CheckPoint 156-586 Exam Questions

Questions for the 156-586 were updated on : Dec 01 ,2025

Page 1 out of 5. Viewing questions 1-15 out of 75

Question 1

Your users have some issues connecting with Mobile Access VPN to your gateway. How can you
debug the tunnel establishment?

  • A. in the file $CVPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run cvpnrestart
  • B. in the file $VPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run vpn restart
  • C. run vpn debug truncon
  • D. run fw ctl zdebug -m sslvpn all
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What function receives the AD log event information?

  • A. ADLOG
  • B. PEP
  • C. CPD
  • D. FWD
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

The FileApp parser in the Content Awareness engine does not extract text from which of the
following file types?

  • A. Microsoft Office Excel files
  • B. PDF’s
  • C. Microsoft Office .docx files
  • D. Microsoft Office Powerpoint files
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following commands can be used to see the list of processes monitored by the Watch
Dog process?

  • A. ps -ef | grep watchd
  • B. cpstat fw -f watchdog
  • C. cpwd_admin list
  • D. fw ctl get str watchdog
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

You receive reports that Users cannot browse internet sites. You are using identity awareness with
AD Query and Identity Collector in addition you have the Browser Based Authentication Enabled.
What command can be used to debug the problem?

  • A. on the gateway: ad debug on
  • B. on the gateway: ad query debug on
  • C. on the management: ad query debug extended
  • D. on the gateway: pdp debug nac extended
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What cli command is run on the GW to verify communication to the Identity Collector?

  • A. fwd connected
  • B. pdp connections idc
  • C. pep connections idc
  • D. show idc connections
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

When dealing with monolithic operating systems such as Gaia, where are system calls initiated from
to achieve a required system level function?

  • A. Kernel Mode
  • B. User Mode
  • C. Slow Path
  • D. Medium Path
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to
perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from
if a sync-request is required?

  • A. RAD User Space
  • B. URLF Online Service
  • C. URLF Kernel Client
  • D. RAD Kernel Space
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral
part of the traffic inspection process. There are two procedures available for debugging the firewall
kernel. Which procedure/command is used for troubleshooting packet drops and other kernel
activities while using minimal resources (1 MB buffer)?

  • A. fw debug ctl
  • B. fw ctl debug/kdebug
  • C. fw ctl zdebug
  • D. fwk ctl debug
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following inputs is suitable for debugging HTTPS inspection issues?

  • A. fw debug tls on TDERROR_ALL_ALL=5
  • B. fw ctl debug -m fw + conn drop cptls
  • C. vpn debug cptls on
  • D. fw diag debug tls enable
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following would NOT be a flag when debugging a unified policy?

  • A. tls
  • B. rulebase
  • C. clob
  • D. connection
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

You are seeing output from the previous kernel debug. What command should you use to avoid that?

  • A. fw ctl debug = 0
  • B. fw ctl clean buffer = 0
  • C. fw ctl zdebug disable
  • D. fw ctl debug 0
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

After kernel debug with "fw ctl debug" you received a huge amount of information. It was saved in a
very large file that is difficult to open and analyze with standard text editors. Suggest a solution to
solve this issue.

  • A. Divide debug information into smaller files. Use "fw ctl kdebug -f -o "filename" -m 25 - s "1024"
  • B. Use "fw ctl zdebug" because of 1024KB buffer size
  • C. Use Check Point InfoView utility to analyze debug output
  • D. Reduce debug buffer to 1024KB and run debug for several times
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

What is the simplest and most efficient way to check all dropped packets in real time?

  • A. tail -f $FWDIR/log/fw.log |grep drop in expert mode
  • B. cat /dev/fw1/log in expert mode
  • C. fw ctl zdebug + drop in expert mode
  • D. Smartlog
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

For Identity Awareness, what is the PDP process?

  • A. Identity server
  • B. Log Sifter
  • C. Captive Portal Service
  • D. UserAuth Database
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2