
156-585無料認定試験材料はこちらの116問題
リアル156-585は100%カバー率リアル試験問題を試そう!
試験は90問の複数選択問題から成り、受験者は2時間で解答する必要があります。試験は、セキュリティゲートウェイとマネジメントソフトウェアのトラブルシューティング、パケットキャプチャとログの分析、VPN、NAT、クラスタリング構成に関連する問題の解決など、さまざまなトピックをカバーしています。試験に合格し、Check Point Certified Troubleshooting Expert 認定を取得することは、複雑なCheck Point Security Gatewayとマネジメント環境で問題をトラブルシューティングする能力を示すものです。
チェックポイント認定トラブルシューティングエキスパート(156-585)認定試験は、複雑なチェックポイントセキュリティゲートウェイと管理サーバーの構成をトラブルシューティングする個人の能力をテストするように設計されています。この試験は、チェックポイント製品を深く理解し、組織のセキュリティインフラストラクチャ内で発生する問題のトラブルシューティングを担当するIT専門家向けです。この試験に合格すると、複雑なセキュリティ問題を解決する個人の専門知識が示され、あらゆる組織にとって貴重な資産になります。
質問 # 19
Which Daemon should be debugged for HTTPS Inspection related issues?
- A. WSTLSO
- B. VPND
- C. HTTPD
- D. FWD
正解:A
質問 # 20
During firewall kernel debug with fw ctl zdebug you received less information than expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?
- A. Redirect debug output to file; Use fw ctl zdebug -o ./debug.elg
- B. Increase debug buffer; Use fw ctl zdebug -buf 32768
- C. Redirect debug output to file; Use fw ctl debug -o ./debug.elg
- D. Increase debug buffer; Use fw ctl debug -buf 32768
正解:D
質問 # 21
How can you increase the ring buffer size to 1024 descriptors?
- A. set interface eth0 rx-ringsize 1024
- B. dbedit>modify properties firewall_properties rx_ringsize 1024
- C. echo rx_ringsize=1024>>/etc/sysconfig/sysctl.conf
- D. fw ctl int rx_ringsize 1024
正解:A
質問 # 22
PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell Which command do you need to enter the PostgreSQL interactive shell?
- A. mysql -u root
- B. mysql_client cpm postgres
- C. psql_c!ieni postgres cpm
- D. psql_client cpm postgres
正解:B
質問 # 23
How many captures does the command "fw monitor -p all" take?
- A. All 4 points of the fw VM modules
- B. The -p option takes the same number of captures, but gathers all of the data packet
- C. 1 from every inbound and outbound module of the chain
- D. All 15 of the inbound and outbound modules
正解:C
質問 # 24
What is NOT a benefit of the fw ctl zdebug command?
- A. Automatically allocate a 1MB buffer
- B. Collect debug messages from the kernel
- C. Cannot be used to debug additional modules
- D. Clean the buffer
正解:C
質問 # 25
What is the best way to resolve an issue caused by a frozen process?
- A. Reboot the machine
- B. Restart the process
- C. Kill the process
- D. Power off the machine
正解:B
質問 # 26
Which situation triggers an IPS bypass under load on a 24-core Check Point appliance?
- A. the average cpu utilization over all cores must be above the threshold for 1 second
- B. any of the CPU cores is above the threshold for more then 10 seconds
- C. all CPU core most be above the threshold for more than 10 seconds
- D. a single CPU core must be above the threshold for more than 10 seconds, but is must be the same core during this time
正解:B
質問 # 27
Where will the usermode core files be located?
- A. SCPDIR/var/log/dump/usermode
- B. /var/log/dump/usermode
- C. SFWDlR/var'log/dump/usermode
- D. /var/suroot
正解:B
質問 # 28
What does SIM handle?
- A. Hardware communication to the accelerator
- B. Accelerating packets
- C. OPSEC connects to SecureXL
- D. FW kernel to SXL kernel hand off
正解:A
質問 # 29
What is connect about the Resource Advisor (RAD) service on the Security Gateways?
- A. RAD is not a separate module, it is an integrated function of the 'fw1 kernel module and does all operations in the kernel space
- B. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There isno user space involvement in this process
- C. RAD functions completely in user space The Pattern Matter (PM) module ofthe CMI looks up for URLs in the cache and if not found, contact the RAD process inuser space to do online categorization
- D. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses andforwards a-sync requests to RADuser space module which is responsible for online categorization
正解:C
質問 # 30
You are upgrading your NOC Firewall (on a Check Point Appliance) from R77 to R80 30 but you did not touch thesecuritypolicy After the upgrade you can't connect to the new R80 30 SmartConsole of the upgraded Firewall anymore What is a possible reason for this?
- A. the license became invalig and the firewall does not start anymore
- B. new new console port is 19009 and a access rule ts missing
- C. the upgrade process changed the interfaces and IP adresses and you have to switch cables
- D. the IPS System on the new R80.30 Version prohibits direct Smartconsole access to a standalone firewall
正解:D
質問 # 31
You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore you need to add a timestamp to the kernel debug and write the output to a file What is the correct syntax for this?
