Free 156-586 Sample Questions — Check Point Certified Troubleshooting Expert

Captive Portal, PDP and PEP run in what space?

• A. Kernel
• B. User
• C. CPM
• D. FWD

What are the main components of Check Point’s Security Management architecture?

• A. Management server, Log server, Gateway server, Security server
• B. Management server, management database, log server, automation server
• C. Management server, Security Gateway, Multi-Domain Server, SmartEvent Server
• D. Management server, Log Server, LDAP Server, Web Server

If SmartLog is not active or failed to parse results from server, what commands can be run to re-enable the service?

• A. smartlogrestart and smartlogstart
• B. smartlogstart and smartlogstop
• C. smartloginit and smartlogstop
• D. smartlogstart and smartlogsetup

What version of Check Point can Security Gateways begin dynamically distributing Logs between log servers?

• A. R81
• B. R77
• C. R80
• D. R75

What is the best way to resolve an issue caused by a frozen process?

• A. Kill the process
• B. Restart the process
• C. Reboot the machine
• D. Power off the machine

The management configuration stored in the Postgres database is partitioned into several relational database domains. What is the purpose of the Global Domain?

• A. Global Domains is used by the IPS software blade to map the IDs to the corresponding countries according to the IpToCountry.csv file
• B. This domain is used as the global database to back up the objects referencing the corresponding object attributes from the System Domain
• C. This domain is used as the global database to track the changes made by multiple administrators on the same objects prior to publishing
• D. This domain is used as the global database for MDSM and contains global objects and policies

VPN issues may result from misconfiguration, communication failure, or incompatible default configurations between peers. Which basic command syntax needs to be used for troubleshooting Site-to-Site VPN issues?

• A. vpn truncon debug
• B. cp debug truncon
• C. vpn debug truncon
• D. fw debug truncon

Which of these packet processing components stores Rule Base matching state-related information?

• A. Observers
• B. Classifiers
• C. Manager
• D. Handlers

What are the four main database domains?

• A. Local, Global, User, VPN
• B. System, Global, Log, Event
• C. System, User, Global, Log
• D. System, User, Host, Network

Your users have some issues connecting with Mobile Access VPN to your gateway. How can you debug the tunnel establishment?

• A. in the file $CVPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run cvpnrestart
• B. in the file $VPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run vpn restart
• C. run vpn debug truncon
• D. run fw ctl zdebug -m sslvpn all

What does CMI stand for in relation to the Access Control Policy?

• A. Content Management Interface
• B. Content Matching Infrastructure
• C. Context Manipulation Interface
• D. Context Management Infrastructure

You are seeing output from the previous kernel debug. What command should you use to avoid that?

• A. fw ctl debug = 0
• B. fw ctl clean buffer = 0
• C. fw ctl zdebug disable
• D. fw ctl debug 0

When a User Mode process suddenly crashes, it may create a core dump file. Which of the following information is available in the core dump and may be used to identify the root cause of the crash? i. Program Counter ii. Stack Pointer iii. Memory management information iv. Other Processor and OS flags / information

• A. iii and iv only
• B. i, ii, iii and iv
• C. i and ii only
• D. Only iii

What is the name of the VPN kernel process?

• A. FWK
• B. VPND
• C. CVPND
• D. VPNK

SmartEvent utilizes the Log Server, Correlation Unit and SmartEvent Server to aggregate logs and identify security events. The three main processes that govern these SmartEvent components are:

• A. cpcu, cplog, cpse
• B. eventiasv, eventiarp,eventiacu
• C. cpsemd, cpsead, and DBSync
• D. fwd, secu, sesrv

The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for troubleshooting packet drops and other kernel activities while using minimal resources (1 MB buffer)?

• A. fw debug ctl
• B. fw ctl debug/kdebug
• C. fw ctl zdebug
• D. fwk ctl debug

Which of the following daemons is used for Threat Extraction?

• A. tedex
• B. extractd
• C. tex
• D. scrubd

What is the correct syntax to set all debug flags for Unified Policy related issues?

• A. fw ctl kdebug -m UP all
• B. fw ctl debug -m fw all
• C. fw ctl debug -m up all
• D. fw ctl debug -m UP all

Which of the following is contained in the System Domain of the Postgres database?

• A. Trusted GUI clients
• B. Configuration data of log servers
• C. Saved queries for applications
• D. User modified configurations such as network objects

Your users are having trouble opening a Web page and you need to troubleshoot it. You open the Smart Console, and you get the following message when you navigate to the Logs and Monitor "SmartLog is not active or Failed to parse results from server". What is the first thing you can try to resolve it?

• A. Run the commands on the SMS: smartlogstart and smartlogstop
• B. smartlog debug on and smartlog debug off
• C. smartlog_server restart
• D. cpmstop and cpmstart