Check Point Certified Troubleshooting Expert Topic 1
Question #: 75
Topic #: 1
Your users have some issues connecting with Mobile Access VPN to your gateway. How can you debug the tunnel establishment?
A. in the file $CVPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run cvpnrestart
B. in the file $VPNDIR/conf/httpd.conf change the line Loglevel .. To LogLevel debug and run vpn restart
C. run vpn debug truncon
D. run fw ctl zdebug -m sslvpn all
Selected Answer: A
Question #: 74
Topic #: 1
What function receives the AD log event information?
A. ADLOG
B. PEP
C. CPD
D. FWD
Selected Answer: A
Question #: 73
Topic #: 1
The FileApp parser in the Content Awareness engine does not extract text from which of the following file types?
A. Microsoft Office Excel files
B. PDF’s
C. Microsoft Office .docx files
D. Microsoft Office Powerpoint files
Selected Answer: B
Question #: 71
Topic #: 1
You receive reports that Users cannot browse internet sites. You are using identity awareness with AD Query and Identity Collector in addition you have the Browser Based Authentication Enabled. What command can be used to debug the problem?
A. on the gateway: ad debug on
B. on the gateway: ad query debug on
C. on the management: ad query debug extended
D. on the gateway: pdp debug nac extended
Selected Answer: B
Question #: 70
Topic #: 1
What cli command is run on the GW to verify communication to the Identity Collector?
A. fwd connected
B. pdp connections idc
C. pep connections idc
D. show idc connections
Selected Answer: B
Question #: 68
Topic #: 1
URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required?
A. RAD User Space
B. URLF Online Service
C. URLF Kernel Client
D. RAD Kernel Space
Selected Answer: D
Question #: 67
Topic #: 1
The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for troubleshooting packet drops and other kernel activities while using minimal resources (1 MB buffer)?
A. fw debug ctl
B. fw ctl debug/kdebug
C. fw ctl zdebug
D. fwk ctl debug
Selected Answer: B
Question #: 60
Topic #: 1
What is the kernel process for Content Awareness that collects the data from the contexts received from the CMI and decides if the file is matched by a data type?
A. cntawmod
B. dlpda
C. dlpu
D. cntmgr
Selected Answer: B
Question #: 58
Topic #: 1
You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file but you can’t afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs. What is the correct syntax for this?
A. fw ctl debug -T -f -m 10 -s 1000000 -o debugfilename
B. fw ctl kdebug -T -f -m 10 -s 1000000 > debugfilename
C. fw ctl kdebug -T -f -m 10 -s 1000000 -o debugfilename
D. fw ctl kdebug-T -m 10 -s 1000000 -o debugfilename
Selected Answer: C
Question #: 57
Topic #: 1
In Check Point’s Packet Processing Infrastructure, what is the role of Observers?
A. They store Rule Base matching state related information
B. Observers monitor the state of Check Point gateways and report it to the security manager
C. Observers attach object IDs to traffic
D. Observers decide whether or not to publish a CLOB to the Security Policy
Selected Answer: D
Question #: 55
Topic #: 1
Which Daemon should be debugged for HTTPS Inspection related issues?
A. FWD
B. WSTLSD
C. HTTPD
D. VPND
Selected Answer: B
Question #: 52
Topic #: 1
You are using the Identity Collector with Identity Awareness in large environment. Users report that they cannot access resources on Internet. You identify that the traffic is matching the cleanup rule instead of the proper rule with Access Roles using the IDC. How can you check if IDC is working?
A. pep debug idc on
B. pdp debug set IDP all all
C. ad query | debug on
D. pdp connections idc
Selected Answer: D
Question #: 33
Topic #: 1
What is the correct syntax to set all debug flags for Unified Policy related issues?
A. fw ctl kdebug -m UP all
B. fw ctl debug -m fw all
C. fw ctl debug -m up all
D. fw ctl debug -m UP all
Selected Answer: D
Question #: 29
Topic #: 1
What is NOT a benefit of the ‘fw ctl zdebug’ command?
A. Cannot be used to debug additional modules
B. Clean the buffer
C. Collect debug messages from the kernel
D. Automatically allocate a 1MB buffer
Selected Answer: D
Question #: 25
Topic #: 1
The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?
A. fw debug/kdebug
B. fw ctl zdebug
C. fw debug/kdebug ctl
D. fw ctl debug/kdebug
Selected Answer: D
Question #: 24
Topic #: 1
Check Point provides tools & commands to help you to identify issues about products and applications. Which Check Point command can help you to display status and statistics information for various Check Point products and applications?
A. CPview
B. cpstat
C. fwstat
D. CPstat
Selected Answer: B
Question #: 23
Topic #: 1
What command(s) will turn off all vpn debug collection?
A. fw ctl debug 0
B. vpn debug -a off
C. vpn debug off
D. vpn debug off and vpn debug ikeoff
Selected Answer: C
Question #: 17
Topic #: 1
What version of Check Point can Security Gateways begin dynamically distributing Logs between log servers?
A. R81
B. R77
C. R80
D. R75
Selected Answer: A
Question #: 16
Topic #: 1
What is the name of the VPN kernel process?
A. FWK
B. VPND
C. CVPND
D. VPNK
Selected Answer: D
Question #: 14
Topic #: 1
During firewall kernel debug with fw ctl zdebug you received less information that expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?
A. Increase debug buffer; Use fw ctl debug -buf 32768
B. Redirect debug output to file; Use fw ctl debug -o ./debug.elg
C. Redirect debug output to file; Use fw ctl zdebug -o ./debug.elg
D. Increase debug buffer; Use fw ctl zdebug -buf 32768
Selected Answer: A
Question #: 12
Topic #: 1
In Mobile Access VPN, clientless access is done using a web browser. The primary communication path for these browser based connections is a process that allows numerous processes to utilize port 443 and redirects traffic to a designated port of the respective process. Which daemon handles this?
A. Mobile Access Daemon (MAD)
B. Connectra VPN Daemon (cvpnd)
C. HTTPS Inspection Daemon (HID)
D. Multi-portal Daemon (MPD)
Selected Answer: D
Question #: 34
Topic #: 1
You receive reports from multiple users that they cannot browse. Upon further discovery you identify that Identity Awareness cannot identify the users properly and apply the configured Access Roles. What commands you can use to troubleshoot all identity collectors and identity providers from the command line?
A. on the gateway: pdp debug set AD all and IDC all
B. on the management: pdp debug on IDC all
C. on the management: pdp debug set all all
D. on the gateway: pdp debug set IDC all IDP all
Selected Answer: D
Question #: 49
Topic #: 1
User defined URLS and HTTPS Inspection User defined URLs on the Security Gateway are stored in which database file?
A. https_db.bin
B. urlf_https.bin
C. https_urlf.bin
D. urlf_db.bin
Selected Answer: D
Question #: 47
Topic #: 1
Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources, such as Application Control and IPS, and compiles them together into unified Pattern Matchers?
A. PSL – Passive Signature Loader
B. cpas
C. Context Loader
D. CMI Loader
Selected Answer: D
Question #: 45
Topic #: 1
The management configuration stored in the Postgres database is partitioned into several relational database domains. What is the purpose of the Global Domain?
A. Global Domains is used by the IPS software blade to map the IDs to the corresponding countries according to the IpToCountry.csv file.
B. This domain is used as the global database to back up the objects referencing the corresponding object attributes from the System Domain.
C. This domain is used as the global database to track the changes made by multiple administrators on the same objects prior to publishing.
D. This domain is used as the global database for MDSM and contains global objects and policies.
Selected Answer: D
Question #: 40
Topic #: 1
You do not see logs in the SMS. When you login on the SMS shell and run cpwd_admin list you notice that the RFL process is with status T. What command can you run to try to resolve it?
A. RFLstop and RFLstart
B. evstart and evstop
C. smartlog_server stop and smartlog_server restart
D. rflsop and rflstart
Selected Answer: B
Question #: 10
Topic #: 1
What is the best way to resolve an issue caused by a frozen process?
A. Kill the process
B. Restart the process
C. Reboot the machine
D. Power off the machine
Selected Answer: C
Question #: 64
Topic #: 1
You are seeing output from the previous kernel debug. What command should you use to avoid that?
A. fw ctl debug = 0
B. fw ctl clean buffer = 0
C. fw ctl zdebug disable
D. fw ctl debug 0
Selected Answer: D
Question #: 46
Topic #: 1
What is the most efficient way to read an IKEv2 Debug?
A. IKEview
B. vi on the cli
C. any xml editor
D. notepad++
Selected Answer: A
Question #: 21
Topic #: 1
What command is used to find out which port Multi-Portal has assigned to the Mobile Access Portal?
A. mpclient getdata sslvpn
B. netstat getdata sslvpn
C. netstat -nap | grep mobile
D. mpclient getdata mobi
Selected Answer: A
Question #: 31
Topic #: 1
What are the three main component of Identity Awareness?
