What file contains the RAD proxy settings?
A
James is using the same filter expression in fw monitor for CITRIX very often and instead of typing
this all the time he wants to add it as a macro to the fw monitor definition file. Whats the name and
location of this file?
A
How many tiers of pattern matching can a packet pass through during IPS inspection?
A
What acceleration mode utilizes multi-core processing to assist with traffic processing?
C
For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented,
which layer of IPS corrects this to allow for proper inspection?
A
Some users from your organization have been reported some connection problems with CIFS since
this morning. You suspect an IPS Issue after an automatic IPS update last night. So you want to
perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to
check if the packets pass the IPS. What command do you need to run?
A
What is the correct syntax to set all debug flags for Unified Policy related issues?
A
To check the current status of hyper-threading, which command would you execute in expert mode?
B
How does the URL Filtering Categorization occur in the kernel?
1. RAD provides the status of the search to the client.
2. The a-sync request is forwarded to the RAD User space via the RAD kernel for online
categorization.
3. The online detection service responds with categories and the kernel cache is updated.
4. The kernel cache notifies the RAD kernel of hits and misses.
5. URL lookup initiated by the client.
6. URL lookup occurs in the kernel cache.
7. The client sends an a-sync request back to RAD If the URL was not found.
C
What is the most efficient way to view large fw monitor captures and run filters on the file?
A
In Security Management High Availability, if the primary and secondary managements, running the
same version of R80.x, are in a state of Collision, how can this be resolved?
A
The customer is using Check Point appliances that were configured long ago by third-party
administrators. Current policy includes different enabled IPS protections and Bypass Under Load
function. Bypass Under Load is configured to disable IPS inspections of CPU and Memory usage is
higher than 80%. The Customer reports that IPS protections are not working at all regardless of CPU
and
Memory
usage.
What is the possible reason of such behavior?
D
Check Point provides tools & commands to help you to identify issues about products and
applications. Which Check Point command can help you to display status and statistics information
for various Check Point products and applications?
A
You need to run a kernel debug over a longer period of time as the problem occurs only once or
twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a
file but you cant afford to fill up all the remaining disk space and you only have 10 GB free for saving
the debugs. What is the correct syntax for this?
D
Which kernel process is used by Content Awareness to collect the data from contexts?
D