156-585Preview

If IPS protections that prevent SecureXL from accelerating traffic, such as Network Quota, Fingerprint Scrambling, TTL Masking etc, have to be used, what is recommended practice to enhance the performance of the gateway?

The Check Point Firewall Kernel is the core component of the Gala operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?

What are the four ways to insert an FW Monitor into the firewall kernel chain?

The customer is using Check Point appliances that were configured long ago by third-party administrators. Current policy includes different enabled IPS protections and Bypass Under Load function. Bypass Under Load is configured to disable IPS inspections of CPU and Memory usage is higher than 80%. The Customer reports that IPS protections are not working at all regardless of CPU and Memory usage. What is the possible reason of such behavior?

What is the main SecureXL database for tracking acceleration status of traffic?

If the cpsemd process of SmartEvent has crashed or is having trouble to coming up, then it usually indicates that _______________.

What process is responsible for sending and receiving logs in the management server?

What are some measures you can take to prevent IPS false positives?

Which command can be run in Expert mode to verify the core dump settings?

What is the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

Which kernel process is used by Content Awareness to collect the data from contexts?

You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file but you can’t afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs. What is the correct syntax for this?

The two procedures available for debugging in the firewall kernel are: i. fw ctl zdebug ii. fw ctl debug/kdebug
Choose the correct statement explaining the difference in the two.

When a User Mode process suddenly crashes, it may create a core dump file. Which of the following information is available in the core dump and may be used to identify the root cause of the crash? i. Program Counter ii. Stack Pointer iii. Memory management information iv. Other Processor and OS flags / information

You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file. What is the correct syntax for this?

What table does command “fwaccel conns” pull information from?

When a User process or program suddenly crashes, a core dump is often used to examine the problem. Which command is used to enable the core-dumping via GAIA clish?

During firewall kernel debug with fw ctl zdebug you received less information that expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?

What is the best way to resolve an issue caused by a frozen process?

What process monitors, terminates, and restarts critical Check Point processes as necessary?

Which one of the following is NOT considered a Solr core partition?

Which Daemon should be debugged for HTTPS Inspection related issues?

John works for ABC Corporation. They have enabled CoreXL on their firewall. John would like to identify the cores on which the SND runs and the cores on which the firewall Instance is running. Which command should John run to view the CPU role allocation?

To check the current status of hyper-threading, which command would you execute in expert mode?