Scribd
Upload
224 views6 pages

156-581 (93 Questions)

156-581 (93 Questions) 156-581 (93 Questions) 156-581 (93 Questions)156-581 (93 Questions) 156-581 (93 Questions)

Uploaded by

Innovior IT Tech
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
224 views6 pages

156-581 (93 Questions)

156-581 (93 Questions) 156-581 (93 Questions) 156-581 (93 Questions)156-581 (93 Questions) 156-581 (93 Questions)

Uploaded by

Innovior IT Tech
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

156-581 (93 Questions)

Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0

Vendor: Check Point

Exam Code: 156-581

Exam Name: Check Point Certified Troubleshooting Administrator - R81 (CCTA)


Innovior ITTech

Q&A

Check Point Certified Troubleshooting Administrator - R81 (CCTA)


156-581

(93 Questions)

http://www.facebook.com/InnoviorITTech

We Offer Free Update Service


For One Year.
QUESTION 1
Where can a Check Point customer find information about product licenses they own, download product
manuals and get information about product support expiration?

A. UserCenter portal
B. Smart Console
C. PartnerMAP portal
D. In security management server via CU and executing command cplic print

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
You have just acquired new licenses for your Check Point security Gateway. You need to attach the new
license.
What is the object in the Security Console where you can attach the license for a software blade?

A. Security Blade
B. Hardware Blade
C. Software Container
D. Software Blade

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
What is true concerning fw monitor?

A. fw monrtor is available on all management server platforms and the syntax is the same everywhere
B. fwmonitor is available on all platforms and even the syntax is the same on all gateways
C. fwmonitor has been obsoleted by tcpdump with R80.10
D. tcpdump syntax can be used in fw monitor for deeper analysis

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Performing NAT on the Client Side means that translation of all packets will occur?

A. Prior to any routing taking place


B. After the packets have already been routed
C. In the firewall kernel closest to the initiator of the connection
D. In the inbound firewall kernel instance

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
When accessing License Status in Smart Console, what information is available?

A. Expiration Date, Status, SKU, Signature Key


B. Blade Name, Expiration Date, Attached to Status
C. Blade Name, License Status, Expiration Date, Additional info
D. License Status, Blade Name, Report available, Download

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
Where would you look to find the error log file to investigate a logging issue on the Security Management
Server?

A. $MDS_FWDIR/log/cpm.elg
B. $FWDIR/log/fwd.elg
C. $CPDIR/log/cpd.elg
D. $FWDIR/log/fwm.elg

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented, which
layer of IPS corrects this to allow for proper inspection?

A. Protocol Parsers
B. Protections
C. Passive Streaming Library
D. Context Management

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
Which type of NAT allows both incoming and outgoing connections?

A. Static NAT
B. Port NAT
C. Both Static and Hide NAT
D. Hide NAT

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Select the technology that does the following actions
- provides reassembly via streaming for TCP
- handles packet reordering and congestion
- handles payload overlap
- provides consistent stream of data to protocol parsers

A. A Passive Streaming Library


B. fwtcpstream
C. Context Management
D. Pre-Protocol Parser

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
What does the FWD daemon instruct the gateway to do when communication issues between the gateway
and SMS/Log Server occurs?

A. It instructs the gateway to continue forwarding logs to SKIS/Log Server and the logs with be stored in a
holding queue for the server until communication is restored
B. It instructs the gateway to store logs locally as it continues to try to restore communication.
C. It instructs the gateway to stop logging until it can restore communication.
D. It instructs the gateway to only log a specified number of logs as defined in the Security Policy.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
What file extension should be used with fw monitor to allow the output file to be imported and read in
Wireshark?

A. .pcap
B. .tgz
C. .cap
D. .exe

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 12
In the SmartConsole logs, you are seeing messages reporting NAT port exhaustion. What command would
you use to check the status of the NAT table?

A. fw tab -t xftrc_allo
B. fw tab -t xlate_alloc
C. fw tab -t fwx_alloc
D. fw tab -t nat_alloc

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
Johnny works as a firewall administrator in ALPHA Corporation. He is also an Account Administrator in the
Check Point UserCenter for his company. When searching through SecureKnowledge he found an article
which can help him but he couldn't access the article, because has no permission to access it. What could
cause this problem?

A. ALPHA Corporation's Support contract expired, or he is not Check Point certified professional
B. Johnny must be Check Point Certified Security Master to get access articles with higher Technical
Level
C. Only Check Point Support Engineers have access to articles with higher Technical Level
D. ALPHA Corporation's Support contract expired

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 14
After successful policy installation, the gateway stores a copy of the most recently installed policy package
in which location?

A. $FWDIR/state/local/FW1
B. $FWDIR/state/_tmp/FW1
C. $FWDIR/state/<gateway_name>/FW1
D. $FWDIR/state/current/FW1

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
Is it possible to analyze ICMP packets with tcpdump?

A. No, since ICMP does not have any source or destination ports, but specification of port numbers is
mandatory
B. No, tcpdump works from layer 4. ICMP is located in the network layer (layer 3), therefore is not
applicable to this scenario
C. No, use fw monitor instead
D. Yes, tcpdump is not limited to tcp specific issues

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16
Where do Protocol parsers register themselves for IPS?

A. Protections database
B. Context Management Infrastructure
C. Passive Streaming Library
D. Other handlers register to Protocol parser

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 17
Which of the following is the most significant impact of not having a valid Policy Management license
installed on a management server?

A. Inability to make rule changes


B. Inability to install policies
C. Inability to log in to SmartConsole
D. Inability to review logs

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18
Which of the following is NOT a way to insert fw monitor into the chain when troubleshooting packets
throughout the chain?

A. Relative position using alias


B. Relative position using id
C. Absolution position
D. Relative position using location

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 19
Chuck is a firewall administrator. He runs into some issues with policy installation, so he wants to check if

You might also like