Actual 156-587 Exam Recently Updated Questions with Free Demo
Free CheckPoint 156-587 Exam Questions Self-Assess Preparation
NEW QUESTION # 48
What is the name of the VPN kernel process?
- A. FWK
- B. CVPND
- C. VPNK
- D. VPND
Answer: D
NEW QUESTION # 49
Check Point Threat Prevention policies can contain multiple policy layers and each layer consists of its own Rule Base.
Which Threat Prevention daemon is used for Anti-virus?
- A. ctasd
- B. in.emaild.mta
- C. in.msd
- D. in.emaild
Answer: A
Explanation:
ctasd: This daemon is responsible for Threat Emulation, Anti-Bot, Application Control, and various other security features, including Anti-virus. From Check Point R80.10 onwards, Anti-virus functionality is integrated within ctasd.
NEW QUESTION # 50
Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources, such as Application Control and IPS, and compiles them together into unified Pattern Matchers?
- A. cpas
- B. CMI Loader
- C. PSL - Passive Signature Loader
- D. Context Loader
Answer: D
Explanation:
NEW QUESTION # 51
If SmartLog is not active or failed to parse results from server, what commands can be run to re- enable the service?
- A. smartlogstart and smartlogstop
- B. smartlogstart and smartlogsetup
- C. smartlogrestart and smartlogstart
- D. smartloginit and smartlogstop
Answer: C
NEW QUESTION # 52
After kernel debug with "fw ctl debug" you received a huge amount of information. It was saved in a very large file that is difficult to open and analyze with standard text editors. Suggest a solution to solve this issue.
- A. Reduce debug buffer to 1024KB and run debug for several times
- B. Use "fw ctl zdebug" because of 1024KB buffer size
- C. Divide debug information into smaller files. Use "fw ctl kdebug -f -o "filename" -m 25 - s "1024"
- D. Use Check Point InfoView utility to analyze debug output
Answer: C
NEW QUESTION # 53
In Check Point's Packet Processing Infrastructure, what is the role of Observers?
- A. Observers decide whether or not to publish a CLOB to the Security Policy
- B. Observers attach object IDs to traffic
- C. They store Rule Base matching state related information
- D. Observers monitor the state of Check Point gateways and report it to the security manager
Answer: A
Explanation:
NEW QUESTION # 54
What function receives the AD log event information?
- A. CPD
- B. PEP
- C. ADLOG
- D. FWD
Answer: C
NEW QUESTION # 55
SmartEvent utilizes the Log Server, Correlation Unit and SmartEvent Server to aggregate logs and identify security events. The three main processes that govern these SmartEvent components are:
- A. cpsemd, cpsead, and DBSync
- B. cpcu, cplog, cpse
- C. fwd, secu, sesrv
- D. eventiasv, eventiarp,eventiacu
Answer: D
Explanation:
SmartEvent is a unified security event management and analysis solution that collects and analyzes data from multiple sources to identify and respond to security threats. SmartEvent consists of three main components: Log Server, Correlation Unit, and SmartEvent Server1. The three main processes that govern these SmartEvent components are:
eventiasv: This process is responsible for indexing the logs received from the Log Server and storing them in the SmartEvent database. It also performs log consolidation and compression to optimize the disk space usage2.
eventiarp: This process is responsible for running the predefined and custom correlation rules on the indexed logs and generating security events based on the rule criteria. It also sends notifications and triggers automatic responses for the security events3.
eventiacu: This process is responsible for providing the web-based user interface for SmartEvent, which allows the administrators to view, analyze, and manage the security events. It also provides the SmartEvent API for external integration4. Reference: Check Point Processes and Daemons5, SmartEvent Administration Guide1
1: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SmartEvent_AdminGuide/html_frameset.htm 2: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SmartEvent_AdminGuide/Content/Topics-SmartEvent/SmartEvent-Components.htm#_Toc64167467 3: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SmartEvent_AdminGuide/Content/Topics-SmartEvent/SmartEvent-Components.htm#_Toc64167468 4: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SmartEvent_AdminGuide/Content/Topics-SmartEvent/SmartEvent-Components.htm#_Toc64167469 5: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
NEW QUESTION # 56
You modified kernel parameters and after rebooting the gateway, a lot of production traffic gets dropped and the gateway acts strangely What should you do"?
- A. run fw unloadlocal to remove parameters from kernel
- B. Restore fwkem.conf from backup and reboot the gateway
- C. Remove all kernel parameters from fwkem.conf and reboot
- D. Run command fw ctl set int fw1_kernel_all_disable=1
Answer: B
Explanation:
If you have modified kernel parameters (in fwkern.conf, for example) and the gateway starts dropping traffic or behaving abnormally after a reboot, the best practice is to restore the original or a known-good configuration from backup. Then, reboot again so that the gateway loads the last known stable settings.
Option A (fw ctl set int fw1_kernel_all_disable=1) is not a standard or documented method for "undoing" all kernel tweaks.
Option B (Restore fwkem.conf from backup and reboot the gateway) is the correct and straightforward approach.
Option C (fw unloadlocal) removes the local policy but does not revert custom kernel parameters that have already been loaded at boot.
Option D (Remove all kernel parameters from fwkem.conf and reboot) might help in some cases, but you risk losing other beneficial or necessary parameters if there were legitimate custom settings. Restoring from a known-good backup is safer and more precise.