A. User, Active Directory and Access Role
B. Identity Awareness Blade on Security Gateway, User Database on Security Management Server and Active Directory
C. Identity Source, Identity Server (PDP) and Identity Enforcement (PEP)
D. Client, SMS and Secure Gateway
Selected Answer: C
Question #: 5
Topic #: 1
Where will the usermode core files located?
A. /var/log/dump/usermode
B. $CPDIR/var/log/dump/usermode
C. $FWDIR/var/log/dump/usermode
D. /var/suroot
Selected Answer: A
Question #: 43
Topic #: 1
Which of the following file is commonly associated with troubleshooting crashes on a system such as the Security Gateway?
A. fw monitor
B. CPMIL dump
C. core dump
D. tcpdump
Selected Answer: C
Question #: 42
Topic #: 1
What is the correct syntax to turn a VPN debug on and create new empty debug files?
A. vpn debug trunkon
B. vpn debug truncon
C. vpndebug trunc on
D. vpn kdebug on
Selected Answer: B
Question #: 37
Topic #: 1
Which of the following daemons is used for Threat Extraction?
A. tedex
B. extractd
C. tex
D. scrubd
Selected Answer: D
Question #: 28
Topic #: 1
If SmartLog is not active or failed to parse results from server, what commands can be run to re-enable the service?
A. smartlogrestart and smartlogstart
B. smartlogstart and smartlogstop
C. smartloginit and smartlogstop
D. smartlogstart and smartlogsetup
Selected Answer: B
Question #: 11
Topic #: 1
What is the Security Gateway directory where an administrator can find vpn debug log files generated during Site-to-Site VPN troubleshooting?
A. /opt/CPsuiteR80/vpn/log/
B. $FWDIR/conf/
C. $FWDIR/log/
D. $CPDIR/conf/
Selected Answer: C
Question #: 9
Topic #: 1
An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution she wants to check if the process responsible for this feature is running correctly. What is true about the related process?
A. cpd needs to be restarted manual to show in the list
B. fwm manages this database after initialization of the ICA
C. solr is a child process of cpm
D. fwssd crashes can affect therefore not show in the list
Selected Answer: C
Question #: 7
Topic #: 1
What does CMI stand for in relation to the Access Control Policy?
A. Content Management Interface
B. Content Matching Infrastructure
C. Context Manipulation Interface
D. Context Management Infrastructure
Selected Answer: D
Question #: 2
Topic #: 1
That is the proper command for allowing the system to create core files?
A. $FWDIR/scripts/core-dump-enable.sh
B. # set core-dump enable
# save config
C. > set core-dump enable
> save config
D. service core-dump start
Selected Answer: C
Question #: 4
Topic #: 1
Which of the following is contained in the System Domain of the Postgres database?
A. Trusted GUI clients
B. Configuration data of log servers
C. Saved queries for applications
D. User modified configurations such as network objects
Selected Answer: A
Question #: 36
Topic #: 1
What Check Point process controls logging?
A. FWD
B. CPWD
C. CPM
D. CPD
Selected Answer: C
Question #: 35
Topic #: 1
What are the main components of Check Point’s Security Management architecture?
A. Management server, Log server, Gateway server, Security server
B. Management server, management database, log server, automation server
C. Management server, Security Gateway, Multi-Domain Server, SmartEvent Server
D. Management server, Log Server, LDAP Server, Web Server
Selected Answer: B
Question #: 32
Topic #: 1
VPN’s allow traffic to pass through the Internet securely by encrypting the traffic as it enters the VPN tunnel and then decrypting the traffic as it exists. Which process is responsible for Mobile VPN connections?
A. cvpnd
B. vpnk
C. fwk
D. vpnd
Selected Answer: B
Question #: 8
Topic #: 1
When viewing data for CPMI objects in the Postgres database, what table column should be selected to query for the object instance?
A. CpmiHostCkp
B. fwset
C. CPM_Global_M
D. GuiDBedit
Selected Answer: B
Question #: 51
Topic #: 1
Which process is responsible for the generation of certificates?
A. dbsync
B. cpm
C. fwm
D. cpca
Selected Answer: D
Question #: 50
Topic #: 1
What process monitors, terminates, and restarts critical Check Point processes as necessary?
A. CPWD
B. CPM
C. FWM
D. FWD
Selected Answer: A
Question #: 39
Topic #: 1
Your users are having trouble opening a Web page and you need to troubleshoot it. You open the Smart Console, and you get the following message when you navigate to the Logs and Monitor “SmartLog is not active or Failed to parse results from server”. What is the first thing you can try to resolve it?
