CheckPoint 156-585 practice test

Question 1

What components make up the Context Management Infrastructure?

• A. CMI Loader and Pattern Matcher
• B. CPMI and FW Loader
• C. CPX and FWM
• D. CPM and SOLR

Question 2

Which is the correct “fw monitor” syntax for creating a capture file for loading it into WireShark?

• A. fw monitor -e “accept<FILTER EXPRESSION>;” >> Output.cap
• B. This cannot be accomplished as it is not supported with R80.10
• C. fw monitor -e “accept<FILTER EXPRESSION>;” -file Output.cap
• D. fw monitor -e “accept<FILTER EXPRESSION>;” -o Output.cap

Question 3

Which command(s) will turn off all vpn debug collection?

• A. vpn debug off
• B. vpn debug -a off
• C. vpn debug off and vpn debug ikeoff
• D. fw ctl debug 0

Question 4

What is the main SecureXL database for tracking acceleration status of traffic?

• A. cphwd_db
• B. cphwd_tmp1
• C. cphwd_dev_conn_table
• D. cphwd_dev_identity_table

Question 5

Check Point Access Control Daemons contains several daemons for Software Blades and features.
Which Daemon is used for Application & Control Filtering?

• A. rad
• B. cprad
• C. pepd
• D. pdpd

Question 6

Which command is used to write a kernel debug to a file?

• A. fw ctl debug -T -f > debug.txt
• B. fw ctl kdebug -T -l > debug.txt
• C. fw ctl debug -S -t > debug.txt
• D. fw ctl kdebug -T -f > debug.txt

Question 7

What is the proper command for allowing the system to create core files?
A.
$FWDIR/scripts/core-dump-enable.sh
B.
# set core-dump enable
# save config
C.
service core-dump start
D.
>set core-dump enable
>save config

Question 8

What table does command “fwaccel conns” pull information from?

• A. fwxl_conns
• B. SecureXLCon
• C. cphwd_db
• D. sxl_connections

Question 9

Which Threat Prevention Daemon is the core Threat Emulation engine and responsible for emulation
files and communications with Threat Cloud?

• A. ctasd
• B. in.msd
• C. ted
• D. scrub

Question 10

Your users have some issues connecting Mobile Access VPN to the gateway. How can you debug the
tunnel establishment?

• A. in the file $CVPNDIR/conf/httpd.conf change the line loglevel .. To LogLevel debug and run cvpnrestart
• B. run vpn debug truncon
• C. run fw ctl zdebug -m sslvpn all
• D. in the file $VPNDIR/conf/httpd.conf the line Loglevel .. To LogLevel debug and run vpn restart

Question 11

What file contains the RAD proxy settings?

• A. rad_settings.C
• B. rad_services.C
• C. rad_scheme.C
• D. rad_control.C

Question 12

James is using the same filter expression in fw monitor for CITRIX very often and instead of typing
this all the time he wants to add it as a macro to the fw monitor definition file. Whats the name and
location of this file?

• A. $FWDIR/lib/fwmonltor.def
• B. $FWDIR/conf/fwmonltor.def
• C. $FWDIR/lib/tcpip.def
• D. $FWDIR/lib/fw.monitor

Question 13

How many tiers of pattern matching can a packet pass through during IPS inspection?

• A. 2
• B. 1
• C. 5
• D. 9

Question 14

What acceleration mode utilizes multi-core processing to assist with traffic processing?

• A. CoreXL
• B. SecureXL
• C. HyperThreading
• D. Traffic Warping

Question 15

For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented,
which layer of IPS corrects this to allow for proper inspection?

• A. Passive Streaming Library
• B. Protections
• C. Protocol Parsers
• D. Context Management