1
What table does the command "fwaccel conns" pull information from?
cphwd_db
fwxl_conns
SecureXLCon
sxl_connections
2
Check Point Threat Prevention policies can contain multiple policy layers and each layer consists of its own Rule Base .Which Threat Prevention daemon is used for Anti-virus?
in.emaild.mta
in emaild
in.msd
ctasd
3
What is the purpose of the Hardware Diagnostics Tool?
Verifying that Security Gateway hardware is functioning correctly
Verifying the Security Management Server hardware is functioning correctly
Verifying that Check Point Appliance hardware is functioning correctly
Verifying that Check Point Appliance hardware is actually broken
4
What command is used to find out which port Multi-Portal has assigned to the Mobile Access Portal?
mpclient getdata mobi
mpclient getdata sslvpn
netstat -nap | grep mobile
netstat getdata sslvpn
5
Where will the usermode core files be located?
/var/log/dump/usermode
/var/suroot
$FWDlR/var'log/dump/usermode
$CPDIR/var/log/dump/usermode
6
Check Point's PostgreSQL is partitioned into several relational database domains. Which domain contains network objects and security policies?
User Domain
Global Domain
Log Domain
System Domain
7
What are the four ways to insert an FW Monitor into the firewall kernel chain?
Absolute position using location, absolute position using alias, relative position, all positions
Relative position using geolocation, relative position using inertial navigation, absolute position, all positions
Relative position using location, relative position using alias, absolute position, all positions
Absolute position using location, relative position using alias, general position, all positions
8
What file extension should be used with fw monitor to allow the output file to be imported and read in Wireshark?
.cap
.pcap
.exe
.tgz
9
Which one of the following is NOT considered a Solr core partition?
CPM_0_Disabled
CPM_0_Revisions
CPM_Global_A
CPM_Gtobal_R
10
Where do Protocol parsers register themselves for IPS?
Protections database
Context Management Infrastructure
Other handlers register to Protocol parser
Passive Streaming Library
11
Which of the following is NOT a vpn debug command used for troubleshooting?
vpn debug on TDERROR_ALL_ALL=5
vpn debug trunc
pclient getdata sslvpn
fw ctl debug -m fw + conn drop vm crypt
12
Which command is most useful for debugging the fwaccel module?
securexl debug
fw debug
fw zdebug
fwaccel dbg
13
The management configuration stored in the Postgres database is partitioned into several relational database Domains, like - System, User, Global and Log Domains. The User Domain stores the network objects and security policies. Which of the following is stored in the Log Domain?
Log Domain is not stored in Postgres database, it is part of Solr indexer only
Configuration data of Log Servers and saved queries for applications
Active Logs received from Security Gateways and Management Servers
Active and past logs received from Gateways and Servers
14
After kernel debug with "fw ctl debug" you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors. Suggest a solution to solve this issue.
Divide debug information into smaller files Use "fw ctl kdebug -f -o "filename" -m 25 - s "1024"
Use "fw ctl zdebug' because of 1024KB buffer size
Reduce debug buffer to 1024KB and run debug for several times
Use Check Point InfoView utility to analyze debug output
15
How many captures does the command "fw monitor -p all" take?
1 from every inbound and outbound module of the chain
All 15 of the inbound and outbound modules
All 4 points of the fw VM modules
The -p option takes the same number of captures, but gathers all of the data packet
16
What is NOT a benefit of the fw ctl zdebug command?
Automatically allocate a 1MB buffer
Cannot be used to debug additional modules
Clean the buffer
Collect debug messages from the kernel
17
URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required''
RAD Kernel Space
RAD User Space
URLF Online Service
URLF Kernel Client
18
If the cpsemd process of SmartEvent has crashed or is having trouble coming up. then it usually indicates that.....
