2021 Updated CheckPoint CCTE 156-585 Exam Dumps

dumps2021-12-20T09:00:08+08:00

156-585 exam is a related test for CheckPoint CCTE certification. The updated 156-585 exam dumps are the best material for you to test all the related skills. Free CheckPoint 156-585 exam dumps questions are available below.

Page 1 of 4

1. What are the four ways to insert an FW Monitor into the firewall kernel chain?

Relative position using location, relative position using alias, absolute position, all positions

Absolute position using location, absolute position using alias, relative position, all positions

Absolute position using location, relative position using alias, general position, all positions

Relative position using geolocation relative position using inertial navigation, absolute position all positions

2. What process is responsible for sending and receiving logs in the management server?

FWD

CPM

FWM

CPD

3. What file contains the RAD proxy settings?

rad_settings.C

rad_services.C

rad_scheme.C

rad_control.C

4. What is the name of the VPN kernel process?

VPNK

VPND

CVPND

FWK

5. Which command is most useful for debugging the fwaccel module?

fw zdebug

securexl debug

fwaccel dbg

fw debug

6. Where do Protocol parsers register themselves for IPS?

Passive Streaming Library

Other handlers register to Protocol parser

Protections database

Context Management Infrastructure

7. John works for ABC Corporation. They have enabled CoreXL on their firewall John would like to identify the cores on which the SND runs and the cores on which the firewall instance is running.

Which command should John run to view the CPU role allocation?

fw ctl affinity -v

fwaccel stat -I

fw ctl affinity -I

fw ctl cores

8. You are upgrading your NOC Firewall (on a Check Point Appliance) from R77 to R80 30 but you did not touch the security policy After the upgrade you can't connect to the new R80 30 SmartConsole of the upgraded Firewall anymore.

What is a possible reason for this?

new new console port is 19009 and a access rule ts missing

the license became invalig and the firewall does not start anymore

the upgrade process changed the interfaces and IP adresses and you have to switch cables

the IPS System on the new R80.30 Version prohibits direct Smartconsole access to a standalone firewall

9. Check Point Access Control Daemons contains several daemons for Software Blades and features.

Which Daemon is used for Application & Control URL Filtering?

rad

cprad

pepd

pdpd

10. What are four main database domains?

System, Global, Log, Event

System, User, Host, Network

Local, Global, User, VPN

System, User, Global, Log

Page 2 of 4

11. The two procedures available for debugging in the firewall kernel are

i fw ctl zdebug

ii fw ctl debug/kdebug

Choose the correct statement explaining the differences in the two

(i) Is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to get an output via command line whereas (11) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line

(i) is used to debug the access control policy only, however (n) can be used to debug a unified policy

(i) is used to debug only issues related to dropping of traffic, however (n) can be used for any firewall issue including NATing, clustering etc.

(i) is used on a Security Gateway, whereas (11) is used on a Security Management Server

12. John has renewed his NGTX License but he gets an error (contract for Anti-Bot expired).

He wants to check the subscription status on the CU of the gateway, what command can he use for this?

cpstat antimalware -I subscription _status

fw monitor license status

fwm lie print

show license status

13. The Check Point Firewall Kernel is the core component of the Gala operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel .

Which procedure/command is used for detailed troubleshooting and needs more resources?

fw ctl debug/kdebug

fw ctl zdebug

fw debug/kdebug

fw debug/kdebug ctl

14. URL Filtering is an essential part of Web Security in the Gateway.

For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required''

RAD Kernel Space

URLF Kernel Client

URLF Online Service

RAD User Space

15. You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For configuration you used the *fw ctl set' command After reboot you noticed that these parameters returned to their default values.

What do you need to do to make this configuration work immediately and stay permanent?

