CheckPoint 156-585 Exam Questions

Questions for the 156-585 were updated on : May 23 ,2024

Page 1 out of 8. Viewing questions 1-15 out of 114

Question 1

For TCP connections, when a packet arrives at the Firewall Kemel out of sequence or fragmented,
which layer of IPS corrects this lo allow for proper inspection?

  • A. Passive Streaming Library
  • B. Protections
  • C. Protocol Parsers
  • D. Context Management
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What command is usually used for general firewall kernel debugging and what is the size of the
buffer that is automatically enabled when using the command?

  • A. fw ctl debug, buffer size is 1024 KB
  • B. fw ell zdebug. buffer size is 32768 KB
  • C. fw dl zdebug, buffer size is 1 MB
  • D. fw ctl kdeoug. buffer size is 32000 KB
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What does CMI stand for in relation to the Access Control Policy?

  • A. Content Matching Infrastructure
  • B. Content Management Interface
  • C. Context Management Infrastructure
  • D. Context Manipulation Interface
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

When a User process or program suddenly crashes, a core dump is often used to examine the
problem. Which command is used to enable the core-dumping via GAIA dish?

  • A. set core-dump enable
  • B. set core-dump per_process
  • C. set user-dump enable
  • D. set core-dump total
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

PostgreSQL is a powerful, open source relational database management system Check Point offers a
command for viewing the database to interact with Postgres interactive shell Which command do
you need to enter the PostgreSQL interactive shell?

  • A. psql_client cpm postgres
  • B. mysql_client cpm postgres
  • C. psql_c!ieni postgres cpm
  • D. mysql -u root
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation
files and communications with Threat Cloud?
A. ctasd
B. inmsd
C. ted
D. scrub

Answer:

C
//supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk97638

Discussions
0 / 1000

Question 7

John has renewed his NGTX License but he gets an error (contract for Anti-Bot expired). He wants to
check the subscription status on the CU of the gateway, what command can he use for this?

  • A. cpstat antimalware -f subscription_status
  • B. fw monitor license status
  • C. fwm lie print
  • D. show license status
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

During firewall kernel debug with fw ctl zdebug you received less information than expected. You
noticed that a lot of messages were lost since the time the debug was started. What should you do to
resolve this issue?

  • A. Increase debug buffer; Use fw ctl debug –buf 32768
  • B. Redirect debug output to file; Use fw ctl zdebug –o ./debug.elg
  • C. Increase debug buffer; Use fw ctl zdebug –buf 32768
  • D. Redirect debug output to file; Use fw ctl debug –o ./debug.elg
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/
CP_R80.40_PerformanceTuning_AdminGuide/Content/Topics-PTG/Kernel-Debug/Kernel-Debug-
Procedure.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which process is responsible for the generation of certificates?

  • A. cpm
  • B. cpca
  • C. dbsync
  • D. fwm
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What command sets a specific interface as not accelerated?

  • A. noaccel-s<interface1>
  • B. fwaccel exempt state <interface1>
  • C. nonaccel -s <interface1>
  • D. fwaccel -n <intetface1 >
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

When running a debug with fw monitor, which parameter will create a more verbose output?

  • B. -i
  • C. -0
  • D. -d
Answer:

D

User Votes:
B
50%
C
50%
D
50%
Discussions
vote your answer:
B
C
D
0 / 1000

Question 12

What is connect about the Resource Advisor (RAD) service on the Security Gateways?

  • A. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization
  • B. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There is no user space involvement in this process
  • C. RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
  • D. RAD is not a separate module, it is an integrated function of the 'fw1 kernel module and does all operations in the kernel space
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

What are some measures you can take to prevent IPS false positives?

  • A. Exclude problematic services from being protected by IPS (sip, H 323, etc )
  • B. Use IPS only in Detect mode
  • C. Use Recommended IPS profile
  • D. Capture packets. Update the IPS database, and Back up custom IPS files
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

RAD is initiated when Application Control and URL Filtering blades are active on the Security
Gateway What is the purpose of the following RAD configuration file SFWDIR/conf/rad_settings.C?

  • A. This file contains the location information tor Application Control and/or URL Filtering entitlements
  • B. This file contains the information on how the Security Gateway reaches the Security Managers RAD service for Application Control and URL Filtering
  • C. This file contains RAD proxy settings
  • D. This file contains all the host name settings for the online application detection engine
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

What is the main SecureXL database for tracking the acceleration status of traffic?

  • A. cphwd_db
  • B. cphwd_tmp1
  • C. cphwd_dev_conn_table
  • D. cphwd_dev_identity_table
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2