Hence, the best answer:
"Restore fwkem.conf from backup and reboot the gateway."
Check Point Troubleshooting Reference
sk98339 - Working with fwkern.conf (kernel parameters) in Gaia OS.
sk92739 - Advanced System Tuning in Gaia OS.
Check Point Gaia Administration Guide - Section on kernel parameters and system tuning.
Check Point CLI Reference Guide - Explanation of using fw ctl, fw unloadlocal, and relevant troubleshooting commands.
NEW QUESTION # 57
In Mobile Access VPN. clientless access is done using a web browser. The primary communication path for these browser based connections is a process that allows numerous processes to utilize port
443 and redirects traffic to a designated port of the respective process Which daemon handles this?
- A. HTTPS Inspection Daemon (HID)
- B. Multi-portal Daemon (MPD)
- C. Mobile Access Daemon (MAD)
- D. Connectra VPN Daemon (cvpnd)
Answer: B
Explanation:
The Multi-portal Daemon (mpdaemon) is responsible for handling the clientless access connections in Mobile Access VPN. It listens on port 443 and redirects the traffic to the appropriate port of the process that handles the specific connection type, such as cvpnd for SSL Network Extender, MAD for Mobile Access Portal, or HID for HTTPS Inspection. The mpdaemon also performs authentication and authorization for the clientless access connections. Reference: Check Point Processes and Daemons1, Mobile Access Blade Administration Guide
1: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638 : https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Mobile_Access_AdminGuide/html_frameset.htm
NEW QUESTION # 58
What is the benefit of fw ctl debug over fw ctl zdebug?
- A. There is no difference Both are used for debugging kernel
- B. You don't need timestamps
- C. You only need 1MB buffer
- D. It allows you to debug multiple modules at the same time
Answer: D
NEW QUESTION # 59
The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?
- A. fw ctl debug/kdebug
- B. fw debug/kdebug
- C. fw debug/kdebug ctl
- D. fw ctl zdebug
Answer: A
NEW QUESTION # 60
Which command is used to write a kernel debug to a file?
- A. fw ctl debug -S -t > debug.txt
- B. fw ctl kdebug -T -I > debug.txt
- C. fw ctl kdebug -T -f > debug.txt
- D. fw ctl debut -T -f > debug.txt
Answer: C
NEW QUESTION # 61
Your users have some issues connecting with Mobile Access VPN to your gateway. How can you debug the tunnel establishment?
- A. in the file $VPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run vpn restart
- B. run vpn debug truncon
- C. run fw ctl zdebug -m sslvpn all
- D. in the file $CVPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run cvpnrestart
Answer: D
NEW QUESTION # 62
You do not see logs in the SMS. When you login on the SMS shell and run cpwd_admin list you notice that the RFL process is with status T. What command can you run to try to resolve it?
- A. rflsop and rflstart
- B. RFLstop and RFLstart
- C. evstart and evstop
- D. smartlog_server stop and smartlog_server restart
Answer: C
NEW QUESTION # 63
The two procedures available for debugging in the firewall kernel are
i. fw ctl zdebug
ii. fw ctl debug/kdebug
Choose the correct statement explaining the differences in the two
- A. (i) is used on a Security Gateway, whereas (ii) is used on a Security Management Server
- B. (i) is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to getan output via command line whereas (ii) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line
- C. (i) is used to debug the access control policy only, however (ii) can be used to debug a unified policy
- D. (i) is used to debug only issues related to dropping of traffic, however (ii) can be used for any firewall issue including NATing, clustering etc.
Answer: B
NEW QUESTION # 64
What Check Point process controls logging?
- A. CPD
- B. CPM
- C. CPVVD
- D. FWD
Answer: D
NEW QUESTION # 65
What is NOT a benefit of the 'fw ctl zdebug' command?
- A. Clean the buffer
- B. Collect debug messages from the kernel
- C. Cannot be used to debug additional modules
- D. Automatically allocate a 1MB buffer
Answer: C
Explanation:
The fw ctl zdebug command is a powerful tool that can be used to collect debug messages from the kernel, clean the buffer, and automatically allocate a 1MB buffer. However, it cannot be used to debug additional modules, such as SecureXL, CoreXL, or VPN. For those modules, other commands or tools are needed, such as fwaccel dbg, fw ctl affinity, or vpn debug.
References:
* 2: "fw ctl zdebug" - Helpful Command Combinations
* 3: How to use " fw ctl zdebug" command
Troubleshooting Expert R81.1 (CCTE) Course Outline) - Module 4: Debugging Tools and Methods
NEW QUESTION # 66
Which of the following inputs is suitable for debugging HTTPS inspection issues?
- A. fw diag debug tls enable
- B. fw debug tls on TDERROR_ALL_ALL=5
- C. vpn debug cptls on
- D. fw ctl debug -m fw + conn drop cptls
Answer: D
NEW QUESTION # 67
Which of these packet processing components stores Rule Base matching state-related information?
- A. Manager
- B. Classifiers
- C. Observers
- D. Handlers
Answer: D
NEW QUESTION # 68
......
CheckPoint 156-587 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
156-587 Free Sample Questions to Practice One Year Update: https://examtorrent.vce4dumps.com/156-587-latest-dumps.html