Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
Checkpoint
CCTE
156-587
Check Point Certified Troubleshooting Expert - R81.20 (CCTE) Questions and Answers

Pass the Checkpoint CCTE 156-587 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 156-587 Premium Access

View all detail and faqs for the 156-587 exam

Go to Exam

433 Students Passed

96% Average Score

96% Same Questions

Viewing page 1 out of 4 pages

Viewing questions 1-10 out of questions

Questions # 1:

When a User Mode process suddenly crashes, it may create a core dump file. Which of the following information is available in the core dump and may be used to identify the root cause of the crash?

i. Program Counter

ii. Stack Pointer

iii. Memory management information

iv. Other Processor and OS flags / information

Options:

iii and iv only

i and ii only

i, ii, iii and iv

Only lii

Answer

Explanation

A core dump file is essentially a snapshot of the process's memory at the time of the crash. This snapshot includes crucial information that can help diagnose the cause of the crash. Here's why all the options are relevant:

i. Program Counter:This register stores the address of the next instruction the CPU was supposed to execute. It pinpoints exactly where in the code the crash occurred.

ii. Stack Pointer:This register points to the top of the call stack, which shows the sequence of function calls that led to the crash. This helps trace the program's execution flow before the crash.

iii. Memory management information:This includes details about the process's memory allocations, which can reveal issues like memory leaks or invalid memory access attempts.

iv. Other Processor and OS flags/information:This encompasses various registers and system information that provide context about the state of the processor and operating system at the time of the crash.

By analyzing this information within the core dump, you can often identify the root cause of the crash, such as a segmentation fault, null pointer dereference, or stack overflow.

Check Point Troubleshooting References:

While core dumps are a general concept in operating systems, Check Point's documentation touches upon them in the context of troubleshooting specific processes like fwd (firewall) or cpd (Check Point daemon). The fw ctl zdebug command, for example, can be used to trigger a core dump of the fwd process for debugging purposes.

Questions # 2:

You want to fully investigate the VPN establishment, what will you do?

Options:

vpn debug and use IKEview

debug FWD because VPND Is child process

use vpn tu command and use option 8 to start debug

use kernel debug with fw ctl debug -m VPN all

Answer

Questions # 3:

After kernel debug with “fw ctl debug you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to

solve this issue

Options:

Reduce debug buffer to 1024KB and run debug for several times

Use Check Point InfoView utility to analyze debug output

Use “fw ctl zdebug because of 1024KB buffer size

Divide debug information into smaller files. Use “ fw ctl kdebug -f -o “filename -m 25 - s ‘’1024’’

Answer

Explanation

One possible solution to solve the issue of having a very large file that is difficult to open and analyze with standard text editors is to divide the debug information into smaller files. This can be done by using the fw ctl kdebug command with the -f, -o, -m, and -s options. The -f option means to write the debug output to a file instead of the screen. The -o option specifies the name of the output file. The -m option sets the maximum number of files to be created. The -s option sets the maximum size of each file in KB. For example, the command fw ctl kdebug -f -o debug -m 25 -s 1024 will create up to 25 files named debug.0, debug.1, …, debug.24, each with a maximum size of 1024KB. This way, the debug information can be split into more manageable chunks that can be opened and analyzed more easily with standard text editors.

[:, 1: How to use “fw ctl kdebug” command, 2: How to debug Check Point firewalls, 3: Check Point CLI Reference Card, , ]

Questions # 4:

What is the kernel process for Content Awareness that collects the data from the contexts received from the CMI and decides if the file is matched by a data type?

Options:

cntawmod

cntmgr

dlpda

dlpu

Answer

Questions # 5:

Packet processing infrastructure consists of the following components EXCEPT:

Options:

Observers

Manager

Client

Classifiers

Answer

Questions # 6:

What command is usually used for general firewall kernel debugging and what is the size of the buffer that is automatically enabled when using the command?

Options:

fw ctl debug, buffer size is 1024 KB

fw ctl zdebug, buffer size is 1 MB

fw ctl kdebug, buffer size is 32000 KB

fw ctl zdebug, buffer size is 32768 KB

Answer

Questions # 7:

What are the three main component of Identity Awareness?

Options:

Client, SMS and Secure Gateway

Identity Source Identity Server (POP) and Identity Enforcement (PEP)

Identity Awareness Blade on Security Gateway, User Database on Security Management Server and Active Directory

User, Active Directory and Access Role

Answer

Questions # 8:

What is the correct syntax to set all debug flags for Unified Policy related issues?

Options:

fw ctl kdebug-m UP all

fw ctl debug-m UP all

fw ctl debug -m up all

fw ctl debug -m fw all

Answer

Questions # 9:

What process monitors terminates, and restarts critical Check Point processes as necessary?

Options:

CPM

FWD

CPWD

FWM

Answer

Explanation

CPWD (Check Point WatchDog)is the process that monitors, terminates (if necessary), and restarts critical Check Point processes (e.g., FWD, FWM, CPM) when they stop responding or crash.

CPM(Check Point Management process) is a process on the Management Server responsible for the web-based SmartConsole connections, policy installations, etc.

FWD(Firewall Daemon) handles logging and communication functions in the Security Gateway.

FWM(FireWall Management) is an older reference to the management process on the Management Server for older versions.

Therefore, the best answer isCPWD.

Check Point Troubleshooting References

sk97638: Check Point WatchDog (CPWD) process explanation and commands.

R81.20 Administration Guide– Section on CoreXL, Daemons, and CPWD usage.

sk105217: Best Practices – Explains system processes, how to monitor them, and how CPWD is utilized.

Questions # 10:

Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources such as Application Control and IPS. and compiles them together into unified Pattern Matchers?