Cpd daemon is unable to connect to the log server
The logged in administrator does not have permissions to run SmartEvent
The SmartEvent core on the Solr indexer has been deleted
Postgres database is down
19
Which command can be run in Expert mode to verify the core dump settings?
grep cdm /config/db/initial
grep $FWDlR/config/db/initial
cat /etc/sysconfig/coredump/cdm conf
grep cdm /config/db/coredump
20
Jenna has to create a VPN tunnel to a CISCO ASA but has to set special property to renegotiate the Phase 2 tunnel after 10 MB of transfer data.
she needs to run GUIDBEDIT from CLISH which opens a graphical window on the SmartCenter
she needs to install GUIDBEDIT which can be downloaded from the Usercenter
this can’t be done anymore as GUIDBEDIT is not supported in R80 anymore
using GUIDBEDIT located in same directory as Smartconsole on the Windows client
21
Troubleshooting issues with Mobile Access requires the following:
Standard VPN debugs, packet captures, and debugs of cvpnd' process on Security Gateway
Debug logs of FWD captured with the command - 'fw debug fwd on TDERROR_MOBILE_ACCESS=5'
Standard VPN debugs and packet captures on Security Gateway, debugs of "cvpnd' process on Security Management
'ma_vpnd' process on Security Gateway
22
What acceleration mode utilizes multi-core processing to assist with traffic processing?
CoreXL
SecureXL
Hyper Threading
Traffic Warping
23
What is the simplest and most efficient way to check all dropped packets in real time?
tail -f SFWDIR/log/fw log |grep drop in expert mode
Smartlog
fw ctl zdebug * drop in expert mode
cat /dev/fwTlog in expert mode
24
The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process There are two procedures available for debugging the firewall kernel. Which procedure/command is used for troubleshooting packet drops and other kernel activities while using minimal resources (1 MB buffer)?
fw ctl zdebug
fw ctl debug/kdebug
fwk ctl debug
fw debug ctl
25
If you run the command "fw monitor -e accept src=10.1.1.201 or src=172.21.101.10 or src=192.0.2.10;" from the clish. What will be captured?
fw monitor only works in expert mode so no packets will be captured
Packets from 10.1.1.201 going to 192.0 2.10
Packets destined to 172.21.101.10 from 10.1.1.101
Only packet going to 192.0.2.10
26
When a User Mode process suddenly crashes it may create a core dump file. Which of the following information is available in the core dump and may be used to identify the root cause of the crash? i Program Counter ii Stack Pointer ii. Memory management information iv Other Processor and OS flags / information
Only iii
iii and iv only
i and n only
i, ii, lii and iv
27
You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress=15. For configuration you used the *fw ctl set' command. After reboot you noticed that these parameters returned to their default values What do you need to do to make this configuration work immediately and stay permanent?
Set these parameters again with "fw ctl set" and edit appropriate parameters in
$FWDIR/boot/modules/ fwkern.conf
Use script $FWDIR/bin IpsSetBypass.sh to set these parameters
Set these parameters again with "fw ctl set" and save configuration with "save config"
Edit appropriate parameters in $FWDIR/boot/modules/fwkern.conf
28
Some users from your organization have been reporting some connection problems with CIFS since this morning You suspect an IPS issue after an automatic IPS update last night. So, you want to perform a packet capture on uppercase I only directly after the IPS chain module (position 4 in the chain) to check If the packets pass the IPS. What command do you need to run?
fw monitor -ml -pl 5 -e <filterexpression>
fw monitor -pi 5 -e <filterexpression>
tcpdump -eni any <filterexpression>
fw monitor -pi asm <filterexpression>
29
Which file is commonly associated with troubleshooting crashes on a system such as the Security Gateway?
core dump
tcpdump
fw monitor
CPMIL dump
30
The two procedures available for debugging in the firewall kernel are: i fw ctl zdebug ii fw ctl debug/kdebug Choose the correct statement explaining the differences in the two
(i) is used to debug only issues related to dropping of traffic, however (ii) can be used for any firewall issue including NATing, clustering etc
(i) is used to debug the access control policy only, however (ii) can be used to debug a unified policy
(i) is used on a Security Gateway, whereas (ii) is used on a Security Management Server
(i) Is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to get an output via command line whereas (ii) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line
31
What is the name of the VPN kernel process?
FWK
CVPND
VPNK
VPND
32
You are running R80.XX on an open server and you see a high CPU utilization on your 12 CPU cores. You now want to enable Hyperthreading to get more cores to gain some performance. What is the correct way to achieve this?
just turn on HAT in the bios of the server and after it has booted enable it in cpconfig
just turn on HAT in the bios of the server and boot it
in clish run set HAT on
Hyperthreading is not supported on open servers, on Check Point Appliances
33
What are the maximum kernel debug buffer sizes, depending on the version?
