Check Point Certified Troubleshooting Expert v1.0

Page:    1 / 5   
Exam contains 75 questions
Expand All

You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file but you can’t afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs. What is the correct syntax for this?

  • A. fw ctl kdebug -T -f -m 10 -s 1000000 -o debugfilename
  • B. fw ctl kdebug -T -f -m 10 -s 1000000 > debugfilename
  • C. fw ctl kdebug -T -m 10 -s 1000000 -o debugfilename
  • D. fw ctl debug -T -f -m 10 -s 1000000 -o debugfilename


Answer : D

You have configured IPS Bypass Under Load function with additional kernel parameters: ids_tolerance_no_stress=15 and ids_tolerance_stress=15. For configuration you used the “fw ctl set” command. After reboot you noticed that these parameters returned to their default values. What do you need to do to make this configuration work immediately and stay permanent?

  • A. Set these parameters again with “fw ctl set” and edit appropriate parameters in $FWDlR/boot/modules/fwkern.conf
  • B. Use script $FWDIR/bin/ IpsSetBypass.sh to set these parameters
  • C. Set these parameters again with “fw ctl set’ and save configuration with “save config”
  • D. Edit appropriate parameters in $FWDIR/boot/modules/fwkern.conf


Answer : A

Check Point provides tools & commands to help you to identify issues about products and applications. Which Check Point command can help you to display status and statistics information for various Check Point products and applications?

  • A. cpstat
  • B. CPstat
  • C. CPview
  • D. fwstat


Answer : A

You are running R80.XX on an open server and you see a high CPU utilization on your 12 CPU cores. You now want to enable Hyperthreading to get more cores to gain some performance. What is the correct way to achieve this?

  • A. Hyperthreading is not supported on open servers, on Check Point Appliances
  • B. Just turn on HAT in the bios of the server and boot it
  • C. Just turn on HAT in the bios of the server and after it was booted enable it in cpconfig
  • D. in clish run set HAT on


Answer : A

The customer is using Check Point appliances that were configured long ago by third-party administrators. Current policy includes different enabled IPS protections and Bypass Under Load function. Bypass Under Load is configured to disable IPS inspections of CPU and Memory usage is higher than 80%. The Customer reports that IPS protections are not working at all regardless of CPU and Memory usage. What is the possible reason of such behavior?

  • A. The kernel parameter ids_assume_stress is set to 0
  • B. The kernel parameter ids_assume_stress is set to 1
  • C. The kernel parameter ids_tolerance_no_stress is set to 10
  • D. The kernel parameter ids_tolerance_stress is set to 10


Answer : D

What is the benefit of running “vpn debug trunc” over “vpn debug on”?

  • A. “vpn debug trunc” purges ike.elg and vpnd.elg and creates timestamp while starting ike debug and vpn debug
  • B. “vpn debug trunc” truncates the capture hence the output contains minimal capture
  • C. “vpn debug trunc” provides verbose capture
  • D. No advantage one over other


Answer : A

In Security Management High Availability, if the primary and secondary managements, running the same version of R80.x, are in a state of ‘Collision’, how can this be resolved?

  • A. Administrator should manually synchronize the servers using SmartConsole
  • B. The Collision state does not happen in R80.x as the synchronizing automatically on every publish action
  • C. Reset the SIC of the secondary management server
  • D. Run the command ‘fw send synch force’ on the primary server and ‘fw get sync quiet’ on the secondary server


Answer : A

After kernel debug with “fw ctl debug” you received a huge amount of information. It was saved in a very large file that is difficult to open and analyze with standard text editors. Suggest a solution to solve this issue.

  • A. Use “fw ctl debug” because of 1024KB buffer size
  • B. Divide debug information into smaller files. Use “fw ctl debug -f -o “filename” -m 25 -s “1024”
  • C. Reduce debug buffer to 1024KB and run debug for several times
  • D. Use Check Point InfoView utility to analyze debug output


Answer : C

What is the most efficient way to view large fw monitor captures and run filters on the file?

  • A. wireshark
  • B. CLISH
  • C. CLI
  • D. snoop


Answer : A

What does SIM handle?

  • A. Accelerating packets
  • B. FW kernel to SXL kernel hand off
  • C. OPSEC connects to SecureXL
  • D. Hardware communication to the accelerator


Answer : D

Which process is responsible for the generation of certificates?

  • A. cpm
  • B. cpca
  • C. dbsync
  • D. fwm


Answer : B

How does the URL Filtering Categorization occur in the kernel?
1. RAD provides the status of the search to the client.
2. The a-sync request is forwarded to the RAD User space via the RAD kernel for online categorization.
3. The online detection service responds with categories and the kernel cache is updated.
4. The kernel cache notifies the RAD kernel of hits and misses.
5. URL lookup initiated by the client.
6. URL lookup occurs in the kernel cache.
7. The client sends an a-sync request back to RAD If the URL was not found.

  • A. 5, 6, 7, 1, 3, 2, 4
  • B. 5, 6, 2, 4, 1, 7, 3
  • C. 5, 6, 4, 1, 7, 2, 3
  • D. 5, 6, 3, 1, 2, 4, 7


Answer : C

Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources, such as Application Control and IPS, and complies them together into unified Pattern Matchers?

  • A. CMI Loader
  • B. cpas
  • C. PSL - Passive Signature Loader
  • D. Context Loader


Answer : A

What is the function of the Core Dump Manager utility?

  • A. To generate a new core dump for analysis
  • B. To limit the number of core dump files per process as well as the total amount of disk space used by core files
  • C. To determine which process is slowing down the system
  • D. To send crash information to an external analyzer


Answer : B

To check the current status of hyper-threading, which command would you execute in expert mode?

  • A. cat /proc/hypert_status
  • B. cat /proc/smt_status
  • C. cat /proc/hypert_stat
  • D. cat /proc/smt_stat


Answer : B

Page:    1 / 5   
Exam contains 75 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy