Practice on 2025 LATEST 156-587 Exam Updated 101 Questions [Q58-Q83]

Practice on 2025 LATEST 156-587 Exam Updated 101 Questions

Download Latest 156-587 Dumps with Authentic Real Exam QA's

NEW QUESTION # 58
What is the name of the VPN kernel process?

• A. CVPND
• B. VPND
• C. VPNK
• D. FWK

Answer: B

NEW QUESTION # 59
Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources such as Application Control and IPS. and compiles them together into unified Pattern Matchers?

• A. Context Loader
• B. PSL - Passive Signature Loader
• C. cpas
• D. CMI Loader

Answer: B

NEW QUESTION # 60
What is the Security Gateway directory where an administrator can find vpn debug log files generated during Site-to-Site VPN troubleshooting?

• A. $CPDIR/conf/
• B. /opt/CPsuiteR80/vpn/log/
• C. $FWDIR/log/
• D. $FWDIR/conf/

Answer: C

NEW QUESTION # 61
The Check Point Watch Daemon (CPWD) monitors critical Check Point processes, terminating them or restarting them as needed to maintain consistent, stable operating conditions. When checking the status/output of CPWD you are able to see some columns like APP, PID, STAT, START, etc. What is the column "STAT" used for?

• A. Shows how many times the Watch Dog started the monitored process
• B. Shows the status of the monitored process
• C. Shows the Watch Dog name of the monitored process
• D. Shows what monitoring method Watch Dog is using to track the process

Answer: B

Explanation:
The STAT column in the output of the cpwd_admin list command shows the status of the monitored process.
The possible values are E for established, meaning that the process is running, or T for terminated, meaning that the process is not running. The STAT column is useful for quickly checking if any critical process has crashed or failed to start. If the value is T, the process should be restarted and the reason for the termination should be investigated. The STAT column does not show the Watch Dog name, the number of times the process was started, or the monitoring method of the Watch Dog.

NEW QUESTION # 62
When a User Mode process suddenly crashes, it may create a core dump file. Which of the following information is available in the core dump and may be used to identify the root cause of the crash?
i. Program Counter
ii. Stack Pointer
iii. Memory management information
iv. Other Processor and OS flags / information

• A. Only iii
• B. i, ii, iii and iv
• C. i and ii only
• D. iii and iv only

Answer: B

NEW QUESTION # 63
You want to fully investigate the VPN establishment, what will you do?

• A. vpn debug and use IKEview
• B. debug FWD because VPND Is child process
• C. use kernel debug with fw ctl debug -m VPN all
• D. use vpn tu command and use option 8 to start debug

Answer: A

NEW QUESTION # 64
The two procedures available for debugging in the firewall kernel are
i. fw ctl zdebug
ii. fw ctl debug/kdebug
Choose the correct statement explaining the differences in the two

• A. (i) is used on a Security Gateway, whereas (ii) is used on a Security Management Server
• B. (i) is used to debug the access control policy only, however (ii) can be used to debug a unified policy
• C. (i) is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to getan output via command line whereas (ii) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line
• D. (i) is used to debug only issues related to dropping of traffic, however (ii) can be used for any firewall issue including NATing, clustering etc.

Answer: C

NEW QUESTION # 65
Which Daemon should be debugged for HTTPS inspection related issues?

• A. VPND
• B. HTTPD
• C. FWD
• D. WSTLSD

Answer: D

Explanation:
The WSTLSD daemon is responsible for handling HTTPS Inspection related issues on the Security Gateway. It performs SSL/TLS termination and re-encryption, certificate validation and generation, and URL categorization for HTTPS traffic1. The WSTLSD daemon can be debugged using the command wstlsd debug on TDERROR_ALL_ALL=52. The debug file is located in $FWDIR/log/wstlsd.elg2. The other daemons, such as FWD, HTTPD, and VPND, are not directly related to HTTPS Inspection, but rather to policy installation, web server, and VPN, respectively. References: 1: sk65144: HTTPS Inspection Architecture 2:
sk83520: How to debug the WSTLSD daemon

NEW QUESTION # 66
Check Point Threat Prevention policies can contain multiple policy layers and each layer consists of its own Rule Base.
Which Threat Prevention daemon is used for Anti-virus?

