daemon - sslvpnd

Answer : A

Question 5

What are the maximum kernel debug buffer sizes, depending on the version

A8MB or 32MB

B8GB or 64GB

C4MB or 8MB

D32MB or 64MB

Answer : A

Question 6

Some users from your organization have been reporting some connection problems with CIFS since this morning You suspect an IPS issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS chain module (position 4 in the chain) to check If the packets pass the IPS. What command do you need to run?

Afw monitor -ml -pi 5 -e <filterexperession>

Bfw monitor -pi 5 -e <filterexptession>

Ctcpdump -eni any <filterexpression>

Dfw monitor -pi asm <filtefexpfession>

Answer : C

Question 7

You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For configuration you used the *fw ctl set' command After reboot you noticed that these parameters returned to their default values What do you need to do to make this configuration work immediately and stay permanent?

ASet these parameters again with ''fw ctl set'' and edit appropriate parameters in $FWDIR/boot/modules/ fwkern.conf

BUse script $FWDIR/bin IpsSetBypass.sh to set these parameters

CSet these parameters again with ''fw ctl set'' and save configuration with ''save config''

DEdit appropriate parameters in $FWDIR/boot/modules/fwkern.conf
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62848&partition=Advanced&product=IPS

Answer : A

CheckPoint 156-585 Check Point Certified Troubleshooting Expert Exam Practice Test