32MB or 64MB
8GB or 64GB
8MB or 32MB
4MB or 8MB
34
Which daemon governs the Mobile Access VPN blade and works with VPND to create Mobile Access VPN connections? It also handles interactions between HTTPS and the Multi-Portal Daemon.
mvpnd
SSL VPN Daemon - sslvpnd
Mobile Access Daemon - MAD
Connectra VPN Daemon - cvpnd
35
Your users have some issues connecting Mobile Access VPN to the gateway. How can you debug the tunnel establishment?
run fw ctl zdebug -m sslvpn all
run vpn debug truncon
in the file $VPNDIR/conf/httpd.conf the line Loglevel .. To LogLevel debug and run vpn restart
in the file $CVPNDIR/conf/httpd.conf change the line loglevel .. To LogLevel debug and run cvpnrestart
36
Which Threat Prevention Daemon is the core Threat Emulation engine and responsible for emulation files and communications with Threat Cloud?
scrub
in.msd
ctasd
ted
37
What table does command "fwaccel conns" pull information from?
cphwd_db
sxl_connections
fwxl_conns
SecureXLCon
38
What is the proper command for allowing the system to create core files?
service core-dump start
# set core-dump enable
# save config
$FWDIR/scripts/core-dump-enable.sh
>set core-dump enable
>save config
39
Which command is used to write a kernel debug to a file?
fw ctl kdebug -T -f > debug.txt
fw ctl debug -S -t > debug.txt
fw ctl debug -T -f > debug.txt
fw ctl kdebug -T -l > debug.txt
40
Check Point Access Control Daemons contains several daemons for Software Blades and features. Which Daemon is used for Application & Control Filtering?
pepd
pdpd
cprad
rad
41
What is the main SecureXL database for tracking acceleration status of traffic?
cphwd_dev_identity_table
cphwd_dev_conn_table
cphwd_tmp1
cphwd_db
42
Which command(s) will turn off all vpn debug collection?
fw ctl debug 0
vpn debug off and vpn debug ikeoff
vpn debug off
vpn debug -a off
43
Which is the correct "fw monitor" syntax for creating a capture file for loading it into Wireshark?
fw monitor -e "accept<FILTER EXPRESSION>;" -file Output.cap
This cannot be accomplished as it is not supported with R80.10
fw monitor -e "accept<FILTER EXPRESSION>;" >> Output.cap
fw monitor -e "accept<FILTER EXPRESSION>;" -o Output.cap
44
What components make up the Context Management Infrastructure?
CPM and SOLR
CPX and FWM
CPMI and FW Loader
CMI Loader and Pattern Matcher
45
For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented, which layer of IPS corrects this lo allow for proper inspection?
Passive Streaming Library
Protections
Protocol Parsers
Context Management
46
What command is usually used for general firewall kernel debugging and what is the size of the buffer that is automatically enabled when using the command?
fw ctl zdebug. buffer size is 32768 KB
fw ctl debug, buffer size is 1024 KB
fw ctl kdebug. buffer size is 32000 KB
fw ctl zdebug, buffer size is 1 MB
47
What does CMI stand for in relation to the Access Control Policy?
Context Manipulation Interface
Content Management Interface
Context Management Infrastructure
Content Matching Infrastructure
48
When a User process or program suddenly crashes, a core dump is often used to examine the problem. Which command is used to enable the core-dumping via GAIA dish?
set user-dump enable
set core-dump total
set core-dump enable
set core-dump per_process
49
PostgreSQL is a powerful, open-source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell .Which command do you need to enter the PostgreSQL interactive shell?
psql_client cpm postgres
mysql_client cpm postgres
psql_c!ient postgres cpm
mysql -u root
50
Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation files and communications with Threat Cloud?
scrub
ted
ctasd
inmsd
51
John has renewed his NGTX License, but he gets an error (contract for Anti-Bot expired). He wants to check the subscription status on the CU of the gateway, what command can he use for this?
cpstat antimalware -f subscription_status
fw monitor license status
fwm lie print
show license status
52
During firewall kernel debug with fw ctl debug you received less information than expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?
Increase debug buffer; Use fw ctl debug -buf 32768
Redirect debug output to file; Use fw ctl debug o ./debug.elg
Redirect debug output to file; Use fw ctl zdebug o ./debug.elg
Increase debug buffer; Use fw ctl zdebug buf 32768
53
Which process is responsible for the generation of certificates?
cpm
cpca
fwm
dbsync
54
What process is responsible for sending and receiving logs in the management server?
CPD
FWM
CPM
FWD
55
What is the best way to resolve an issue caused by a frozen process?
