m

er as
co
eH w
o.
rs e
ou urc
o
aC s
vi y re
ed d
ar stu

156-585 Free Questions

Good Demo For Check Point 156-585
is

Exam
Th
sh

This study source was downloaded by 100000833464759 from CourseHero.com on 10-08-2021 12:39:13 GMT -05:00

https://www.coursehero.com/file/107288295/Check-Point-Certified-Troubleshooting-Expert-CCTE-156-585-Study-Guide-2021-9-24pdf/
1.What command is usedtofind out which port Multi-Portal has assigned to the Mobile
Access Portal?
A. mpclient getdata sslvpn
B. netstat -nap | grep mobile
C. mpclient getdata mobi
D. netstat getdata sslvpn
Answer: A

2.What is the simplest and most efficient way to check all dropped packets in real
time?
A. fw ctl zdebug * drop in expert mode
B. Smartlog

4
-2
C. cat /dev/fwTlog in expert mode

-9
21
D. tail -f SFWDIR/log/fw log |grep drop in expert mode

20
Answer: A

de

m
ui
er as
G
dy

co
tu
eH w S
3.What table does the command "fwaccel conns" pull information from?
5
58

o.
6-
A. fwxl_conns rs e 15

B. SecureXLCon
ou urc C
T
E

C. cphwd_db
C
t
er

D. sxl_connections
xp
o
E

Answer: C
ng
aC s ti
vi y re le
sh
oo
ub

4.What is the kernel process for Content Awareness that collects the data from the
ro
T

contexts received from the CMI and decides if the file is matched by a data type?
ed d ie
d

A. dlpda
ar stu
er
ti
f

B. dlpu
C
nt

C. cntmgr
oi
P
is
ck

D. cntawmod
he

Answer: A
Th C

sh

5.Where do Protocol parsers register themselves for IPS?

A. Passive Streaming Library
B. Other handlers register to Protocol parser
C. Protections database
D. Context Management Infrastructure
Answer: A

This study source was downloaded by 100000833464759 from CourseHero.com on 10-08-2021 12:39:13 GMT -05:00

https://www.coursehero.com/file/107288295/Check-Point-Certified-Troubleshooting-Expert-CCTE-156-585-Study-Guide-2021-9-24pdf/
6.Which command do you need to execute to insert fw monitor after TCP streaming
(out) in the outbound chain using absolute position? Given the chain was 1ffffe0,
choose the correct answer.
A. fw monitor Cpo -0x1ffffe0
B. fw monitor Cp0 ox1ffffe0
C. fw monitor Cpo 1ffffe0
D. fw monitor Cp0 Cox1ffffe0
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Per
formanceTuning_AdminGuide/Content/Topics-PTG/CLI/fw-monitor.htm

4
-2
7.What are the four ways to insert an FW Monitor into the firewallkernel chain?

-9
21
A. Relative position using location, relativepositionusing alias, absolute position, all

20
positions

de

m
ui
er as
B. Absolute position using location, absolute position using alias, relative position, all

G
dy

co
positions

tu
eH w S
C. Absolute position using location, relative position using alias, general position, all
5
58

o.
6-
positions rs e 15

D. Relative position using geolocation relative position using inertial navigation,

ou urc C
T
E

absolute position all positions

C
t
er

Answer: A
xp
o
E
ng
aC s ti
vi y re sh
oo

8.Rules within the Threat Prevention policy use the Malware database and network
le
ub

objects.
ro
T

Which directory is used for the Malware database?

ed d ie
d

A. $FWDIR/conf/install_manager_tmp/ANTIMALWARE/conf/
ar stu
er
ti
f

B. $CPDIR/conf/install_manager_lmp/ANTIMALWARE/conf/
C
nt

C. $FWDlR/conf/install_firewall_imp/ANTIMALWARE/conf/
oi
P
is
ck

D. $FWDlR/log/install_manager_tmp/ANTIMALWARBlog?
he

Answer: A
Th C

sh

9.Check Point's PostgreSQL is partitioned into several relational database domains.

Which domain contains network objects and security policies?
A. User Domain
B. System Domain
C. Global Domain
D. Log Domain
Answer: A

This study source was downloaded by 100000833464759 from CourseHero.com on 10-08-2021 12:39:13 GMT -05:00

https://www.coursehero.com/file/107288295/Check-Point-Certified-Troubleshooting-Expert-CCTE-156-585-Study-Guide-2021-9-24pdf/
10.During firewall kernel debug with fw ctl zdebug you received less information than
expected. You noticed that a lot of messages were lost since the time the debug was
started.
What should you do to resolve this issue?
A. Increase debug buffer; Use fw ctl debug Cbuf 32768
B. Redirect debug output to file; Use fw ctl zdebug Co ./debug.elg
C. Increase debug buffer; Use fw ctl zdebug Cbuf 32768
D. Redirect debug output to file; Use fw ctl debug Co ./debug.elg
Answer: A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_
R80.40_PerformanceTuning_AdminGuide/Content/Topics-PTG/Kernel-Debug/Kernel-

4
-2
Debug- Procedure.htm

-9
21
20
de

m
ui
er as
11.What command sets a specific interface as not accelerated?

