What command is used to find out which port Multi-Portal has assigned to the Mobile Access Portal?
- A . mpclient getdata sslvpn
- B . netstat -nap | grep mobile
- C . mpclient getdata mobi
- D . netstat getdata sslvpn
What is the simplest and most efficient way to check all dropped packets in real time?
- A . fw ctl zdebug * drop in expert mode
- B . Smartlog
- C . cat /dev/fwTlog in expert mode
- D . tail -f SFWDIR/log/fw log |grep drop in expert mode
What table does the command "fwaccel conns" pull information from?
- A . fwxl_conns
- B . SecureXLCon
- C . cphwd_db
- D . sxl_connections
What is the kernel process for Content Awareness that collects the data from the contexts received from the CMI and decides if the file is matched by a data type?
- A . dlpda
- B . dlpu
- C . cntmgr
- D . cntawmod
Where do Protocol parsers register themselves for IPS?
- A . Passive Streaming Library
- B . Other handlers register to Protocol parser
- C . Protections database
- D . Context Management Infrastructure
Which command do you need to execute to insert fw monitor after TCP streaming (out) in the outbound chain using absolute position? Given the chain was 1ffffe0, choose the correct answer.
- A . fw monitor Cpo -0x1ffffe0
- B . fw monitor Cp0 ox1ffffe0
- C . fw monitor Cpo 1ffffe0
- D . fw monitor Cp0 Cox1ffffe0
A
Explanation:
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_PerformanceTuning_AdminGuide/Content/Topics-PTG/CLI/fw-monitor.htm
What are the four ways to insert an FW Monitor into the firewall kernel chain?
- A . Relative position using location, relative position using alias, absolute position, all positions
- B . Absolute position using location, absolute position using alias, relative position, all positions
- C . Absolute position using location, relative position using alias, general position, all positions
- D . Relative position using geolocation relative position using inertial navigation, absolute position all positions
Check Point’s PostgreSQL is partitioned into several relational database domains.
Which domain contains network objects and security policies?
- A . User Domain
- B . System Domain
- C . Global Domain
- D . Log Domain
During firewall kernel debug with fw ctl zdebug you received less information than expected. You noticed that a lot of messages were lost since the time the debug was started.
What should you do to resolve this issue?
- A . Increase debug buffer; Use fw ctl debug Cbuf 32768
- B . Redirect debug output to file; Use fw ctl zdebug Co ./debug.elg
- C . Increase debug buffer; Use fw ctl zdebug Cbuf 32768
- D . Redirect debug output to file; Use fw ctl debug Co ./debug.elg
A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_PerformanceTuning_AdminGuide/Content/Topics-PTG/Kernel-Debug/Kernel-Debug- Procedure.htm
What command sets a specific interface as not accelerated?
- A . noaccel-s<interface1>
- B . fwaccel exempt state <interface1>
- C . nonaccel -s <interface1>
- D . fwaccel -n <intetface1 >
Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation files and communications with Threat Cloud?
- A . ctasd
- B . inmsd
- C . ted
- D . scrub
C
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
The management configuration stored in the Postgres database is partitioned into several relational database Domains, like – System, User, Global and Log Domains. The User Domain stores the network objects and security policies.
Which of the following is stored in the Log Domain?
- A . Configuration data of Log Servers and saved queries for applications
- B . Active Logs received from Security Gateways and Management Servers
- C . Active and past logs received from Gateways and Servers
- D . Log Domain is not stored in Postgres database, it is part of Solr indexer only
Which process is responsible for the generation of certificates?
- A . cpm
- B . cpca
- C . dbsync
- D . fwm
the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?
- A . there is no difference
- B . the C2S VPN uses a different VPN daemon and there a second VPN debug
- C . the C2S VPN can not be debugged as it uses different protocols for the key exchange
- D . the C2S client uses Browser based SSL vpn and can’t be debugged
The two procedures available for debugging in the firewall kernel are
i fw ctl zdebug
ii fw ctl debug/kdebug
Choose the correct statement explaining the differences in the two
- A . (i) Is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to get an output via command line whereas (11) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line
- B . (i) is used to debug the access control policy only, however (n) can be used to debug a unified policy
- C . (i) is used to debug only issues related to dropping of traffic, however (n) can be used for any firewall issue including NATing, clustering etc.