Power off the machine
Kill the process
Restart the process
Reboot the machine
56
What is the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?
the C2S VPN cannot be debugged as it uses different protocols for the key exchange
the C2S client uses Browser based SSL vpn and can't be debugged
the C2S VPN uses a different VPN daemon and there a second VPN debug
there is no difference
57
What process monitors, terminates, and restarts critical Check Point processes as necessary?
FWM
CPWD
CPM
FWD
58
The Check Point Firewall Kernel is the core component of the Gala operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?
fw debug/kdebug
fw debug/kdebug ctl
fw ctl zdebug
fw ctl debug/kdebug
59
Joey is configuring a site-to-site VPN with his business partner. On Joey's site he has a Check Point R80.10 Gateway and his partner uses Cisco ASA 5540 as a gateway. Joey's VPN domain on the Check Point Gateway object is manually configured with a group object that contains two network objects: VPN_Domain3 = 192.168.14.0/24 VPN_Domain4 = 192.168.15.0/24 Partner's site ACL as viewed from "show run" access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.14.0 255.255.255.0 access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.15.0 255.255.255.0 When they try to establish VPN tunnel, it fails.
Tunnel falls on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation. Check Point continues to present its own encryption domain as 192.168.14.0/24 and 192.168.15.0/24, but the peer expects the one network 192.168.14.0/23
Tunnel falls on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation due to the algorithm mismatch.
Tunnel fails on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation. Check Point continues to present its own encryption domain as 192.168.14.0/23, but the peer expects the two distinct networks 192.168.14.0/24 and 192.168.15.0/24.
Tunnel fails on Joey's site, because he misconfigured IP address of VPN peer.
60
Which kernel process is used by Content Awareness to collect the data from contexts?
cpemd
CMI
PDP
dlpda
61
You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file, but you can't afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs. What is the correct syntax for this?
fw ctl debug -T -f -m 10 -s 1000000 -o debugfilename
fw ctl kdebug -T -m 10 -s 1000000 -o debugfilename
fw ctl kdebug -T -f -m 10 -s 1000000 > debugfilename
fw ctl kdebug -T -f -m 10 -s 1000000 -o debugfilename
62
Check Point provides tools & commands to help you to identify issues about products and applications. Which Check Point command can help you to display status and statistics information for various Check Point products and applications?
cpstat
fwstat
CPstat
CPview
63
The customer is using Check Point appliances that were configured long ago by third-party administrators. Current policy includes different enabled IPS protections and Bypass Under Load function. Bypass Under Load is configured to disable IPS inspections of CPU and Memory usage is higher than 80%. The Customer reports that IPS protections are not working at all regardless of CPU and Memory usage. What is the possible reason of such behavior?
The kernel parameter ids_assume_stress is set to 1
The kernel parameter ids_assume_stress is set to 0
The kernel parameter ids_tolerance_stress is set to 10
The kernel parameter ids_tolerance_no_stress is set to 10
64
In Security Management High Availability, if the primary and secondary managements, running the same version of R80.x, are in a state of `Collision', how can this be resolved?
Run the command `fw send synch force' on the primary server and `fw get sync quiet' on the secondary server
Reset the SIC of the secondary management server
The Collision state does not happen in R80.x as the synchronizing automatically on every publish action
Administrator should manually synchronize the servers using SmartConsole
65
What is the most efficient way to view large fw monitor captures and run filters on the file?
snoop
Wireshark
CLI
CLISH
66
How does the URL Filtering Categorization occur in the kernel 1. RAD provides the status of the search to the client. 2. The a-sync request is forwarded to the RAD User space via the RAD kernel for online categorization. 3. The online detection service responds with categories and the kernel cache is updated. 4. The kernel cache notifies the RAD kernel of hits and misses. 5. URL lookup initiated by the client. 6. URL lookup occurs in the kernel cache. 7. The client sends an a-sync request back to RAD If the URL was not found. kernel?
5, 6, 4, 1, 7, 2, 3
5, 6, 7, 1, 3, 2, 4
5, 6, 2, 4, 1, 7, 3
5, 6, 3, 1, 2, 4, 7
67
To check the current status of hyper-threading, which command would you execute in expert mode?
cat /proc/smt_status
cat /proc/hypert_stat
cat /proc/hypert_status
cat /proc/smt_stat
68
What is connect about the Resource Advisor (RAD) service on the Security Gateways?
RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization
RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There is no user space involvement in this process
RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
RAD is not a separate module, it is an integrated function of the 'fw1 kernel module and does all operations in the kernel space
69
What are some measures you can take to prevent IPS false positives?
Capture packets. Update the IPS database, and Back up custom IPS files
Use Recommended IPS profile
Exclude problematic services from being protected by IPS (sip, H 323, etc)
Use IPS only in Detect mode
70
RAD is initiated when Application Control and URL Filtering blades are active on the Security Gateway What is the purpose of the following RAD configuration file $FWDIR/conf/rad_settings.C?
This file contains RAD proxy settings
This file contains the location information tor Application Control and/or URL Filtering entitlements
This file contains the information on how the Security Gateway reaches the Security Managers RAD service for Application Control and URL Filtering
This file contains all the host name settings for the online application detection engine
71
What is the main SecureXL database for tracking the acceleration status of traffic?
cphwd_db
cphwd_tmp1
cphwd_dev_conn_table
cphwd_dev_identity_table
72
What is the buffer size set by the fw ctl zdebug command?
8GB
8MB
1 GB
1 MB
73
What is the benefit of running "vpn debug trunc over "vpn debug on"?
"vpn debug trunc" purges ike.elg and vpnd elg and creates timestamp while starting ike debug and vpn debug
"vpn debug trunc* truncates the capture hence the output contains minimal capture
"vpn debug trunc* provides verbose capture
No advantage one over the other
74
Which of the following daemons is used for Threat Extraction?
scrubd
extractd
tex
tedex
75
You are upgrading your NOC Firewall (on a Check Point Appliance) from R77 to R80.30 but you did not touch the security policy After the upgrade you can't connect to the new R80.30 SmartConsole of the upgraded Firewall anymore What is a possible reason for this?
New console port is 19009 and access rule is missing
the license became invalid, and the firewall does not start anymore
the upgrade process changed the interfaces and IP addresses, and you have to switch cables
the IPS System on the new R80.30 Version prohibits direct Smartconsole access to a standalone firewall
76
When debugging is enabled on firewall kernel module using the `fw ctl debug' command with required options, many debug messages are provided by the kernel that help the administrator to identify issues. Which of the following is true about these debug messages generated by the kernel module? (VALIDAR)
Messages are written to console and also /var/log/messages file
Messages are written to a buffer and collected using `fw ctl kdebug'
D. Messages are written to $FWDIR/log/fw.elg
Messages are written to /etc/dmesg file
77
Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources, such as Application Control and IPS. and compiles them together into unified Pattern Matchers?
CMI Loader
cpas
PSL - Passive Signature Loader
Context Loader
78
Rules within the Threat Prevention policy use the Malware database and network objects. Which directory is used for the Malware database?
$FWDlR/conf/install_firewall_imp/ANTIMALWARE/conf/
$CPDIR/conf/install_manager_lmp/ANTIMALWARE/conf/
$FWDlR/log/install_manager_tmp/ANTIMALWARBlog/
$FWDIR/conf/install_manager_tmp/ANTIMALWARE/conf/
79
You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file .What is the correct syntax for this?
fw ctl debug -T -f > filename.debug
fw ctl kdebug -T > filename.debug
fw ctl kdebug -T -f > filename.debug
fw ctl kdebug -T -f -o filename.debug
80
Which command do you need to execute to insert fw monitor after TCP streaming (out) in the outbound chain using absolute position? Given the chain was 1ffffe0, choose the correct answer.
fw monitor -p0 -ox1ffffe0
fw monitor -po 1ffffe0
fw monitor -p0 ox1ffffe0
fw monitor -po -0x1ffffe0
81
Vanessa is reviewing ike.elg file to troubleshoot failed site-to-site VPN connection After sending Mam Mode Packet 5 the response from the peer is PAYLOAD-MALFORMED" What is the reason for failed VPN connection?
The authentication on Phase 1 is causing the problem
Pre-shared key on local gateway encrypted by the hash algorithm doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key created in Packet 1 and Packet 2
The authentication on Quick Mode is causing the problem Pre-shared key on local gateway encrypted by the hash algorithm created in Packets 3 and 4 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
The authentication on Phase 2 is causing the problem
Pre-shared key on local gateway encrypted by the hash algorithm created in Packets 1 and 2 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
The authentication on Phase 1 is causing the problem.
