Free 156-587 Sample Questions — Check Point Certified Troubleshooting Expert - R81.20 (CCTE)

Captive Portal, PDP and PEP run in what space?

• A. User
• B. CPM
• C. FWD
• D. Kernel

What is the benefit of fw ctl debug over fw ctl zdebug?

• A. There is no difference. Both are used for debugging kernel
• B. You don’t need timestamps
• C. It allows you to debug multiple modules at the same time
• D. You only need 1MB buffer

What is the Security Gateway directory where an administrator can find vpn debug log files generated during Site-to-Site VPN troubleshooting?

• A. $FWDIR/conf/
• B. $CPDIR/conf/
• C. $FWDIR/log/
• D. /opt/CPsuiteR80/vpn/log/

You need to monitor traffic pre-inbound and before the VPN-module in a security gateway. How would you achieve this using fw monitor?

• A. fw monitor -p all
• B. fw monitor -pi -vpn
• C. fw monitor -pi +vpn
• D. fw monitor-pl +vpn

In Mobile Access VPN, clientless access is done using a web browser. The primary communication path for these browser based connections is a process that allows numerous processes to utilize port 443 and redirects traffic to a designated port of the respective process. Which daemon handles this?

• A. Multi-portal Daemon (MPD)
• B. Mobile Access Daemon (MAD)
• C. HTTPS Inspection Daemon (HID)
• D. Connectra VPN Daemon (cvpnd)

Your users have some issues connecting with Mobile Access VPN to your gateway. How can you debug the tunnel establishment?

• A. run vpn debug truncon
• B. in the file $VPNDIR/conf/httpd.conf change the line Loglevel.. To LogLevel debug and run vpn restart
• C. in the file $CVPNDIR/conf/httpd.conf change the line Loglevel.. To LogLevel debug and run cvpnrestart
• D. run fw ctl zdebug -m sslvpn all

URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required?

• A. URLF Kernel Client
• B. RAD User Space
• C. RAD Kernel Space
• D. URLF Online Service

Which two files contain the Application Database on the Security Gateway?

• A. api_db.C and api_custom_db.C
• B. apcl_db.C and apcl_custom_db.C
• C. application_db.C and application_custom_db.C
• D. appi_db.C and appi_custom_db.C

RAD is initiated when Application Control and URL Filtering blades are active on the Security Gateway. What is the purpose of the following RAD configuration file $FWDIR/conf/rad_settings.C?

• A. This file contains the location information for Application Control and/or URL Filtering entitlements
• B. This file contains the information on how the Security Gateway reaches the Security Managers RAD service for Application Control and URL Filtering
• C. This file contains RAD proxy settings
• D. This file contains all the host name settings for the online application detection engine

Which Daemon should be debugged for HTTPS Inspection related issues?

• A. VPND
• B. WSTLSD
• C. FWD
• D. HTTPD

You receive complains that Guest Users cannot login and use the Guest Network which is configured with Access Role of Guest Users. You need to verity the Captive Portal configuration. Where can you find the config file?

• A. on the gateway at $NACPORTAL_ HOME/conf/httpd_ nac.conf
• B. on the management at $CPNAC_ HOME/conf/httpd_ nac.conf
• C. on the management at $NACPORTAL_ HOME/conf/httpd_ nac.conf
• D. on the gateway at $CPNAC_ HOME/conf/httpd_ nac.conf

What is correct about the Resource Advisor (RAD) service on the Security Gateways?

• A. RAD is not a separate module, it is an integrated function of the ‘fw’ kernel module and does all operations in the kernel space
• B. RAD functions completely in user space. The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
• C. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization. There is no user space involvement in this process
• D. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization

What file contains the RAD proxy settings?

• A. rad_control.C
• B. rad_scheme.C
• C. rad_services.C
• D. rad_settings.C

What is NOT a benefit of the ‘fw ctl zdebug’ command?

• A. Automatically allocate a 1MB buffer
• B. Collect debug messages from the kernel
• C. Cannot be used to debug additional modules
• D. Clean the buffer

What command is used to find out which port Multi-Portal has assigned to the Mobile Access Portal?

• A. mpclient getdata sslvpn
• B. netstat -nap | grep mobile
• C. netstat getdata sslvpn
• D. mpclient getdata mobi

How can you start debug of the Unified Policy with all possible flags turned on?

• A. fw ctl debug -m fw + UP
• B. fw ctl debug -m UP all
• C. fw ctl debug -m UP *
• D. fw ctl debug -m UnifiedPolicy all

How does Identity Collector connect to Windows Server?

• A. ADQuery is needed for connection
• B. LDAP connection
• C. It uses a PDP demon to connect
• D. via Windows API

What components make up the Context Management Infrastructure?

• A. CPMI and FW Loader
• B. CPX and FWM
• C. CPM and SOLR
• D. CMI Loader and Pattern Matcher

The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for troubleshooting packet drops and other kernel activities while using minimal resources (1 MB buffer)?

• A. fw ctl zdebug
• B. fwk ctl debug
• C. fw debug ctl
• D. fw ctl debug/kdebug

Which of the following daemons is used for Threat Extraction?

• A. extractd
• B. tedex
• C. tex
• D. scrubd