156-585 Exam Dumps [Right] Check Point Certified Troubleshooting Expert Best Materials

On By passitdump

The PassITDump Correct 156-585 exam dumps is the best material for preparing for the Check Point Certified Troubleshooting Expert exam, and with it you can take the exam with confidence.

With the PassITDump 156-585 exam dumps, you can practice all the 156-585 exam questions and answers well to ensure a successful pass.

156-585156-585 free dumps or download 156-585 dumps here.

Question 1:

What are some measures you can take to prevent IPS false positives?

A. Exclude problematic services from being protected by IPS (sip, H.323, etc.)

B. Use IPS only in Detect mode

C. Use Recommended IPS profile

D. Capture packets, Update the IPS database, and Back up custom IPS files

Correct Answer: A

Question 2:

VPN issues may result from misconfiguration, communication failure, or incompatible default configurations between peers. Which basic command syntax needs to be used for troubleshooting Site-to-Site VPN issues?

A. vpn debug truncon

B. fw debug truncon

C. cp debug truncon

D. vpn truncon debug

Correct Answer: A

Question 3:

Which daemon governs the Mobile Access VPN blade and works with VPND to create Mobile Access VPN connections? It also handles interactions between HTTPS and the Multi-Portal Daemon.

A. Connectra VPN Daemon – cvpnd

B. Mobile Access Daemon – MAD

C. mvpnd

D. SSL VPN Daemon – sslvpnd

Correct Answer: A

Question 4:

What does CMI stand for in relation to the Access Control Policy?

A. Content Matching Infrastructure

B. Content Management Interface

C. Context Management Infrastructure

D. Context Manipulation Interface

Correct Answer: C

Question 5:

You are trying to establish a VPN tunnel between two Security Gateways but fail. What initial steps will you make to troubleshoot the issue?

A. capture traffic on both tunnel members and collect debug of IKE and VPND daemon

B. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags, then collect debug of IKE and VPND daemon

C. collect debug of IKE and VPND daemon and collect kernel debug for fw module with vm, crypt, conn and drop flags

D. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags

Correct Answer: A

Question 6:

An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution she wants to check if the process responsible for this feature is running correctly. What is true about the related process?

A. fwm manages this database after initialization of the ICA

B. cpd needs to be restarted manual to show in the list

C. fwssd crashes can affect therefore not show in the list

D. solr is a child process of cpm

Correct Answer: D

Question 7:

When debugging is enabled on firewall kernel module using the ‘fw ctl debug’ command with required options, many debug messages are provided by the kernel that help the administrator to identify issues. Which of the following is true about these debug messages generated by the kernel module?

A. Messages are written to a buffer and collected using ‘fw ctl kdebug’

B. Messages are written to console and also /var/log/messages file

C. Messages are written to /etc/dmesg file

D. Messages are written to $FWDIR/log/fw.elg

Correct Answer: B

Question 8:

How can you increase the ring buffer size to 1024 descriptors?

A. set interface eth0 rx-ringsize 1024

B. fw ctl int rx_ringsize 1024

C. echo rx_ringsize=1024>>/etc/sysconfig/sysctl.conf

D. dbedit>modify properties firewall_properties rx_ringsize 1024

Correct Answer: A

Question 9:

What are four main database domains?

A. System, Global, Log, Event

B. System, User, Host, Network

C. Local, Global, User, VPN

D. System, User, Global, Log

Correct Answer: D

Question 10:

During firewall kernel debug with fw ctl zdebug you received less information that expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?

A. Increase debug buffer; Use fw ctl debug -buf 32768

B. Redirect debug output file; Use fw ctl zdebug -o ./debug.elg

C. Increase debug buffer; Use fw ctl zdebug -buf 32768

D. Redirect debug output file; Use fw ctl debug -o ./debug.elg

Correct Answer: A

Question 11:

Where do Protocol parsers register themselves for IPS?

A. Passive Streaming Library

B. Other handlers register to Protocol parser

C. Protections database

D. Context Management Infrastructure

Correct Answer: A

Question 12:

Which command can be run in Expert mode to verify the core dump settings?

A. grep cdm /config/db/coredump

B. grep cdm /config/db/initial

C. grep $FWDIR/config/db/initial

D. cat /etc/sysconfig/coredump/cdm.conf

Correct Answer: C

Question 13:

What process is responsible for sending and receiving logs in the management server?

A. FWD

B. CPM

C. FWM

D. CPD

Correct Answer: A

Question 14:

If IPS protections that prevent SecureXL from accelerating traffic, such as Network Quota, Fingerprint Scrambling, TTL Masking etc, have to be used, what is recommended practice to enhance the performance of the gateway?

A. Use the IPS exception mechanism

B. Disable all such protections

C. Disable SecureXL and use CoreXL

D. Upgrade the hardware to include more Cores and Memory

Correct Answer: C

Question 15:

What is the best way to resolve an issue caused by a frozen process?

A. Reboot the machine

B. Restart the process

C. Kill the process

D. Power off the machine

Correct Answer: B