156-585 Online Practice Questions and Answers

What are some measures you can take to prevent IPS false positives?

A. Exclude problematic services from being protected by IPS (sip, H 323, etc )

B. Use IPS only in Detect mode

C. Use Recommended IPS profile

D. Capture packets. Update the IPS database, and Back up custom IPS files

What are the main components of Check Point's Security Management architecture?

A. Management server, management database, log server, automation server

B. Management server, Security Gateway. Multi-Domain Server, SmartEvent Server

C. Management Server. Log Server. LDAP Server, Web Server

D. Management server Log server, Gateway server. Security server

How does the URL Filtering Categorization occur in the kernel?

1.

RAD provides the status of the search to the client.

2.

The a-sync request is forwarded to the RAD User space via the RAD kernel for online categorization.

3.

The online detection service responds with categories and the kernel cache is updated.

4.

The kernel cache notifies the RAD kernel of hits and misses.

5.

URL lookup initiated by the client.

6.

URL lookup occurs in the kernel cache.

7.

The client sends an a-sync request back to RAD If the URL was not found.

A. 5, 6, 7, 1, 3, 2, 4

B. 5, 6, 2, 4, 1, 7, 3

C. 5, 6, 4, 1, 7, 2, 3

D. 5, 6, 3, 1, 2, 4, 7

Which command can be run in Expert mode to verify the core dump settings?

A. grep cdm /config/db/coredump

B. grep cdm /config/db/initial

C. grep $FWDIR/config/db/initial

D. cat /etc/sysconfig/coredump/cdm.conf

What is the main SecureXL database for tracking acceleration status of traffic?

A. cphwd_db

B. cphwd_tmp1

C. cphwd_dev_conn_table

D. cphwd_dev_identity_table

What is the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

A. there is no difference

B. the C2S VPN uses a different VPN deamon and there a second VPN debug

C. the C2S VPN can not be debugged as it uses different protocols for the key exchange

D. the C2S client uses Browser based SSL vpn and cant be debugged

You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore you need to add a timestamp to the kernel debug and write the output to a file

What is the correct syntax for this?

A. fw ctl kdebug -T -f > filename.debug

B. fw ctl kdebug -T > filename.debug

C. fw ctl debug -T -f > filename.debug

D. fw ctl kdebug -T -f -o filename.debug

If the cpsemd process of SmartEvent has crashed or is having trouble coming up. then it usually indicates that___________.

A. Postgres database ts down

B. Cpd daemon is unable to connect to the log server

C. The SmartEvent core on the Solr mdexer has been deleted

D. The logged in administrator does not have permissions to run SmartEvent

What is the buffer size set by the fw ctl zdebug command?

A. 1 MB

B. 1 GB

C. 8MB

D. 8GB

Select the technology that does the following actions

- provides reassembly via streaming for TCP

- handles packet reordering and congestion

- handles payload overlap

- provides consistent stream of data to protocol parsers

A. Passive Streaming Library

B. Context Management

C. Pre-Protocol Parser

D. fwtcpstream