NEW QUESTION 1
Some users from your organization have been reporting some connection problems with CIFS since this morning You suspect an IPS issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS chain module (position 4 in the chain) to check If the packets pass the IPS. What command do you need to run?

• A. fw monitor -ml -pi 5 -e <filterexperession>
• B. fw monitor -pi 5 -e <filterexptession>
• C. tcpdump -eni any <filterexpression>
• D. fw monitor -pi asm <filtefexpfession>

Answer: C

NEW QUESTION 2
What is the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

• A. there is no difference
• B. the C2S VPN uses a different VPN daemon and there a second VPN debug
• C. the C2S VPN can not be debugged as it uses different protocols for the key exchange
• D. the C2S client uses Browser based SSL vpn and can’t be debugged

Answer: D

NEW QUESTION 3
What is the proper command for allowing the system to create core files?

• A. $FWDIR/scripts/core-dump-enable.sh
• B. # set core-dump enable# save config
• C. service core-dump start
• D. >set core-dump enable>save config

Answer: D

NEW QUESTION 4
Which command do you need to execute to insert fw monitor after TCP streaming (out) in the outbound chain using absolute position? Given the chain was 1ffffe0, choose the correct answer.

• A. fw monitor –po -0x1ffffe0
• B. fw monitor –p0 ox1ffffe0
• C. fw monitor –po 1ffffe0
• D. fw monitor –p0 –ox1ffffe0

Answer: A

Explanation:
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_PerformanceTuning_AdminG

NEW QUESTION 5
When a User process or program suddenly crashes, a core dump is often used to examine the problem. Which command is used to enable the core-dumping via GAIA dish?

• A. set core-dump enable
• B. set core-dump per_process
• C. set user-dump enable
• D. set core-dump total

Answer: A

NEW QUESTION 6
Which command can be run in Expert mode to verify the core dump settings?

• A. grep cdm /config/db/coredump
• B. grep cdm /config/db/initial
• C. grep $FWDIR/config/db/initial
• D. cat /etc/sysconfig/coredump/cdm.conf

Answer: C

NEW QUESTION 7
In Security Management High Availability, if the primary and secondary managements, running the same version of R80.x, are in a state of ‘Collision’, how can this be resolved?

• A. Administrator should manually synchronize the servers using SmartConsole
• B. The Collision state does not happen in R80.x as the synchronizing automatically on every publish action
• C. Reset the SIC of the secondary management server
• D. Run the command ‘fw send synch force’ on the primary server and ‘fw get sync quiet’ on the secondary server

Answer: A

NEW QUESTION 8
The Check Pom! Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process There are two procedures available for debugging the firewall kernel Which procedure/command is used for troubleshooting packet drops and other kernel activites while using minimal resources (1 MB buffer)?

• A. fw ctl zdebug
• B. fw ctl debug/kdebug
• C. fwk ctl debug
• D. fw debug ctl

Answer: A

NEW QUESTION 9
What are some measures you can take to prevent IPS false positives?

• A. Exclude problematic services from being protected by IPS (sip, H 323, etc )
• B. Use IPS only in Detect mode
• C. Use Recommended IPS profile
• D. Capture packet
• E. Update the IPS database, and Back up custom IPS files

Answer: A

NEW QUESTION 10
Your fwm constantly crashes and is restarted by the watchdog. You can't find any coredumps related to this process, so you need to check If coredumps are enabled at all How can you achieve that?

• A. in dish run show core-dump status
• B. in expert mode run show core-dump status
• C. in dish run set core-dump status
• D. in dish run show coredumb status

Answer: D

NEW QUESTION 11
Which process is responsible for the generation of certificates?

• A. cpm
• B. cpca
• C. dbsync
• D. fwm

Answer: B

NEW QUESTION 12
Which command can be run in Expert mode lo verify the core dump settings?

• A. grep cdm /config/db/coredump
• B. grep cdm /config/db/initial
• C. grep SFWDlR/config/db/initial
• D. cat /etc/sysconfig/coredump/cdm conf

Answer: C

NEW QUESTION 13
What is the simplest and most efficient way to check all dropped packets in real time?

• A. fw ctl zdebug * drop in expert mode
• B. Smartlog
• C. cat /dev/fwTlog in expert mode
• D. tail -f SFWDIR/log/fw log |grep drop in expert mode

Answer: D

NEW QUESTION 14
You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore you need to add a timestamp to the kernel debug and write the output to a file What is the correct syntax for this?

• A. fw ctl kdebug -T -f > filename.debug
• B. fw ctl kdebug -T > filename.debug
• C. fw ctl debug -T -f > filename.debug
• D. fw ctl kdebug -T -f -o filename.debug

Answer: C

NEW QUESTION 15
The Check Point Firewall Kernel is the core component of the Gala operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?

• A. fw ctl debug/kdebug
• B. fw ctl zdebug
• C. fw debug/kdebug
• D. fw debug/kdebug ctl

Answer: B

NEW QUESTION 16
When debugging is enabled on firewall kernel module using the ‘fw ctl debug’ command with required options, many debug messages are provided by the kernel that help the administrator to identify issues. Which of the following is true about these debug messages generated by the kernel module?

• A. Messages are written to a buffer and collected using ‘fw ctl kdebug’
• B. Messages are written to console and also /var/log/messages file
• C. Messages are written to /etc/dmesg file
• D. Messages are written to $FWDIR/log/fw.elg

Answer: B

NEW QUESTION 17
......