A. Run the commands on the SMS: smartlogstart and smartlogstop
B. smartlog debug on and smartlog debug off
C. smartlog_server restart
D. cpmstop and cpmstart
Selected Answer: A
Question #: 15
Topic #: 1
Check Point Access Control Daemons contains several daemons for Software Blades and features. Which Daemon is used for Application & Control URL Filtering?
A. cprad
B. rad
C. pepd
D. pdpd
Selected Answer: B
Question #: 6
Topic #: 1
The Check Point Watch Daemon (CPWD) monitors critical Check Point processes, terminating them or restarting them as needed to maintain consistent, stable operating conditions. When checking the status/output of CPWD you are able to see some columns like APP, PID, STAT, START, etc. What is the column “STAT” used for?
A. Shows the Watch Dog name of the monitored process
B. Shows the status of the monitored process
C. Shows how many times the Watch Dog started the monitored process
D. Shows what monitoring method Watch Dog is using totrack the process
Selected Answer: B
Question #: 53
Topic #: 1
What are the four main database domains?
A. Local, Global, User, VPN
B. System, Global, Log, Event
C. System, User, Global, Log
D. System, User, Host, Network
Selected Answer: C
Question #: 44
Topic #: 1
When a User process or program suddenly crashes, a core dump is often used to examine the problem. Which command is used to enable the core-dumping via GAIA clish?
A. set core-dump enable
B. set core-dump per_process
C. set user-dump enable
D. set core-dump total
Selected Answer: A
Question #: 38
Topic #: 1
If the cpsemd process of SmartEvent has crashed or is having trouble coming up, then it usually indicates that __________.
A. The SmartEvent core on the Solr indexer has been deleted
B. The logged in administrator does not have permissions to run SmartEvent
C. Postgres database is down
D. Cpd daemon is unable to connect to the log server
Selected Answer: C
Question #: 26
Topic #: 1
PostgreSQL is a powerful, open source relational database management system. Check Point offers a command for viewing the database to interact with Postgres interactive shell. Which command do you need to enter the PostgreSQL interactive shell?
A. mysql_client cpm postgres
B. mysql -u root
C. psql_client cpm postgres
D. psql_client postgres cpm
Selected Answer: C
Question #: 22
Topic #: 1
John has renewed his NPTX License but he gets an error (contract for Anti-Bot expired). He wants to check the subscription status on the CLI of the gateway, what command can he use for this?
A. fwm lic print
B. fw monitor license status
C. cpstat antimalware -f subscription_status
D. show license status
Selected Answer: C
Question #: 30
Topic #: 1
When a User Mode process suddenly crashes, it may create a core dump file. Which of the following information is available in the core dump and may be used to identify the root cause of the crash? i. Program Counter ii. Stack Pointer iii. Memory management information iv. Other Processor and OS flags / information
A. iii and iv only
B. i, ii, iii and iv
C. i and ii only
D. Only iii
Selected Answer: B
Question #: 27
Topic #: 1
What information does the doctor-log script supply?
A. Logging errors, Exceptions, Repair options
B. Current and daily average logging rates, Indexing status, Size
C. Logging rates, Logging Directories, List of troubleshooting tips
D. Repair options, Logging Rates, Logging Directories
Selected Answer: B
Question #: 20
Topic #: 1
Troubleshooting issues with Mobile Access requires the following:
A. Standard VPN debugs and packet captures on Security Gateway, debugs of ‘cvpnd’ process on Security Management
B. Debug logs of FWD captured with the command – ‘fw debug fwd on TDERROR_MOBILE_ACCESS=5’
C. ‘ma_vpnd’ process on Security Gateway
D. Standard VPN debugs, packet captures, and debugs of ‘cvpnd’ process on Security Gateway
Selected Answer: D
Question #: 65
Topic #: 1
Which of the following would NOT be a flag when debugging a unified policy?
A. tls
B. rulebase
C. clob
D. connection
Selected Answer: A
Question #: 3
Topic #: 1
What is correct about the Resource Advisor (RAD) service on the Security Gateways?
A. RAD functions completely in user space. The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
B. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization. There is no user space involvement in this process
C. RAD is not a separate module, it is an integrated function of the ‘fw’ kernel module and does all operations in the kernel space
D. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization
Selected Answer: D
Question #: 1
Topic #: 1
Which of these packet processing components stores Rule Base matching state-related information?
A. Observers
B. Classifiers
C. Manager
D. Handlers
Selected Answer: D
