156-587 Exam Questions

What Check Point process controls logging?

Which of the following daemons is used for Threat Extraction?

If the cpsemd process of SmartEvent has crashed or is having trouble coming up, then it usually indicates that __________.

Your users are having trouble opening a Web page and you need to troubleshoot it. You open the Smart Console, and you get the following message when you navigate to the Logs and Mo...

You do not see logs in the SMS. When you login on the SMS shell and run cpwd_admin list you notice that the RFL process is with status T. What command can you run to try to resolve...

Where do you enable log indexing on the SMS?

What is the correct syntax to turn a VPN debug on and create new empty debug files?

Which of the following file is commonly associated with troubleshooting crashes on a system such as the Security Gateway?

When a User process or program suddenly crashes, a core dump is often used to examine the problem. Which command is used to enable the core-dumping via GAIA clish?

The management configuration stored in the Postgres database is partitioned into several relational database domains. What is the purpose of the Global Domain?

What is the most efficient way to read an IKEv2 Debug?

Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources, such as Application Control and IPS,...

VPN issues may result from misconfiguration, communication failure, or incompatible default configurations between peers. Which basic command syntax needs to be used for troublesho...

User defined URLS and HTTPS Inspection User defined URLs on the Security Gateway are stored in which database file?

What process monitors, terminates, and restarts critical Check Point processes as necessary?

Which process is responsible for the generation of certificates?

You are using the Identity Collector with Identity Awareness in large environment. Users report that they cannot access resources on Internet. You identify that the traffic is matc...

What are the four main database domains?

Captive Portal, PDP and PEP run in what space?

Which Daemon should be debugged for HTTPS Inspection related issues?

The two procedures available for debugging in the firewall kernel are

In Check Point's Packet Processing Infrastructure, what is the role of Observers?

You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write th...

How can you start debug of the Unified Policy with all possible flags turned on?

What is the kernel process for Content Awareness that collects the data from the contexts received from the CMI and decides if the file is matched by a data type?

For Identity Awareness, what is the PDP process?

What is the simplest and most efficient way to check all dropped packets in real time?

After kernel debug with "fw ctl debug" you received a huge amount of information. It was saved in a very large file that is difficult to open and analyze with standard text editors...

You are seeing output from the previous kernel debug. What command should you use to avoid that?

Which of the following would NOT be a flag when debugging a unified policy?

Which of the following inputs is suitable for debugging HTTPS inspection issues?

The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process. There are two procedures available for de...

URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request for...

What function receives the AD log event information?

Your users have some issues connecting with Mobile Access VPN to your gateway. How can you debug the tunnel establishment?

Which type of NAT allows both incoming and outgoing connections?

You have just acquired new licenses for your Check Point security Gateway. You need to attach the new license. What is the object in the Security Console where you can attach the l...

As a security administrator/engineer in your company, you have noticed that your HQ Check Point Security Management Server is not receiving logs from your HQ Check Point Gateway/Cl...

Check Point Threat Prevention policies can contain multiple policy layers and each layer consists of its own Rule Base. Which Threat Prevention daemon is used for Anti-virus?

Which command shows the installed licenses and contracts on a Check Point device?

Which of these packet processing components stores Rule Base matching state-related information?

That is the proper command for allowing the system to create core files?

What is correct about the Resource Advisor (RAD) service on the Security Gateways?

Which of the following is contained in the System Domain of the Postgres database?

Where will the usermode core files located?

When dealing with monolithic operating systems such as Gaia, where are system calls initiated from to achieve a required system level function?

What cli command is run on the GW to verify communication to the Identity Collector?

You receive reports that Users cannot browse internet sites. You are using identity awareness with AD Query and Identity Collector in addition you have the Browser Based Authentica...

Which of the following commands can be used to see the list of processes monitored by the Watch Dog process?

The FileApp parser in the Content Awareness engine does not extract text from which of the following file types?