- D . (i) is used on a Security Gateway, whereas (11) is used on a Security Management Server
When a User Mode process suddenly crashes it may create a core dump file.
Which of the following information is available in the core dump and may be used to identify the root cause of the crash?
i Program Counter
ii Stack Pointer
ii. Memory management information
iv Other Processor and OS flags / information
- A . i, ii, lii and iv
- B . i and n only
- C . iii and iv only
- D . D Only iii
What is the buffer size set by the fw ctl zdebug command?
- A . 1 MB
- B . 1 GB
- C . 8MB
- D . 8GB
You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For configuration you used the *fw ctl set’ command After reboot you noticed that these parameters returned to their default values.
What do you need to do to make this configuration work immediately and stay permanent?
- A . Set these parameters again with “fw ctl set” and edit appropriate parameters in $FWDIR/boot/modules/ fwkern.conf
- B . Use script $FWDIR/bin IpsSetBypass.sh to set these parameters
- C . Set these parameters again with “fw ctl set” and save configuration with “save config”
- D . Edit appropriate parameters in $FWDIR/boot/modules/fwkern.conf
A
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62848&partition=Advanced&product=IPS
What are some measures you can take to prevent IPS false positives?
- A . Exclude problematic services from being protected by IPS (sip, H 323, etc )
- B . Use IPS only in Detect mode
- C . Use Recommended IPS profile
- D . Capture packets. Update the IPS database, and Back up custom IPS files
What is the function of the Core Dump Manager utility?
- A . To generate a new core dump for analysis
- B . To limit the number of core dump files per process as well as the total amount of disk space used by core files
- C . To determine which process is slowing down the system
- D . To send crash information to an external analyzer
John works for ABC Corporation. They have enabled CoreXL on their firewall John would like to identify the cores on which the SND runs and the cores on which the firewall instance is running.
Which command should John run to view the CPU role allocation?
- A . fw ctl affinity -v
- B . fwaccel stat -I
- C . fw ctl affinity -I
- D . fw ctl cores
Which of the following daemons is used for Threat Extraction?
- A . scrubd
- B . extractd
- C . tex
- D . tedex
URL Filtering is an essential part of Web Security in the Gateway.
For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required”
- A . RAD Kernel Space
- B . URLF Kernel Client
- C . URLF Online Service
- D . RAD User Space
You are upgrading your NOC Firewall (on a Check Point Appliance) from R77 to R80 30 but you did not touch the security policy After the upgrade you can’t connect to the new R80 30 SmartConsole of the upgraded Firewall anymore.
What is a possible reason for this?
- A . new new console port is 19009 and a access rule ts missing
- B . the license became invalig and the firewall does not start anymore
- C . the upgrade process changed the interfaces and IP adresses and you have to switch cables
- D . the IPS System on the new R80.30 Version prohibits direct Smartconsole access to a standalone firewall
You are running R80.XX on an open server and you see a high CPU utilization on your 12 CPU cores You now want to enable Hyperthreading to get more cores to gain some performance.
What is the correct way to achieve this?
- A . Hyperthreading is not supported on open servers, on on Check Point Appliances
- B . just turn on HAT in the bios of the server and boot it
- C . just turn on HAT in the bios of the server and after it has booted enable it in cpconfig
- D . in dish run set HAT on
Where will the usermode core files be located?
- A . /var/log/dump/usermode
- B . /var/suroot
- C . SFWDlR/var’log/dump/usermode
- D . SCPDIR/var/log/dump/usermode
A
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92764
When running a debug with fw monitor, which parameter will create a more verbose output?
- A . -i
- B . -i
- C . -0
- D . -d
PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell
Which command do you need to enter the PostgreSQL interactive shell?
