156-581 by CheckPoint Valid Free Exam Practice Test

Question 1

Which of the following allows you to capture packets at four inspection points as they traverse a Check Point gateway?

A. Firewall logs B. tcpdump C. fw monitor D. Kernel debugs

Correct Answer: C

Question 2

Which command do you need to execute to insert fw monitor after TCP streaming (out) in the outbound chain using absolute position? Given the chain was 1ffffe0, select the correct answer.

A. fw monitor -po 1ffffe0 B. fw monitor -pO -ox1ffffe0 C. fw monitor -pO ox1ffffe0 D. fw monitor -po -0x1ffffe0

Correct Answer: D

Question 3

For Threat Prevention, which process is enabled when the Policy Conversion process has debug turned on using the INTERNAL_POLICY_LOADING=.1 command?

A. solr B. dlpd C. cpm D. fwm

Correct Answer: D

Question 4

After manipulating the rulebase and objects with SmartConsole the application crashes and closes immediately. To troubleshoot you will need to review the crash report. In which directory on the host PC will you find this report?

A. <SmartConsole Directory>\data\Crash_report\ B. <SmartConsole Directory>\Crash_report\data\ C. <SmartFirewall Directory>\data\crash_report\ D. <FW1 Directory>\data\crash_report

Correct Answer: A

Question 5

The IPS detection incorporates four layers. Which one of these four layers performs various security checks to ensure compliance to protocol standards checking for any existing anomalies?
The checks usually involve RFC compliance. It also logically segments the data into contexts that may be taken from the request header and body

A. Passive Streaming Library B. Protections C. Context Management D. Protocol Parser

Correct Answer: D

Question 6

Where do Protocol parsers register themselves for IPS?

A. Passive Streaming Library B. Protections database C. Other handlers register to Protocol parser D. Context Management Infrastructure

Correct Answer: C

Question 7

Which command shows the installed licenses and contracts on a Check Point device?

A. cplic print -s B. fwlic print -x C. cplicenses print -x D. cplic print -x

Correct Answer: D

Question 8

Johnny has connectivity issues on datacenter firewall. His access to Finance department server suddenly stopped working. He is constantly redirected to Captive Portal and asked to login. After some research he gets information that the Windows administrator had to reinstall one of the DCs because of hardware failure. How can Johnny check what is causing connectivity problems between gateway and this DC?

A. He should run CLI command 'adlog a dc' on datacenter firewall to verify connections to all DCs B. He should run CLI command 'adlog a statistic on perimeter firewall to verify connections to all DCs C. He should run CLI command 'adlog a dc' on perimeter firewall to verify connections to all DCs D. He should run CLI command 'adlog a query on datacenter firewall to verify connections to all DCs

Correct Answer: A

Question 9

Which of the following would be the most appropriate command in debugging a HideNAT issue?

A. fw ctl zdebug + xlate xltrc nat B. fw ctl zdebug + fwxalloc hidenat C. fw ctl zdebug + fwn allnat D. fw ctl zdebug + dynamic natips natports

Correct Answer: A

Question 10

Which of the following is NOT a way to insert fw monitor into the chain when troubleshooting packets throughout the chain?

A. Relative position using alias B. Relative position using location C. Absolution position D. Relative position using id

Correct Answer: B

CheckPoint Check Point Certified Troubleshooting Administrator - R81 - 156-581 Exam Practice Test