CheckPoint 156-587 Exam Questions Instant Access

Question 1

What is the best way to resolve an issue caused by a frozen process?

APower off the machine

BRestart the process

CReboot the machine

DKill the process

Answer : D

When a process is frozen (hung or unresponsive), the typical method to resolve it is to kill the process. On Check Point, you can use cpwd_admin kill -name <ProcessName> or a standard Linux kill -9 <PID> command if necessary. You then allow CPWD (the Check Point watchdog) to restart it, or manually restart it if needed.

Other options:

A . Power off the machine: This is too drastic and not recommended just for a single frozen process.

B . Restart the process: While this sounds viable, you typically must kill the frozen process first, then let WatchDog or an admin restart it.

C . Reboot the machine: Similar to powering off---too disruptive for just one stuck process.

Hence, the most direct and standard approach: ''Kill the process.''

Check Point Troubleshooting Reference

sk97638 -- Explanation of CPWD (Check Point WatchDog) and how to manage processes.

sk43807 -- How to gracefully stop or kill a Check Point process.

Check Point CLI Reference Guide -- Details on using cpwd_admin commands to kill or restart processes.

Question 2

RAD is initiated when Application Control and URL Filtering blades are active on the Security Gateway. What is the purpose of the following RAD configuration file $FWDIR/conf/rad_settings.C?

AThis file contains the location information for Application Control and/or URL Filtering entitlements

BThis file contains the information on how the Security Gateway reaches the Security Management Server's RAD service for Application Control and URL Filtering

CThis file contains RAD proxy settings

DThis file contains all the host name settings for the online application detection engine

Answer : C

The Resource Application Daemon (RAD) is a critical component in Check Point's Application Control and URL Filtering blades, responsible for processing and categorizing web traffic. The configuration file $FWDIR/conf/rad_settings.C on the Security Gateway defines settings related to RAD's operation.

Option A: Incorrect. The rad_settings.C file does not store entitlement information for Application Control or URL Filtering. Entitlements are managed by the Security Management Server and stored in licensing databases, not in this file.

Option B: Incorrect. The rad_settings.C file does not specify how the Security Gateway communicates with the Security Management Server's RAD service. Communication settings are typically handled by SIC (Secure Internal Communication) and other configuration files, such as $FWDIR/conf/fwopsec.conf.

Option C: Correct. The rad_settings.C file contains proxy settings for the RAD daemon, such as HTTP proxy configurations used for accessing external services (e.g., Check Point's online URL Filtering database). This is critical when the Gateway requires a proxy to reach external resources for URL categorization.

Option D: Incorrect. Hostname settings for the online application detection engine are not stored in rad_settings.C. These are typically managed by the Application Database (application_db.C) or resolved via DNS.

The Check Point R81.20 Security Gateway Administration Guide discusses the RAD daemon and its configuration, noting that $FWDIR/conf/rad_settings.C is used for proxy settings related to Application Control and URL Filtering. The CCTE R81.20 course covers troubleshooting Application Control and URL Filtering, including the role of configuration files like rad_settings.C.

For precise details, refer to:

Check Point R81.20 Security Gateway Administration Guide, section on ''Application Control and URL Filtering'' (available via Check Point Support Center).

CCTE R81.20 Courseware, which includes modules on RAD configuration and troubleshooting (available through authorized training partners like Arrow Education or Red Education).

Question 3

PostgreSQL is a powerful, open source relational database management system. Check Point offers a command for viewing the database to interact with Postgres interactive shell. Which command do you need to enter the PostgreSQL interactive shell?

Amysql_client cpm postgres

Bmysql -u root

Cpsql_client cpm postgres

Dpsql_client postgres cpm

Answer : C

The correct command to enter the PostgreSQL interactive shell ispsql_client cpm postgres. This command allows the administrator to view and manipulate the database of the Check Point Management (CPM) module, which stores the configuration and policy data. Thepsql_clientcommand is a Check Point wrapper for thepsqlcommand, which is the native PostgreSQL interactive shell. Thepsql_clientcommand takes two arguments: the first one is the name of the database module, and the second one is the name of the database user. In this case, the database module iscpmand the database user ispostgres.

The other commands are incorrect because:

A . mysql_client cpm postgres is not a valid command. Themysql_clientcommand is used to access the MySQL database, which is not used by Check Point. The Check Point database is based on PostgreSQL, not MySQL.

B . mysql -u root is not a valid command. Themysqlcommand is used to access the MySQL database, which is not used by Check Point. The Check Point database is based on PostgreSQL, not MySQL. Moreover, the-uoption specifies the MySQL user name, which is not relevant for Check Point.

D . psql_client postgres cpm is not a valid command. Thepsql_clientcommand takes the database module name as the first argument, and the database user name as the second argument. In this case, the database module name iscpmand the database user name ispostgres. The order of the arguments is reversed in this command.

How to use PostgreSQL interactive shell (psql) with Check Point database

Check Point Database Tool (GuiDBedit) - Check Point Software

(CCTE) - Check Point Software

Question 4

Where do you enable log indexing on the SMS?

ASMS object under 'Other'

BSMS object under 'Advanced'

CSMS object under 'Logs'

DSMS object under 'General Properties'

Answer : C

Log indexing is a feature that enables faster and more efficient log searches in SmartLog and SmartEvent. To enable log indexing on the Security Management Server (SMS), you need to edit the SMS object in SmartConsole and go to the ''Logs'' tab.There you can configure the log indexing settings, such as the index location, the index size, the index frequency, and the index retention123.Reference:

1: CCTE Courseware, Module 2: Advanced Logs and Monitoring, Slide 9

2: Check Point R81 Logging and Monitoring Administration Guide, Chapter 2: Log Indexing, Page 17

3: Check Point R81 Logging and Monitoring Administration Guide, Chapter 2: Log Indexing, Page 18

Question 5

You receive complains that Guest Users cannot login and use the Guest Network which is configured with Access Role of Guest Users. You need to verity the Captive Portal configuration. Where can

you find the config file?

Aon the gateway at $NACPORTAL_ HOME/conf/httpd_ nac.conf

Bon the management at SCPNAC_ HOME/conf/httpd_ nac.conf

Con the management at SNACPORTAL_ HOME/conf/httpd_ nac.conf

Don the gateway at $CPNAC_ HOME/conf/httpd_ nac.conf

Answer : A

Question 6

What command would you run to verify the communication between the Security Gateway and the Identity Collector?

Afw ctl debug -m IDAPI

Bpdp connections idc

Cfw ctl debug -m fw + nac

Dadlog

Answer : B

Question 7

What file contains the RAD proxy settings?

Arad_control.C

Brad_scheme.C

Crad_services.C

Drad_settings.C

Answer : D

CheckPoint Check Point Certified Troubleshooting Expert - R81.20 156-587 Exam Questions