156-585 Online Practice Questions and Answers

You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For configuration you used the *fw ctl set' command After reboot you noticed that these parameters returned to their default values

What do you need to do to make this configuration work immediately and stay permanent?

A. Set these parameters again with "fw ctl set" and edit appropriate parameters in $FWDIR/boot/modules/ fwkern.conf

B. Use script $FWDIR/bin IpsSetBypass.sh to set these parameters

C. Set these parameters again with "fw ctl set" and save configuration with "save config"

D. Edit appropriate parameters in $FWDIR/boot/modules/fwkern.conf

To check the current status of hyper-threading, which command would you execute in expert mode?

A. cat /proc/hypert_status

B. cat /proc/smt_status

C. cat /proc/hypert_stat

D. cat /proc/smt_stat

If you run the command "fw monitor -e accept src=10.1.1.201 or src=172.21.101.10 or src=192.0.2.10;" from the cli sh What will be captured?

A. Packets from 10 1 1 201 going to 192.0 2.10

B. Packets destined to 172 21 101 10 from 10.1.1.101

C. Only packet going to 192.0.2.10

D. fw monitor only works in expert mode so no packets will be captured

How does the URL Filtering Categorization occur in the kernel?

1.

RAD provides the status of the search to the client.

2.

The a-sync request is forwarded to the RAD User space via the RAD kernel for online categorization.

3.

The online detection service responds with categories and the kernel cache is updated.

4.

The kernel cache notifies the RAD kernel of hits and misses.

5.

URL lookup initiated by the client.

6.

URL lookup occurs in the kernel cache.

7.

The client sends an a-sync request back to RAD If the URL was not found.

A. 5, 6, 7, 1, 3, 2, 4

B. 5, 6, 2, 4, 1, 7, 3

C. 5, 6, 4, 1, 7, 2, 3

D. 5, 6, 3, 1, 2, 4, 7

What is the kernel process for Content Awareness that collects the data from the contexts received from the CMI and decides if the file is matched by a data type?

A. dlpda

B. dlpu

C. cntmgr

D. cntawmod

What is the correct syntax to set all debug flags for Unified Policy related issues?

A. fw ctl debug -m UP all

B. fw ctl debug -m up all

C. fw ctl kdebug -m UP all

D. fw ctl debug -m fw all

When debugging is enabled on firewall kernel module using the `fw ctl debug' command with required options, many debug messages are provided by the kernel that help the administrator to identify issues. Which of the following is true about these debug messages generated by the kernel module?

A. Messages are written to a buffer and collected using `fw ctl kdebug'

B. Messages are written to console and also /var/log/messages file

C. Messages are written to /etc/dmesg file

D. Messages are written to $FWDIR/log/fw.elg

What are the four ways to insert an FW Monitor into the firewall kernel chain?

A. Relative position using location, relative position using alias, absolute position, all positions

B. Absolute position using location, absolute position using alias, relative position, all positions

C. Absolute position using location, relative position using alias, general position, all positions

D. Relative position using geolocation, relative position using inertial navigation, absolute position, all positions

Which command(s) will turn off all vpn debug collection?

A. vpn debug off

B. vpn debug -a off

C. vpn debug off and vpn debug ikeoff

D. fw ctl debug 0

What is the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

A. there is no difference

B. the C2S VPN uses a different VPN daemon and there a second VPN debug

C. the C2S VPN can not be debugged as it uses different protocols for the key exchange

D. the C2S client uses Browser based SSL vpn and can't be debugged