Pre-shared key on local gateway encrypted by the hash algorithm created in Packet 3 and Packet 4 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
82
Your fwm constantly crashes and is restarted by the watchdog. You can't find any coredumps related to this process, so you need to check If coredumps are enabled at all How can you achieve that?
in clish run show core-dump status
in clish run set core-dump status
in clish run show coredumb status
in expert mode run show core-dump status
83
What is the function of the Core Dump Manager utility?
To limit the number of core dump files per process as well as the total amount of disk space used by core files
To generate a new core dump for analysis
To determine which process is slowing down the system
To send crash information to an external analyzer
84
John works for ABC Corporation. They have enabled CoreXL on their firewall John would like to identify the cores on which the SND runs and the cores on which the firewall instance is running. Which command should John run to view the CPU role allocation?
fwaccel stat -I
fw ctl affinity -I
fw ctl affinity -v
fw ctl cores
85
Which of the following is NOT a valid "fwaccel" parameter?
packets
stats
stat
templates
86
Which Daemon should be debugged for HTTPS Inspection related issues
HTTPD
VPND
FWD
WSTLSD
87
Which situation triggers an IPS bypass under load on a 24-core Check Point appliance?
all CPU core most be above the threshold for more than 10 seconds
a single CPU core must be above the threshold for more than 10 seconds, but is must be the same core during this time
the average cpu utilization over all cores must be above the threshold for 1 second
any of the CPU cores is above the threshold for more than 10 seconds
88
Which of the following inputs is suitable for debugging HTTPS inspection issues?
fw debug tls on TDERROR_ALL_ALL=5
fw diag debug tls enable
vpn debug cptls on
fw ctl debug -m fw + conn drop cptls
89
What is the correct syntax to turn a VPN debug on and create new empty debug files?
vpn debug truncon
vpndebug trunc on
vpn kdebug on
vpn debug trunkon
90
You are trying to establish a VPN tunnel between two Security Gateways but fail. What initial steps will you make to troubleshoot the issue
capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags, then collect debug of IKE and VPND daemon
capture traffic on both tunnel members and collect debug of IKE and VPND daemon
capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags
Collect debug of IKE and VPND daemon and collect kernel debug for fw module with vm, crypt, conn and drop flags
91
An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution he wants to check if the process responsible for this feature is running correctly. What is true about the related process?
fwssd crashes can affect therefore not show in the list
cpd needs to be restarted manual to show in the list
fwm manages this database after initialization of the ICA
solr is a child process of cpm
92
How can you increase the ring buffer size to 1024 descriptors?
set interface eth0 rx-ringsize 1024
fw ctl int rx_ringsize 1024
echo rx_ringsize=1024>>/etc/sysconfig/sysctl.conf
dbedit>modify properties firewall_properties rx_ringsize 1024
93
What are four main database domains?
System, User, Global, Log
Local, Global, User, VPN
System, User, Host, Network
System, Global, Log, Event
94
Which command can be run in Expert mode to verify the core dump settings?
grep cdm /config/db/initial
grep cdm /config/db/coredump
grep $FWDIR/config/db/initial
cat /etc/sysconfig/coredump/cdm.conf
95
What is the correct syntax to set all debug flags for Unified Policy related issues?
fw ctl kdebug -m UP all
fw ctl debug -m up all
fw ctl debug -m fw all
fw ctl debug -m UP all
96
Some users from your organization have been reported some connection problems with CIFS since this morning. You suspect an IPS Issue after an automatic IPS update last night. So, you want to perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to check if the packets pass the IPS. What command do you need to run?
fw monitor -pi 5 -e <filterexpression>
fw monitor -pl asm <filterexpression>
fw monitor -ml -pl 5 -e <filterexpression>
tcpdump -eni any <filterexpression>
97
For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented, which layer of IPS corrects this to allow for proper inspection?
Passive Streaming Library
Protections
Context Management
Protocol Parsers
98
How many tiers of pattern matching can a packet pass through during IPS inspection?
9
2
1
5
99
James is using the same filter expression in fw monitor for CITRIX very often and instead of typing this all the time he wants to add it as a macro to the fw monitor definition file. What's the name and location of this file?
FWDIR/lib/fwmonitor.def
$FWDIR/lib/fw.monitor
$FWDIR/conf/fwmonitor.def
$FWDIR/lib/tcpip.def
100
What file contains the RAD proxy settings?
rad_scheme.C
rad_services.C
rad_settings.C
rad_control.C