Set these parameters again with “fw ctl set” and edit appropriate parameters in $FWDIR/boot/modules/ fwkern.conf

Use script $FWDIR/bin IpsSetBypass.sh to set these parameters

Set these parameters again with “fw ctl set” and save configuration with “save config”

Edit appropriate parameters in $FWDIR/boot/modules/fwkern.conf

16. The Check Pom! Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process There are two procedures available for debugging the firewall kernel

Which procedure/command is used for troubleshooting packet drops and other kernel activites while using minimal resources (1 MB buffer)?

fw ctl zdebug

fw ctl debug/kdebug

fwk ctl debug

fw debug ctl

17. Which process is responsible for the generation of certificates?

cpm

cpca

dbsync

fwm

18. What is the most efficient way to view large fw monitor captures and run filters on the file?

wireshark

CLISH

CLI

snoop

19. What is connect about the Resource Advisor (RAD) service on the Security Gateways?

RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization

RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There isno user space involvement in this process

RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization

RAD is not a separate module, it is an integrated function of the 'fw1 kernel module and does all operations in the kernel space

20. Which command(s) will turn off all vpn debug collection?

vpn debug off

vpn debug -a off

vpn debug off and vpn debug ikeoff

fw ctl debug 0

Page 3 of 4

21. James is using the same filter expression in fw monitor for CITRIX very often and instead of typing this all the time he wants to add it as a macro to the fw monitor definition file .

What ’s the name and location of this file?

$FWDIR/lib/fwmonltor.def

$FWDIR/conf/fwmonltor.def

$FWDIR/lib/tcpip.def

$FWDIR/lib/fw.monitor

22. The management configuration stored in the Postgres database is partitioned into several relational database Domains, like - System, User, Global and Log Domains. The User Domain stores the network objects and security policies.

Which of the following is stored in the Log Domain?

Configuration data of Log Servers and saved queries for applications

Active Logs received from Security Gateways and Management Servers

Active and past logs received from Gateways and Servers

Log Domain is not stored in Postgres database, it is part of Solr indexer only

23. What are some measures you can take to prevent IPS false positives?

Exclude problematic services from being protected by IPS (sip, H 323, etc )

Use IPS only in Detect mode

Use Recommended IPS profile

Capture packets. Update the IPS database, and Back up custom IPS files

24. What command sets a specific interface as not accelerated?

noaccel-s<interface1>

fwaccel exempt state <interface1>

nonaccel -s <interface1>

fwaccel -n <intetface1 >

25. After kernel debug with "fw ctl debug" you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to solve this issue.

Use "fw ctl zdebug' because of 1024KB buffer size

Divide debug information into smaller files Use "fw ctl kdebug -f -o "filename" -m 25 - s "1024"

Reduce debug buffer to 1024KB and run debug for several times

Use Check Point InfoView utility to analyze debug output

26. Troubleshooting issues with Mobile Access requires the following:

Standard VPN debugs, packet captures, and debugs of cvpnd' process on Security Gateway

Standard VPN debugs and packet captures on Security Gateway, debugs of "cvpnd' process on Security Management

'ma_vpnd' process on Secunty Gateway

Debug logs of FWD captured with the command - 'fw debug fwd on TDERROR_MOBILE_ACCESS=5'

27. Select the technology that does the following actions

- provides reassembly via streaming for TCP

- handles packet reordering and congestion

- handles payload overlap

- provides consistent stream of data to protocol parsers

Passive Streaming Library

Context Management

Pre-Protocol Parser

fwtcpstream

28. What table does command “fwaccel conns” pull information from?

fwxl_conns

SecureXLCon

cphwd_db

sxl_connections

29. Joey is configuring a site-to-site VPN with his business partner. On Joey’s site he has a Check Point R80.10 Gateway and his partner uses Cisco ASA 5540 as a gateway.

Joey’s VPN domain on the Check Point Gateway object is manually configured with a group object that contains two network objects:

VPN_Domain3 = 192.168.14.0/24

VPN_Domain4 = 192.168.15.0/24

Partner’s site ACL as viewed from “show run”

access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.14.0 255.255.255.0

access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.15.0 255.255.255.0

When they try to establish VPN tunnel, it fails .

What is the most likely cause of the failure given the information provided?

