CheckPoint 156-587 Exam Practice Test Instant Access

Question 1

Which Daemon should be debugged for HTTPS inspection related issues?

AVPND

BWSTLSD

CFWD

DHTTPD

Answer : B

The WSTLSD daemon is responsible for handling HTTPS Inspection related issues on the Security Gateway.It performs SSL/TLS termination and re-encryption, certificate validation and generation, and URL categorization for HTTPS traffic1.The WSTLSD daemon can be debugged using the commandwstlsd debug on TDERROR_ALL_ALL=52.The debug file is located in $FWDIR/log/wstlsd.elg2.The other daemons, such as FWD, HTTPD, and VPND, are not directly related to HTTPS Inspection, but rather to policy installation, web server, and VPN, respectively.Reference:1: sk65144: HTTPS Inspection Architecture2: sk83520: How to debug the WSTLSD daemon

Question 2

You run cpwd_admin list on a Security Gateway and notice that the CPM process is not listed. Select the best answer.

AThe output is different between Gateway and Management Server.

BCPM is not running and can't be monitored by WatchDog.

CIf you want to monitor CPM, you have to manually add it to WatchDog.

DCPM is not there because it has its own monitoring system. Only lower processes are monitored by WatchDog.

Answer : A

The cpwd_admin list command is used to display the status of processes monitored by the Check Point WatchDog Daemon (CPWD). The CPM (Check Point Management) process is a core process on the Security Management Server, responsible for management operations. However, on a Security Gateway, the CPM process is not typically present, as it is specific to management functions.

Option A: Correct. The output of cpwd_admin list differs between a Security Gateway and a Security Management Server. On a Security Gateway, processes like FWD, VPND, and PEP are monitored, but CPM is not present because it runs on the Management Server. Thus, CPM will not appear in the cpwd_admin list output on a Gateway.

Option B: Incorrect. While it's true that CPM is not running on the Security Gateway, the reason it's not listed is not because it ''can't be monitored'' by CPWD. On a Management Server, CPM is indeed monitored by CPWD, but this question pertains to a Gateway.

Option C: Incorrect. CPM is automatically monitored by CPWD on systems where it runs (e.g., Management Server). There is no need to manually add it to WatchDog's monitoring list.

Option D: Incorrect. CPM does not have its own separate monitoring system. On a Management Server, CPM is monitored by CPWD like other critical processes. The statement about ''only lower processes'' being monitored is inaccurate.

Reference: The Check Point R81.20 Gaia Administration Guide explains the role of CPWD and the processes it monitors on different Check Point systems (Gateway vs. Management Server). The CCTE R81.20 course (as per and) emphasizes understanding the differences in process monitoring between Gateways and Management Servers, including the use of cpwd_admin commands for troubleshooting.https://edu.arrow.com/uk/training/course-detail/90175/Check-Point-Certified-Troubleshooting-Expert-%28CCTE%29-R81.20-%28includes-180-days%27-lab-access%29/False

https://www.koenig-solutions.com/ccte-r81-20-language-course

For precise details, refer to:

Check Point R81.20 Gaia Administration Guide, section on ''CPWD and Process Monitoring'' (available via Check Point Support Center).

CCTE R81.20 Courseware, which covers advanced troubleshooting of Security Gateway and Management Server processes (available through authorized training partners).

Question 3

The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?

Afw ctl zdebug

Bfw debug/kdebug

Cfw ctl debug/kdebug

Dfw debug/kdebug ctl

Answer : C

Question 4

What file contains the RAD proxy settings?

Arad_control.C

Brad_scheme.C

Crad_services.C

Drad_settings.C

Answer : D

Question 5

What are the three main component of Identity Awareness?

AClient, SMS and Secure Gateway

BIdentity Source Identity Server (POP) and Identity Enforcement (PEP)

CIdentity Awareness Blade on Security Gateway, User Database on Security Management Server and Active Directory

DUser, Active Directory and Access Role

Answer : B

Question 6

In the Security Management Architecture, what port and process does SmartConsole use to communicate with the Security Management Server?

ACPM and 18190

BFWM and 19009

CCPM and 19009

DCPM, 19009, and 18191

Answer : A

In Check Point's Security Management Architecture, SmartConsole is the graphical user interface used to manage the Security Management Server. The communication between SmartConsole and the Security Management Server relies on specific processes and ports, which are critical for troubleshooting connectivity issues.

The CPM (Check Point Management) process is the primary process on the Security Management Server responsible for handling management operations, including interactions with SmartConsole. The default port for this communication is 18190 (TCP), used for the SIC (Secure Internal Communication) and management GUI connections.

Option A: Correct. SmartConsole communicates with the Security Management Server using the CPM process over port 18190. This port is used for GUI client connections to the management server.

Option B: Incorrect. The FWM (Firewall Management) process is an older process used in earlier Check Point versions (pre-R80) for management tasks. In R81.20, CPM has largely replaced FWM for SmartConsole communications. Additionally, port 19009 is used for other purposes, such as the Check Point REST API, not SmartConsole.

Option C: Incorrect. While CPM is the correct process, port 19009 is not used for SmartConsole communication. Port 19009 is associated with the Check Point Management API (e.g., for mgmt_cli or REST API calls).

Option D: Incorrect. While CPM is involved, SmartConsole does not use both ports 19009 and 18191. Port 18191 is typically used for log server communications (e.g., SmartConsole to Log Server), not direct management server communication.

The Check Point R81.20 Security Management Administration Guide explicitly details the ports used in the management architecture. According to the guide:

Port 18190/TCP is used for SmartConsole to Security Management Server communication via the CPM process.

The CCTE R81.20 course (as referenced in and) covers advanced management server troubleshooting, including understanding the CPM process and its associated ports.https://www.koenig-solutions.com/ccte-r81-20-language-course

https://www.rededucation.com/events/1056-check-point-troubleshooting-expert-ccte-r81-20-spanish-language/region-US/

For exact extracts, refer to:

Check Point R81.20 Security Management Administration Guide, section on ''Communication Ports'' (available via Check Point Support Center).

CCTE R81.20 Courseware, which includes modules on management server diagnostics and communication protocols (available through authorized training partners).

Question 7

The Unified Access Control policy eliminates the need to maintain policies for different access control features However, you need to start a general debug of the Unified Policy with all flags turned on Which of the following is the correct syntax?

Afw ctl debug -m UP all

Bfw ctl debug -m UP + all flags

Cfw ctl kdebug -m UP all

Dfwm ctl debug -m UP all

Answer : A

CheckPoint 156-587 Check Point Certified Troubleshooting Expert - R81.20 Exam Practice Test