NEW QUESTION 1
What are some measures you can take to prevent IPS false positives?

• A. Exclude problematic services from being protected by IPS (sip, H 323, etc )
• B. Use IPS only in Detect mode
• C. Use Recommended IPS profile
• D. Capture packet
• E. Update the IPS database, and Back up custom IPS files

Answer: A

NEW QUESTION 2
What is the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

• A. there is no difference
• B. the C2S VPN uses a different VPN daemon and there a second VPN debug
• C. the C2S VPN can not be debugged as it uses different protocols for the key exchange
• D. the C2S client uses Browser based SSL vpn and can’t be debugged

Answer: D

NEW QUESTION 3
The Check Point Firewall Kernel is the core component of the Gala operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?

• A. fw ctl debug/kdebug
• B. fw ctl zdebug
• C. fw debug/kdebug
• D. fw debug/kdebug ctl

Answer: B

NEW QUESTION 4
Which Threat Prevention Daemon is the core Threat Emulation engine and responsible for emulation files and communications with Threat Cloud?

• A. ctasd
• B. in.msd
• C. ted
• D. scrub

Answer: C

NEW QUESTION 5
What process is responsible for sending and receiving logs in the management server?

• A. FWD
• B. CPM
• C. FWM
• D. CPD

Answer: A

NEW QUESTION 6
What acceleration mode utlizes multi-core processing to assist with traffic processing?

• A. CoreXL
• B. SecureXL
• C. HyperThreading
• D. Traffic Warping

Answer: C

NEW QUESTION 7
You are trying to establish a VPN tunnel between two Security Gateways but fail. What initial steps will you make to troubleshoot the issue

• A. capture traffic on both tunnel members and collect debug of IKE and VPND daemon
• B. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags, then collect debug of IKE and VPND daemon
• C. collect debug of IKE and VPND daemon and collect kernel debug for fw module with vm, crypt, conn and drop flags
• D. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags

Answer: A

NEW QUESTION 8
What is the name of the VPN kernel process?

• A. VPNK
• B. VPND
• C. CVPND
• D. FWK

Answer: A

NEW QUESTION 9
Jenna has to create a VPN tunnel to a CISCO ASA but has to set special property to renegotiate the Phase 2 tunnel after 10 MB of transferee1 data. This can not be configured in the smartconsole, so how can she modify this property?

• A. using GUIDBEDIT located in same directory as Smartconsole on the Windows client
• B. she need to install GUIDBEDIT which can be downloaded from the Usercenter
• C. she need to run GUIDBEDIT from CLISH which opens a graphical window on the smartcenter
• D. this cant be done anymore as GUIDBEDIT is not supported in R80 anymore

Answer: C

NEW QUESTION 10
After kernel debug with "fw ctl debug" you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to solve this issue.

• A. Use "fw ctl zdebug' because of 1024KB buffer size
• B. Divide debug information into smaller files Use "fw ctl kdebug -f -o "filename" -m 25 - s "1024"
• C. Reduce debug buffer to 1024KB and run debug for several times
• D. Use Check Point InfoView utility to analyze debug output

Answer: C

NEW QUESTION 11
If the cpsemd process of SmartEvent has crashed or is having trouble coming up. then it usually indicates that .

• A. Postgres database ts down
• B. Cpd daemon is unable to connect to the log server
• C. The SmartEvent core on the Solr mdexer has been deleted
• D. The logged in administrator does not have permissions to run SmartEvent

Answer: C

NEW QUESTION 12
What is connect about the Resource Advisor (RAD) service on the Security Gateways?

• A. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization
• B. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There is no user space involvement in this process
• C. RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
• D. RAD is not a separate module, it is an integrated function of the 'fw1 kernel module and does all operations in the kernel space

Answer: C

NEW QUESTION 13
Vanessa is reviewing ike.elg file to troubleshoot failed site-to-site VPN connection After sending Mam Mode Packet 5 the response from the peer is PAYLOAD-MALFORMED"
What is the reason for failed VPN connection?

• A. The authentication on Phase 1 is causing the problem.Pre-shared key on local gateway encrypted by the hash algorithm created in Packet 3 and Packet 4 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• B. The authentication on Phase 2 is causing the problemPre-shared key on local gateway encrypted by the hash algorithm created in Packets 1 and 2 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• C. The authentication on Quick Mode is causing the problemPre-shared key on local gateway encrypted by the hash algorithm created in Packets 3 and 4 doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key
• D. The authentication on Phase 1 is causing the problemPre-shared key on local gateway encrypted by the hash algorithm doesn't match with the hash on the peer gateway generated by encrypting its pre-shared key created in Packet 1 and Packet 2

Answer: B

NEW QUESTION 14
Which of the following is NOT a vpn debug command used for troubleshooting?

• A. fw ctl debug -m fw + conn drop vm crypt
• B. vpn debug trunc
• C. pclient getdata sslvpn
• D. vpn debug on TDERROR_ALL_ALL=5

Answer: C

NEW QUESTION 15
Which one of the following is NOT considered a Solr core partition:

• A. CPM_0_Revisions
• B. CPM_Global_A
• C. CPM_Gtobal_R
• D. CPM_0_Disabled

Answer: D

NEW QUESTION 16
What is the proper command for allowing the system to create core files?

• A. $FWDIR/scripts/core-dump-enable.sh
• B. # set core-dump enable# save config
• C. service core-dump start
• D. >set core-dump enable>save config

Answer: D

NEW QUESTION 17
......