CheckPoint 156-587 Exam Questions Instant Access

Question 1

When a User process or program suddenly crashes, a core dump is often used to examine the problem Which command is used to enable the core-dumping via GAIA clish?

Aset core-dump enable

Bset core-dump total

Cset user-dump enable

Dset core-dump per_process

Answer : A

In Check Point Gaia, you can enable core dumping through the command line interface (clish) using the following command:

set core-dump enable

This command activates the core dump mechanism, allowing the system to generate core dump files when user processes crash. Remember to save the configuration after enabling core dumps with the command:

save config

Why other options are incorrect:

B . set core-dump total: This command is used to set the total disk space limit for core dump files, not to enable core dumping itself.

C . set user-dump enable: There is no such command in Gaia clish for enabling core dumps.

D . set core-dump per_process: This command sets the maximum number of core dump files allowed per process, but it doesn't enable core dumping.

Check Point Troubleshooting Reference:

Check Point R81.20 Security Administration Guide: This guide provides comprehensive information about Gaia clish commands, including those related to system configuration and troubleshooting.

Check Point sk92764: This knowledge base article specifically addresses core dump management in Gaia, explaining how to enable and configure core dumps.

Enabling core dumps is a crucial step in troubleshooting process crashes as it provides valuable information for analysis and debugging.

Question 2

For Identity Awareness, what is the PDP process?

AIdentity server

BLog Sifter

CCaptive Portal Service

DUserAuth Database

Answer : A

The PDP process is the Identity server, which is a component of the Identity Awareness blade on the Security Gateway. The PDP process is responsible for collecting and managing identity information from various sources, such as Active Directory, Identity Agents, Captive Portal, Terminal Servers, and RADIUS.The PDP process also communicates with the PEP process, which is the Policy Enforcement Point, to enforce identity-based policies on the traffic passing through the Security Gateway1.The other options, such as Log Sifter, Captive Portal Service, and UserAuth Database, are either not related to Identity Awareness or not processes, but rather files or services.Reference:1: sk93046: Identity Awareness - How to Configure

Question 3

What are the three main component of Identity Awareness?

AClient, SMS and Secure Gateway

BIdentity Source Identity Server (POP) and Identity Enforcement (PEP)

CIdentity Awareness Blade on Security Gateway, User Database on Security Management Server and Active Directory

DUser, Active Directory and Access Role

Answer : B

Question 4

Which command is used to write a kernel debug to a file?

Afw ctl kdebug -T -I > debug.txt

Bfw ctl debug -S -t > debug.txt

Cfw ctl kdebug -T -f > debug.txt

Dfw ctl debut -T -f > debug.txt

Answer : C

Question 5

What are the main components of Check Point's Security Management architecture?

AManagement server, Log server, Gateway server. Security server

BManagement server, management database, log server, automation server

CManagement server. Security Gateway. Multi-Domain Server. SmartEvent Server

DManagement server. Log Server, LDAP Server, Web Server

Answer : B

The main components of Check Point's Security Management architecture are1:

Management server: This is the central component that manages the security policy, configuration, and licenses for the Security Gateways and other Check Point devices. It also provides the SmartConsole interface for the administrators to manage the security environment.

Management database: This is the database that stores the security policy, configuration, and objects for the Security Management Server. It also stores the logs and events from the Security Gateways and other Check Point devices.

Log server: This is the component that receives and stores the logs and events from the Security Gateways and other Check Point devices. It also provides the SmartLog and SmartEvent interfaces for the administrators to view, analyze, and manage the logs and events.

Automation server: This is the component that provides the REST API and the CLI for the administrators to automate and script the security management tasks.

1: (CCTE) - Check Point Software

Question 6

The Unified Access Control policy eliminates the need to maintain policies for different access control features However, you need to start a general debug of the Unified Policy with all flags turned on Which of the following is the correct syntax?

Afw ctl debug -m UP all

Bfw ctl debug -m UP + all flags

Cfw ctl kdebug -m UP all

Dfwm ctl debug -m UP all

Answer : A

Question 7

You do not see logs in the SMS. When you login on the SMS shell and run cpwd_admin list you notice that the RFL process is with status T. What command can you run to try to resolve it?

ARFLstop and RFLstart

Bevstart and evstop

Csmartlog_server stop and smartlog_server restart

Drflsop and rflstart

Answer : C

= The RFL process is the Remote File Log process that is responsible for transferring logs from the Security Gateway to the Security Management Server1.If the RFL process is with status T, it means that it is terminated and not running2. This could explain why the logs are not seen in the SMS.To resolve this issue, one possible command to run issmartlog_server stopandsmartlog_server restart3. This command will stop and restart the SmartLog server, which is the process that indexes and displays the logs in the SmartConsole. By restarting the SmartLog server, it may also restart the RFL process and resume the log transfer. Alternatively, one can also try to restart the RFL process directly by runningcpwd_admin stop -name RFLandcpwd_admin start -name RFL.Reference:Check Point Processes and Daemons,sk97638 - Check Point Processes and Daemons,sk144192 - How to restart SmartLog server, [sk98348 - SmartLog / SmartView server functionality], [sk97638 - Check Point Processes and Daemons]

CheckPoint Check Point Certified Troubleshooting Expert - R81.20 156-587 Exam Questions