156-586 VS 156-587: Which is the Correct Exam for Check Point Certified Troubleshooting Expert (CCTE) Certification?

1. What command is used to find out which port Multi-Portal has assigned to the Mobile Access Portal?

2. What is the simplest and most efficient way to check all dropped packets in real time?

3. What table does the command "fwaccel conns" pull information from?

4. What is the kernel process for Content Awareness that collects the data from the contexts received from the CMI and decides if the file is matched by a data type?

5. Where do Protocol parsers register themselves for IPS?

6. Which command do you need to execute to insert fw monitor after TCP streaming (out) in the outbound chain using absolute position? Given the chain was 1ffffe0, choose the correct answer.

7. What are the four ways to insert an FW Monitor into the firewall kernel chain?

8. Check Point's PostgreSQL is partitioned into several relational database domains.

Which domain contains network objects and security policies?

9. During firewall kernel debug with fw ctl zdebug you received less information than expected. You noticed that a lot of messages were lost since the time the debug was started.

What should you do to resolve this issue?

10. What command sets a specific interface as not accelerated?

11. Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation files and communications with Threat Cloud?

12. The management configuration stored in the Postgres database is partitioned into several relational database Domains, like - System, User, Global and Log Domains. The User Domain stores the network objects and security policies.

Which of the following is stored in the Log Domain?

13. Which process is responsible for the generation of certificates?

14. What is the most efficient way to view large fw monitor captures and run filters on the file?

15. The two procedures available for debugging in the firewall kernel are

i fw ctl zdebug

ii fw ctl debug/kdebug

Choose the correct statement explaining the differences in the two

16. When a User Mode process suddenly crashes it may create a core dump file.

Which of the following information is available in the core dump and may be used to identify the root cause of the crash?

i Program Counter

ii Stack Pointer

ii. Memory management information

iv Other Processor and OS flags / information

17. What is the buffer size set by the fw ctl zdebug command?

18. You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For configuration you used the *fw ctl set' command After reboot you noticed that these parameters returned to their default values.

What do you need to do to make this configuration work immediately and stay permanent?

19. What are some measures you can take to prevent IPS false positives?

20. What is the function of the Core Dump Manager utility?

21. John works for ABC Corporation. They have enabled CoreXL on their firewall John would like to identify the cores on which the SND runs and the cores on which the firewall instance is running.

Which command should John run to view the CPU role allocation?

22. Which of the following daemons is used for Threat Extraction?

23. URL Filtering is an essential part of Web Security in the Gateway.

For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required''

24. You are upgrading your NOC Firewall (on a Check Point Appliance) from R77 to R80 30 but you did not touch the security policy After the upgrade you can't connect to the new R80 30 SmartConsole of the upgraded Firewall anymore.

What is a possible reason for this?

25. You are running R80.XX on an open server and you see a high CPU utilization on your 12 CPU cores You now want to enable Hyperthreading to get more cores to gain some performance.

What is the correct way to achieve this?

26. Where will the usermode core files be located?

27. When running a debug with fw monitor, which parameter will create a more verbose output?

28. PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell

Which command do you need to enter the PostgreSQL interactive shell?

29. Check Point Access Control Daemons contains several daemons for Software Blades and features.

Which Daemon is used for Application & Control URL Filtering?

30. Your fwm constantly crashes and is restarted by the watchdog. You can't find any coredumps related to this process, so you need to check If coredumps are enabled at all.

How can you achieve that?

31. Which of the following is NOT a valid "fwaccel" parameter?

32. Troubleshooting issues with Mobile Access requires the following:

33. After kernel debug with "fw ctl debug" you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to solve this issue.

34. Which of the following inputs is suitable for debugging HTTPS inspection issues?

35. Which command can be run in Expert mode lo verify the core dump settings?

36. What does SIM handle?

37. Which file is commonly associated with troubleshooting crashes on a system such as the Security Gateway?

38. Vanessa is reviewing ike.elg file to troubleshoot failed site-to-site VPN connection After sending Mam Mode Packet 5 the response from the peer is PAYLOAD-MALFORMED"

What is the reason for failed VPN connection?

39. For TCP connections, when a packet arrives at the Firewall Kemel out of sequence or fragmented, which layer of IPS corrects this lo allow for proper inspection?

40. What is the correct syntax to turn a VPN debug on and create new empty debug files?