Tunnel falls on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation. Check Point continues to present its own encryption domain as 192.168.14.0/24 and 192.168.15.0/24, but the peer expects the one network 192.168.14.0/23

Tunnel fails on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation. Check Point continues to present its own encryption domain as 192.168.14.0/23, but the peer expects the two distinct networks 192.168.14.0/24 and 192.168.15.0/24.

Tunnel fails on Joey’s site, because he misconfigured IP address of VPN peer.

Tunnel falls on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation due to the algorithm mismatch.

30. When debugging is enabled on firewall kernel module using the ‘fw ctl debug’ command with required options, many debug messages are provided by the kernel that help the administrator to identify issues .

Which of the following is true about these debug messages generated by the kernel module?

Messages are written to a buffer and collected using ‘fw ctl kdebug’

Messages are written to console and also /var/log/messages file

Messages are written to /etc/dmesg file

Messages are written to $FWDIR/log/fw.elg

Page 4 of 4

31. Which command can be run in Expert mode lo verify the core dump settings?

grep cdm /config/db/coredump

grep cdm /config/db/initial

grep SFWDlR/config/db/initial

cat /etc/sysconfig/coredump/cdm conf

32. Which of the following daemons is used for Threat Extraction?

scrubd

extractd

tex

tedex

33. How many tiers of pattern matching can a packet pass through during IPS inspection?

34. PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell

Which command do you need to enter the PostgreSQL interactive shell?

psql_client cpm postgres

mysql_client cpm postgres

psql_c!ieni postgres cpm

mysql -u root

35. For TCP connections, when a packet arrives at the Firewall Kemel out of sequence or fragmented, which layer of IPS corrects this lo allow for proper inspection?

Passive Streaming Library

Protections

Protocol Parsers

Context Management

Comments (15)

Valter Junior June 24, 2022 Reply

How about this question?
the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?
A. there is no difference
B. the C2S VPN uses a different VPN deamon and there a second VPN debug
C. the C2S VPN can not be debugged as it uses different protocols for the key exchange
D. the C2S client uses Browser based SSL vpn and cant be debugged
Answer: A
For me, the correct answer is D.
- dumps June 25, 2022 Reply
  
  Hi, thanks for your feedback.
Hans January 14, 2022 Reply

10 is also NOT coorect should be answer should be D or 4
- dumps January 15, 2022 Reply
  
  hi, the answer of question 10 is D.
Shokoto December 25, 2021 Reply

Question 14 has a wrong answer.
The a-sync request is initiated by the kernel client and is forwarded from kernel space to user space.
The flow is also described in the correct answer for question 19.
- dumps December 27, 2021 Reply
  
  Thanks for your correction.
Anonimous December 14, 2021 Reply

I have checked this one and the correct answer is rad_settings.C
http://dkcheckpoint.blogspot.com/2019/01/atrg-url-filtering.html
- dumps December 15, 2021 Reply
  
  Ok, our experts are checking the answer of this question.
KuyaMark December 13, 2021 Reply

I believe the answer for the question below is rad_scheme.C
/opt/CPsuite-R80.40/fw1/conf/rad_scheme.C

3. What file contains the RAD proxy settings?
- dumps December 14, 2021 Reply
  
  ok, thanks for your correction.
- dumps December 15, 2021 Reply
  
  Our experts rechecked the answer, the correct one is rad_settings.C
Alberto Lopez December 7, 2021 Reply

Question 28 is wrong

28 = cphwd_db
- dumps December 8, 2021 Reply
  
  Thanks for your correction.
Anonymous November 29, 2021 Reply

I’m pretty sure your answers on questions 12, 13, and 30 are wrong…
12 = cpstat antimalware -I subscription _status
13 = fw ctl debug/kdebug (see also question 16, where zdebug is the right answer)
30 = Messages are written to a buffer and collected using ‘fw ctl kdebug’
- dumps November 30, 2021 Reply
  
  Thanks for your correction. I have corrected them.

2021 Updated CheckPoint CCTE 156-585 Exam Dumps

2021 Updated CheckPoint CCTE 156-585 Exam Dumps

Share this post

Comments (15)

Leave a Reply Cancel reply

Related Posts