156-585 | Realistic CheckPoint 156-585 Question Online

NEW QUESTION 1
When a User process or program suddenly crashes, a core dump is often used to examine the problem. Which command is used to enable the core-dumping via GAIA dish?

• A. set core-dump enable
• B. set core-dump per_process
• C. set user-dump enable
• D. set core-dump total

Answer: A

NEW QUESTION 2
Check Point's PostgreSQL is partitioned into several relational database domains. Which domain contains network objects and security policies?

• A. User Domain
• B. System Domain
• C. Global Domain
• D. Log Domain

Answer: C

NEW QUESTION 3
the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

• A. there is no difference
• B. the C2S VPN uses a different VPN deamon and there a second VPN debug
• C. the C2S VPN can not be debugged as it uses different protocols for the key exchange
• D. the C2S client uses Browser based SSL vpn and cant be debugged

Answer: D

NEW QUESTION 4
Check Point Threat Prevention policies can contain multiple policy layers and each layer consists of its own Rule Base Which Threat Prevention daemon is used for Anti-virus?

• A. in.emaild.mta
• B. in.msd
• C. ctasd
• D. in emaild

Answer: D

NEW QUESTION 5
If IPS protections that prevent SecureXL from accelerating traffic, such as Network Quota, Fingerprint Scrambling. TTL Masking etc, have to be used, what is a recommended practice to enhance the performance of the gateway?

• A. Use the IPS exception mechanism
• B. Disable all such protections
• C. Disable SecureXL and use CoreXL
• D. Upgrade the hardware to include more Cores and Memory

Answer: C

NEW QUESTION 6
What is the most efficient way to view large fw monitor captures and run filters on the file?

• A. wireshark
• B. CLISH
• C. CLI
• D. snoop

Answer: A

NEW QUESTION 7
Some users from your organization have been reporting some connection problems with CIFS since this morning You suspect an IPS issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS chain module (position 4 in the chain) to check If the packets pass the IPS. What command do you need to run?

• A. fw monitor -ml -pi 5 -e <filterexperession>
• B. fw monitor -pi 5 -e <filterexptession>
• C. tcpdump -eni any <filterexpression>
• D. fw monitor -pi asm <filtefexpfession>

Answer: C

NEW QUESTION 8
Which command is used to write a kernel debug to a file?

• A. fw ctl debug -T -f > debug.txt
• B. fw ctl kdebug -T -l > debug.txt
• C. fw ctl debug -S -t > debug.txt
• D. fw ctl kdebug -T -f > debug.txt

Answer: D

NEW QUESTION 9
What table does the command "fwaccel conns" pull information from?

• A. fwxl_conns
• B. SecureXLCon
• C. cphwd_db
• D. sxl_connections

Answer: A

NEW QUESTION 10
What command sets a specific interface as not accelerated?

• A. noaccel-s<interface1>
• B. fwaccel exempt state <interface1>
• C. nonaccel -s <interface1>
• D. fwaccel -n <intetface1 >

Answer: C

NEW QUESTION 11
Your users have some issues connecting Mobile Access VPN to the gateway. How can you debug the tunnel establishment?

• A. in the file $CVPNDIR/conf/httpd.conf change the line loglevel .. To LogLevel debug and run cvpnrestart
• B. run vpn debug truncon
• C. run fw ctl zdebug -m sslvpn all
• D. in the file $VPNDIR/conf/httpd.conf the line Loglevel .. To LogLevel debug and run vpn restart

Answer: A

NEW QUESTION 12
John works for ABC Corporation. They have enabled CoreXL on their firewall John would like to identify the cores on which the SND runs and the cores on which the firewall instance is running. Which command should John run to view the CPU role allocation?

• A. fw ctl affinity -v
• B. fwaccel stat -I
• C. fw ctl affinity -I
• D. fw ctl cores

Answer: C

NEW QUESTION 13
You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For configuration you used the *fw ctl set' command After reboot you noticed that these parameters returned to their default values What do you need to do to make this configuration work immediately and stay permanent?

• A. Set these parameters again with “fw ctl set” and edit appropriate parameters in $FWDIR/boot/modules/ fwkern.conf
• B. Use script $FWDIR/bin IpsSetBypass.sh to set these parameters
• C. Set these parameters again with “fw ctl set” and save configuration with “save config”
• D. Edit appropriate parameters in $FWDIR/boot/modules/fwkern.conf

Answer: A

Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=

NEW QUESTION 14
Which command(s) will turn off all vpn debug collection?

• A. vpn debug off
• B. vpn debug -a off
• C. vpn debug off and vpn debug ikeoff
• D. fw ctl debug 0

Answer: C

NEW QUESTION 15
The two procedures available for debugging in the firewall kernel are
i fw ctl zdebug
ii fw ctl debug/kdebug
Choose the correct statement explaining the differences in the two

• A. (i) Is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to get an output via command linewhereas (11) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line
• B. (i) is used to debug the access control policy only, however (n) can be used to debug a unified policy
• C. (i) is used to debug only issues related to dropping of traffic, however (n) can be used for any firewall issue including NATing, clustering etc.
• D. (i) is used on a Security Gateway, whereas (11) is used on a Security Management Server

Answer: C

NEW QUESTION 16
Which of the following is contained in the System Domain of the Postgres database?

• A. Saved queries for applications
• B. Configuration data of log servers
• C. Trusted GUI clients
• D. User modified configurations such as network objects

Answer: C

NEW QUESTION 17
PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell Which command do you need to enter the PostgreSQL interactive shell?

• A. psql_client cpm postgres
• B. mysql_client cpm postgres
• C. psql_c!ieni postgres cpm
• D. mysql -u root

Answer: A

NEW QUESTION 18
You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file but you can’t afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs. What is the correct syntax for this?

• A. fw ctl kdebug -T -f -m 10 -s 1000000 -o debugfilename
• B. fw ctl kdebug -T -f -m 10 -s 1000000 > debugfilename
• C. fw ctl kdebug -T -m 10 -s 1000000 -o debugfilename
• D. fw ctl debug -T -f -m 10 -s 1000000 -o debugfilename

Answer: D

NEW QUESTION 19
What is the correct syntax to set all debug flags for Unified Policy related issues?

• A. fw ctl debug -m UP all
• B. fw ctl debug -m up all
• C. fw ctl kdebug -m UP all
• D. fw ctl debug -m fw all

Answer: A

NEW QUESTION 20
In Security Management High Availability, if the primary and secondary managements, running the same version of R80.x, are in a state of ‘Collision’, how can this be resolved?

• A. Administrator should manually synchronize the servers using SmartConsole
• B. The Collision state does not happen in R80.x as the synchronizing automatically on every publish action
• C. Reset the SIC of the secondary management server
• D. Run the command ‘fw send synch force’ on the primary server and ‘fw get sync quiet’ on the secondary server

Answer: A

NEW QUESTION 21
......