G
dy

co
A. noaccel-s<interface1>

tu
eH w S
B. fwaccel exempt state <interface1>
5
58

o.
6-
C. nonaccel -s <interface1> rs e 15

D. fwaccel -n <intetface1 >

ou urc C
T
E

Answer: C
C
t
er
xp
o
E
ng
aC s ti

12.Which Threat Prevention daemon is the core Threat Emulator, engine and
vi y re sh
oo

responsible for emulation files and communications with Threat Cloud?

le
ub

A. ctasd
ro
T

B. inmsd
ed d ie
d

C. ted
ar stu
er
ti
f

D. scrub
C
nt

Answer: C
oi
P
is
ck

Explanation:
he

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsol
Th C

utiondetails=&solutionid=sk97638
sh

13.The management configuration stored in the Postgres database is partitioned into

several relational database Domains, like - System, User, Global and Log Domains.
The User Domain stores the network objects and security policies.
Which of the following is stored in the Log Domain?
A. Configuration data of Log Servers and saved queries for applications
B. Active Logs received from Security Gateways and Management Servers
C. Active and past logs received from Gateways and Servers
This study source was downloaded by 100000833464759 from CourseHero.com on 10-08-2021 12:39:13 GMT -05:00

https://www.coursehero.com/file/107288295/Check-Point-Certified-Troubleshooting-Expert-CCTE-156-585-Study-Guide-2021-9-24pdf/
D. Log Domain is not stored in Postgres database, it is part of Solr indexer only
Answer: A

14.Which process is responsible for the generation of certificates?

A. cpm
B. cpca
C. dbsync
D. fwm
Answer: B

15.the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

4
-2
A. there is no difference

-9
21
B. the C2S VPN uses a different VPN deamon and there a second VPN debug

20
C. the C2S VPN can not be debugged as it uses different protocols for the key

de

m
ui
er as
exchange

G
dy

co
D. the C2S client uses Browser based SSL vpn and cant be debugged

tu
eH w S
Answer: A
5
58

o.
6-
rs e 15
ou urc C
T
E

16.The two procedures available for debugging in the firewall kernel are
C
t
er

i fw ctl zdebug
xp
o
E

ii fw ctl debug/kdebug
ng
aC s ti

Choose the correct statement explaining the differences in the two

vi y re sh
oo

A. (i) Is used for general debugging, has a small buffer and is a quick way to set
le
ub

kernel debug flags to get an output via command line whereas (11) is useful when
ro
T

there is a need for detailed debugging and requires additional steps to set the buffer
ed d ie
d

and get an output via command line

ar stu
er
ti
f

B. (i) is used to debug the access control policy only, however (n) can be used to
C
nt

debug a unified policy

oi
P
is
ck

C. (i) is used to debug only issues related to dropping of traffic, however (n) can be
he

used for any firewall issue including NATing, clustering etc.

Th C

D. (i) is used on a Security Gateway, whereas (11) is used on a Security Management

Server
sh

Answer: A

17.When a User Mode process suddenly crashes it may create a core dump file.
Which of the following information is available in the core dump and may be used to
identify the root cause of the crash?
i Program Counter
ii Stack Pointer
This study source was downloaded by 100000833464759 from CourseHero.com on 10-08-2021 12:39:13 GMT -05:00

https://www.coursehero.com/file/107288295/Check-Point-Certified-Troubleshooting-Expert-CCTE-156-585-Study-Guide-2021-9-24pdf/
ii. Memory management information
iv Other Processor and OS flags / information
A. i, ii, lii and iv
B. i and n only
C. iii and iv only
D. D Only iii
Answer: A

18.What is the buffer size set by the fw ctl zdebug command?

A. 1 MB
B. 1 GB
C. 8MB

4
-2
D. 8GB

-9
21
Answer: A

20
de

m
ui
er as
G
dy

co
19.You have configured IPS Bypass Under Load function with additional kernel

tu
eH w S
parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For
5
58

o.
6-
configuration you used the *fw ctl set' command After reboot you noticed that these
rs e 15

parameters returned to their default values.

ou urc C
T
E

What do you need to do to make this configuration work immediately and stay
C
t
er

permanent?
xp
o
E

A. Set these parameters again with “fw ctl set” and edit appropriate parameters in
ng
aC s ti

$FWDIR/boot/modules/ fwkern.conf
vi y re sh
oo

B. Use script $FWDIR/bin IpsSetBypass.sh to set these parameters

le
ub

C. Set these parameters again with “fw ctl set” and save configuration with “save
ro
T

config”
ed d ie
d

D. Edit appropriate parameters in $FWDIR/boot/modules/fwkern.conf

ar stu
er
ti
f

Answer: A
C
nt

Explanation:
oi
P
is
ck

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsol
he

utiondetails=&solutionid=sk62848&partition=Advanced&product=IPS
Th C

sh

20.What are some measures you can take to prevent IPS false positives?
A. Exclude problematic services from being protected by IPS (sip, H 323, etc )
B. Use IPS only in Detect mode
C. Use Recommended IPS profile
D. Capture packets. Update the IPS database, and Back up custom IPS files
Answer: D

This study source was downloaded by 100000833464759 from CourseHero.com on 10-08-2021 12:39:13 GMT -05:00

https://www.coursehero.com/file/107288295/Check-Point-Certified-Troubleshooting-Expert-CCTE-156-585-Study-Guide-2021-9-24pdf/
 m
er as
co
eH w
o.
rs e
ou urc
o
aC s
vi y re
ed d

Go To 156-585 Exam
ar stu

Questions Full Version

is
Th
sh

This study source was downloaded by 100000833464759 from CourseHero.com on 10-08-2021 12:39:13 GMT -05:00

https://www.coursehero.com/file/107288295/Check-Point-Certified-Troubleshooting-Expert-CCTE-156-585-Study-Guide-2021-9-24pdf/
Powered by TCPDF (www.tcpdf.org)