- A . psql_client cpm postgres
- B . mysql_client cpm postgres
- C . psql_c!ieni postgres cpm
- D . mysql -u root
Check Point Access Control Daemons contains several daemons for Software Blades and features.
Which Daemon is used for Application & Control URL Filtering?
- A . rad
- B . cprad
- C . pepd
- D . pdpd
Your fwm constantly crashes and is restarted by the watchdog. You can’t find any coredumps related to this process, so you need to check If coredumps are enabled at all.
How can you achieve that?
- A . in dish run show core-dump status
- B . in expert mode run show core-dump status
- C . in dish run set core-dump status
- D . in dish run show coredumb status
Which of the following is NOT a valid "fwaccel" parameter?
- A . stat
- B . stats
- C . templates
- D . packets
D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
Troubleshooting issues with Mobile Access requires the following:
- A . Standard VPN debugs, packet captures, and debugs of cvpnd’ process on Security Gateway
- B . Standard VPN debugs and packet captures on Security Gateway, debugs of "cvpnd’ process on Security Management
- C . ‘ma_vpnd’ process on Secunty Gateway
- D . Debug logs of FWD captured with the command – ‘fw debug fwd on TDERROR_MOBILE_ACCESS=5’
After kernel debug with "fw ctl debug" you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to solve this issue.
- A . Use "fw ctl zdebug’ because of 1024KB buffer size
- B . Divide debug information into smaller files Use "fw ctl kdebug -f -o "filename" -m 25 – s "1024"
- C . Reduce debug buffer to 1024KB and run debug for several times
- D . Use Check Point InfoView utility to analyze debug output
Which of the following inputs is suitable for debugging HTTPS inspection issues?
- A . vpn debug cptls on
- B . fw ctl debug Cm fw + conn drop cptls
- C . fw diag debug tls enable
- D . fw debug tls on TDERROR_ALL_ALL=5
B
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108202
Which command can be run in Expert mode lo verify the core dump settings?
- A . grep cdm /config/db/coredump
- B . grep cdm /config/db/initial
- C . grep SFWDlR/config/db/initial
- D . cat /etc/sysconfig/coredump/cdm conf
What does SIM handle?
- A . Accelerating packets
- B . FW kernel to SXL kernel hand off
- C . OPSEC connects to SecureXL
- D . Hardware communication to the accelerator
Which file is commonly associated with troubleshooting crashes on a system such as the Security Gateway?
- A . core dump
- B . CPMIL dump
- C . fw monitor
- D . tcpdump
Vanessa is reviewing ike.elg file to troubleshoot failed site-to-site VPN connection After sending Mam Mode Packet 5 the response from the peer is PAYLOAD-MALFORMED"
What is the reason for failed VPN connection?
- A . The authentication on Phase 1 is causing the problem. Pre-shared key on local gateway encrypted by the hash algorithm created in Packet 3 and Packet 4 doesn’t match with the hash on the peer gateway generated by encrypting its pre-shared key
- B . The authentication on Phase 2 is causing the problem Pre-shared key on local gateway encrypted by the hash algorithm created in Packets 1 and 2 doesn’t match with the hash on the peer gateway generated by encrypting its pre-shared key
- C . The authentication on Quick Mode is causing the problem Pre-shared key on local gateway encrypted by the hash algorithm created in Packets 3 and 4 doesn’t match with the hash on the peer gateway generated by encrypting its pre-shared key
- D . The authentication on Phase 1 is causing the problem Pre-shared key on local gateway encrypted by the hash algorithm doesn’t match with the hash on the peer gateway generated by encrypting its pre-shared key created in Packet 1 and Packet 2
For TCP connections, when a packet arrives at the Firewall Kemel out of sequence or fragmented, which layer of IPS corrects this lo allow for proper inspection?
- A . Passive Streaming Library
- B . Protections
- C . Protocol Parsers
- D . Context Management
What is the correct syntax to turn a VPN debug on and create new empty debug files?
- A . vpn debug truncon
- B . vpndebug trunc on
- C . vpn kdebug on
- D . vpn debug trunkon