CheckPoint 156-587 Exam Practice Test Instant Access

Question 1

Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources such as Application Control and IPS. and compiles them together into unified Pattern Matchers?

AContext Loader

BPSL - Passive Signature Loader

Ccpas

DCMI Loader

Answer : B

Question 2

What is the function of the Core Dump Manager utility?

ATo determine which process is slowing down the system

BTo send crash information to an external analyzer

CTo limit the number of core dump files per process as well as the total amount of disk space used by core files

DTo generate a new core dump for analysis

Answer : C

The Core Dump Manager (CDM) is a utility that helps manage core dump files on Check Point systems. Its main functions include:

Limiting file size and number: CDM can be configured to limit the size of individual core dump files and the total amount of disk space used for core dumps. This prevents core dumps from filling up valuable disk space.

Compression: CDM can compress core dump files to reduce their storage size. This is particularly helpful when dealing with large core dumps.

Process filtering: CDM allows you to specify which processes should be allowed to generate core dumps. This can help prevent unnecessary core dumps from being created.

Remote collection: CDM can be configured to send core dump files to a remote server for analysis. This is useful in environments where direct access to the system generating the core dump is limited.

By using CDM, you can effectively manage core dump files and ensure that they are not overwhelming your system's resources.

Question 3

The management configuration stored in the Postgres database is partitioned into several relational database domains. What is the purpose of the Global Domain?

AGlobal Domains is used by the IPS software blade to map the IDs to the corresponding countries according to the IpToCountry.csv file.

BThis domain is used as the global database to back up the objects referencing the corresponding object attributes from the System Domain.

CThis domain is used as the global database to track the changes made by multiple administrators on the same objects prior to publishing.

DThis domain is used as the global database for MDSM and contains global objects and policies.

Answer : D

The Global Domain is one of the relational database domains in the Postgres database that stores the management configuration. The purpose of the Global Domain is to serve as the global database for Multi-Domain Security Management (MDSM) and contain the global objects and policies that are shared across all domains. The Global Domain also stores the global settings, such as the administrator roles, the LDAP servers, the IPS profiles, and the SmartEvent views. The Global Domain can be managed by the Global Domain Administrator or the Super User Administrator using the SmartConsole. The Global Domain can be backed up and restored using the mds_backup and mds_restore commands.

1: Architecture and Processes - Check Point Software

2: Multi-Domain Security Management R81.10 Administration Guide

3: How to backup and restore Multi-Domain Security Management Server

Question 4

What is the benefit of fw ctl debug over fw ctl zdebug?

AThere is no difference Both are used for debugging kernel

BYou don't need timestamps

CIt allows you to debug multiple modules at the same time

DYou only need 1MB buffer

Answer : C

Question 5

You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore you need to add a timestamp to the kernel debug and write the output to a file

but you cant afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs What is the correct syntax for this?

AA fw ctl kdebug -T -f -m 10 -s 1000000 -o debugfilename

Bfw ctl debug -T -f-m 10 -s 1000000 -o debugfilename

Cfw ctl kdebug -T -f -m 10 -s 1000000 > debugfilename

Dfw ctl kdebug -T -m 10 -s 1000000 -o debugfilename

Answer : A

Question 6

John has renewed his NPTX License but he gets an error (contract for Anti-Bot expired). He wants to check the subscription status on the CLI of the gateway, what command can he use for this?

Afwm lie print

Bfw monitor license status

Ccpstat antimalware-f subscription status

Dshow license status

Answer : D

The correct command to check the subscription status on the CLI of the gateway isshow license status. This command displays the current license information, such as the license type, expiration date, and subscription status for various blades, such as Anti-Bot, Anti-Virus, IPS, etc. The command also shows the contract status for each blade, such as valid, expired, or invalid. If John has renewed his NPTX license, but he gets an error that the contract for Anti-Bot expired, he can use this command to verify the contract status and the subscription status for the Anti-Bot blade.

The other commands are incorrect because:

A . fwm lie print is not a valid command. The correct command isfwm lic print, which displays the license information on the Security Management Server, not on the gateway. This command does not show the subscription status or the contract status for the blades.

B . fw monitor license status is not a valid command. The correct command isfw monitor, which is a tool for capturing network traffic on the gateway, not for checking the license status.

C . cpstat antimalware-f subscription status is not a valid command. The correct command iscpstat antimalware -f subscription_status, which displays the subscription status for the Anti-Virus blade, not for the Anti-Bot blade. This command does not show the contract status for the blade.

How to check the contract status and expiration date of the Check Point products

How to check the subscription status of the blades on the Security Gateway

sk163417 - Check Point Software

Question 7

RAD is initiated when Application Control and URL Filtering blades are active on the Security Gateway. What is the purpose of the following RAD configuration file $FWDIR/conf/rad_settings.C?

AThis file contains the location information for Application Control and/or URL Filtering entitlements

BThis file contains the information on how the Security Gateway reaches the Security Management Server's RAD service for Application Control and URL Filtering

CThis file contains RAD proxy settings

DThis file contains all the host name settings for the online application detection engine

Answer : C

The Resource Application Daemon (RAD) is a critical component in Check Point's Application Control and URL Filtering blades, responsible for processing and categorizing web traffic. The configuration file $FWDIR/conf/rad_settings.C on the Security Gateway defines settings related to RAD's operation.

Option A: Incorrect. The rad_settings.C file does not store entitlement information for Application Control or URL Filtering. Entitlements are managed by the Security Management Server and stored in licensing databases, not in this file.

Option B: Incorrect. The rad_settings.C file does not specify how the Security Gateway communicates with the Security Management Server's RAD service. Communication settings are typically handled by SIC (Secure Internal Communication) and other configuration files, such as $FWDIR/conf/fwopsec.conf.

Option C: Correct. The rad_settings.C file contains proxy settings for the RAD daemon, such as HTTP proxy configurations used for accessing external services (e.g., Check Point's online URL Filtering database). This is critical when the Gateway requires a proxy to reach external resources for URL categorization.

Option D: Incorrect. Hostname settings for the online application detection engine are not stored in rad_settings.C. These are typically managed by the Application Database (application_db.C) or resolved via DNS.

The Check Point R81.20 Security Gateway Administration Guide discusses the RAD daemon and its configuration, noting that $FWDIR/conf/rad_settings.C is used for proxy settings related to Application Control and URL Filtering. The CCTE R81.20 course covers troubleshooting Application Control and URL Filtering, including the role of configuration files like rad_settings.C.

For precise details, refer to:

Check Point R81.20 Security Gateway Administration Guide, section on ''Application Control and URL Filtering'' (available via Check Point Support Center).

CCTE R81.20 Courseware, which includes modules on RAD configuration and troubleshooting (available through authorized training partners like Arrow Education or Red Education).

CheckPoint Check Point Certified Troubleshooting Expert - R81.20 156-587 Exam Practice Test