156-581 Exam Questions

What is the most efficient way to view large fw monitor captures and run filters on the file?

Check Point's self-service knowledge base of technical documents and tools covers everything from articles describing how to fix specific issues, understand error messages and to h...

Which of the following System Monitoring Commands (Linux) shows process resource utilization, as well as core and memory utilization?

Is it possible to analyze ICMP packets with tcpdump?

Which of the following is NOT a way to insert fw monitor into the chain when troubleshooting packets throughout the chain?

The Check Point FW Monitor tool captures and analyzes incoming packets at multiple points in the traffic inspections. Which of the following is the correct inspection flow for traf...

Which of the following CLI commands is best to use for getting a quick look at appliance performance information in Gaia?

Which of the following is a valid way to capture general packets on Check Point gateways?

What are the four ways to insert an FW Monitor into the firewall kernel chain?

Some users from your organization have been reporting some connection problems with CIFS since this morning. You suspect an IPS issue after an automatic IPS update last night. So y...

When running a debug with fw monitor, which parameter will create a more verbose output?

Which is the correct 'fw monitor syntax for creating a capture file for loading it into Wireshark?

Johnny works as a firewall administrator in ALPHA Corporation. He is also an Account Administrator in the Check Point UserCenter for his company. When searching through SecureKnowl...

Which of the following is true about tcpdump?

If you run the command "fw monitor -e "accept src.10.1.1.101 or src=172.21.201.10 or src=192.0.2.11 from the Cli.sh. What will be captured?

UserCenter/PartnerMAP access is based on what criteria?

What file extension should be used with fw monitor to allow the output file to be imported and read in Wireshark?

When opening a new Service Request, what feature is in place to help guide you through the process?

When using "fw monitor" in R80.30, it is highly recommended that you:

Which would be a good reason to let "fw monitor' display results to the console, rather the output to a file?

What does the FWD daemon instruct the gateway to do when communication issues between the gateway and SMS/Log Server occurs?

Jerry is firewall administrator in BRAVO Company. He gets a call from the R&D department Manager who says that some employees from R&D could not access new development server (192....

Where would you look to find the error log file to investigate a logging issue on the Security Management Server?

What is a primary advantage of using the fw monitor tool?

To verify that communication is working between the Security Management Server and the Security Gateway, which service port should be checked?

How can a firewall admin check if the logs are coming from Security Gateway Cluster to Management Server?

The communication between the Security Management Server and Security Gateway to forward logs is done using the following process and port number.

How would you check the connection status of a gateway to the Log server?

Which of these would be the best way to alter the chain insertion point of fw monitor"?

One of most common reasons that firewall administrator couldn't login anymore into a newly installed R80.x Security Management via SmartConsole is, that the 15-day trial license wa...

What is the difference between the "Super User" and "Read Write All SmartConsole permission profiles?

During the policy installation process, compiled policies are located in three different directories, which directory contains the last policy which was compiled successfully on th...

After manipulating the rulebase and objects with SmartConsole the application crashes and closes immediately. To troubleshoot you will need to review the crash report. In which dir...

What can be a good troubleshooting tip for the error message "load on module failed?"

Which version of SmartConsole is recommended?

After reviewing the Install Policy report and error codes listed in it, you need to check if the policy installation port is open on the Security Gateway. What is the correct port...

The default time out for policy installation is

Chuck is a firewall administrator. He runs into some issues with policy installation, so he wants to check if all policy ports are open. How should he do it? Select the best answer...

What would be the most likely response when attempting to use SmartConsole to connect to a management server with the wrong credentials?

After successful policy installation, the gateway stores a copy of the most recently installed policy package in which location?

The Identity Awareness process that enforces network access restrictions on traffic based on the identity and negotiates with PDP about shared identities is called?

The Identity Awareness process that receives identity data from the identity sources and organizes it in tables before forwarding the data to the enforcement module is called

On which port do Identity Agents communicate with the gateway?

Johnny has connectivity issues on datacenter firewall. His access to Finance department server suddenly stopped working. He is constantly redirected to Captive Portal and asked to...

The module responsible for communicating with Active Directory services to gather identity information is called

Application Control and URL Filtering update files are located in which directory?

In the SmartConsole logs, you are seeing messages reporting NAT port exhaustion. What command would you use to check the status of the NAT table?

Which of the following kernel tables can provide useful information in troubleshooting Hide NAT port exhaustion?

After deploying a new Static NAT configuration, traffic is not getting through. What command would you use to troubleshoot internal problems with the NAT traffic?

Performing NAT on the Client Side means that translation of all packets will occur?