- A. fw ctl kdebug -T > filename.debug
- B. fw ctl kdebug -T -f > filename.debug
- C. fw ctl kdebug -T -f -o filename.debug
- D. fw ctl debug -T -f > filename.debug
正解:D
質問 # 32
You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For configuration you used the *fw ctl set' command After reboot you noticed that these parameters returned to their default values What do you need to do to make this configuration work immediately and stay permanent?
- A. Set these parameters again with "fw ctl set" and edit appropriate parameters in $FWDIR/boot/modules/ fwkern.conf
- B. Edit appropriate parameters in $FWDIR/boot/modules/fwkern.conf
- C. Set these parameters again with "fw ctl set" and save configuration with "save config"
- D. Use script $FWDIR/bin IpsSetBypass.sh to set these parameters
正解:A
解説:
Explanation
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=
質問 # 33
VPN issues may result from misconfiguration, communication failure, or incompatible default configurations between peers Which basic command syntax needs to be used fortroubleshootingSite-to-Site VPN Issues?
- A. cp debug truncon
- B. vpn debug truncon
- C. vpn truncon debug
- D. fw debug truncon
正解:C
質問 # 34
Which command is used to write a kernel debug to a file?
- A. fw ctl debug -S -t > debug.txt
- B. fw ctl kdebug -T -f > debug.txt
- C. fw ctl kdebug -T -l > debug.txt
- D. fw ctl debug -T -f > debug.txt
正解:B
質問 # 35
What is the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?
- A. the C2S VPN can not be debugged as it uses different protocols for the key exchange
- B. the C2S client uses Browser based SSL vpn and can't be debugged
- C. there is no difference
- D. the C2S VPN uses a different VPN daemon and there a second VPN debug
正解:B
質問 # 36
Joey is configuring a site-to-site VPN with his business partner. On Joey's site he has a Check Point R80.10 Gateway and his partner uses Cisco ASA 5540 as a gateway.
Joey's VPN domain on the Check Point Gateway object is manually configured with a group object that contains two network objects:
VPN_Domain3 = 192.168.14.0/24
VPN_Domain4 = 192.168.15.0/24
Partner's site ACL as viewed from "show run"
access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.14.0 255.255.255.0 access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.15.0 255.255.255.0 When they try to establish VPN tunnel, it fails. What is the most likely cause of the failure given the information provided?
- A. Tunnel fails on Joey's site, because he misconfigured IP address of VPN peer.
- B. Tunnel fails on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation. Check Point continues to present its own encryption domain as 192.168.14.0/23, but the peer expects the two distinct networks 192.168.14.0/24 and 192.168.15.0/24.
- C. Tunnel falls on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation due to the algorithm mismatch.
- D. Tunnel falls on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation. Check Point continues to present its own encryption domain as 192.168.14.0/24 and 192.168.15.0/24, but the peer expects the one network 192.168.14.0/23
正解:B
質問 # 37
Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation files and communications with Threat Cloud?
- A. inmsd
- B. scrub
- C. ctasd
- D. ted
正解:D
解説:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
質問 # 38
Troubleshooting issues with Mobile Access requires the following:
- A. Standard VPN debugs and packet captures on Security Gateway, debugs of "cvpnd' process on Security Management
- B. Standard VPN debugs, packet captures, and debugs of cvpnd' process on Security Gateway
- C. 'ma_vpnd' process on Secunty Gateway
- D. Debug logs of FWD captured with the command - 'fw debug fwd on TDERROR_MOBILE_ACCESS=5'
正解:B
質問 # 39
The Check Point Firewall Kernel is the core component of the Gala operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?
- A. fw debug/kdebug ctl
- B. fw ctl zdebug
- C. fw ctl debug/kdebug
- D. fw debug/kdebug
正解:B
質問 # 40
Check Point provides tools & commands to help you to identify issues about products and applications. Which Check Point command can help you to display status and statistics information for various Check Point products and applications?
- A. cpstat
- B. CPstat
- C. CPview
- D. fwstat
正解:A
質問 # 41
Some users from your organization have been reported some connection problems with CIFS since this morning. You suspect an IPS Issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to check if the packets pass the IPS. What command do you need to run?
- A. fw monitor -ml -pl 5 -e <filterexpression>
- B. fw monitor -pi 5 -e <filterexpression>
- C. tcpdump -eni any <filterexpression>
- D. fw monitor -pl asm <filterexpression>
正解:A
質問 # 42
......
156-585試験問題集簡単なまとめ:https://jp.fast2test.com/156-585-premium-file.html
156-585最新CCTEトレーニングと認定をゲット:https://drive.google.com/open?id=1fM4JSYR5cCzRjKGm4pwWtBawDkDjINT1