• A. in.emaild
• B. in.emaild.mta
• C. ctasd
• D. in.msd

Answer: C

Explanation:
ctasd: This daemon is responsible for Threat Emulation, Anti-Bot, Application Control, and various other security features, including Anti-virus. From Check Point R80.10 onwards, Anti-virus functionality is integrated within ctasd.

NEW QUESTION # 67
What tool would you run to diagnose logging and indexing?

• A. run doctor-log.sh
• B. cpstat mg -f log_server
• C. run diagnostic view
• D. run cpm_doctor.sh

Answer: A

NEW QUESTION # 68
What is the function of the Core Dump Manager utility?

• A. To send crash information to an external analyzer
• B. To determine which process is slowing down the system
• C. To generate a new core dump for analysis
• D. To limit the number of core dump files per process as well as the total amount of disk space used by core files

Answer: D

Explanation:
The Core Dump Manager (CDM) is a utility that helps manage core dump files on Check Point systems. Its main functions include:
Limiting file size and number: CDM can be configured to limit the size of individual core dump files and the total amount of disk space used for core dumps. This prevents core dumps from filling up valuable disk space.
Compression: CDM can compress core dump files to reduce their storage size. This is particularly helpful when dealing with large core dumps.
Process filtering: CDM allows you to specify which processes should be allowed to generate core dumps. This can help prevent unnecessary core dumps from being created.
Remote collection: CDM can be configured to send core dump files to a remote server for analysis. This is useful in environments where direct access to the system generating the core dump is limited.
By using CDM, you can effectively manage core dump files and ensure that they are not overwhelming your system's resources.

NEW QUESTION # 69
Like a Site-to-Site VPN between two Security Gateways, a Remote Access VPN relies on the Internet Key Exchange (IKE) what types of keys are generated by IKE during negotiation?

• A. Produce a symmetric key on both sides
• B. Produce a pair of public and private keys
• C. Produce an asymmetric key on both sides
• D. Symmetric keys based on pre-shared secret

Answer: B

NEW QUESTION # 70
URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required?

• A. URLF Online Service
• B. RAD Kernel Space
• C. URLF Kernel Client
• D. RAD User Space

Answer: C

Explanation:
URL Filtering is an essential part of Web Security in the Gateway that allows the administrator to control the access to web sites based on the site categorization and reputation. For the Security Gateway to perform a URL lookup when a client makes a URL request, the following steps are involved12:
* The URLF Kernel Client is the component that intercepts the URL request from the client and extracts the URL information, such as the host name, the path, and the query parameters. The URLF Kernel Client then checks the local cache to see if the URL has been previously categorized. If the URL is found in the cache, the URLF Kernel Client returns the cached category to the Security Policy and enforces the relevant action. If the URL is not found in the cache, the URLF Kernel Client sends a sync- request to the URLF User Space.
* The URLF User Space is the component that handles the sync-request from the URLF Kernel Client and performs the URL lookup. The URLF User Space first checks the local database to see if the URL has been previously categorized. If the URL is found in the database, the URLF User Space returns the database category to the URLF Kernel Client. If the URL is not found in the database, the URLF User Space sends an async-request to the URLF Online Service.
* The URLF Online Service is the component that handles the async-request from the URLF User Space and performs the URL lookup. The URLF Online Service is a cloud-based service that provides the most updated and accurate URL categorization and reputation. The URLF Online Service queries the Check Point cloud servers to get the category and reputation of the URL, and returns the result to the URLF User Space. The URLF Online Service also updates the local database and cache with the new URL information.
Therefore, the sync-request is forwarded from the URLF Kernel Client to the URLF User Space, if a sync- request is required.
References: Application Control Administration Guide1, (CCTE) - Check Point Software2
1: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.
10_ApplicationControl_AdminGuide/html_frameset.htm 2: https://www.checkpoint.com/downloads/training
/DOC-Training-Data-Sheet-CCTE-R81.10-V1.0.pdf

NEW QUESTION # 71
VPN issues may result from misconfiguration communication failure, or incompatible default configurations between peers. Which basic command syntax needs to be used for troubleshooting Site-toSite VPN Issues?

• A. fw debug truncon
• B. vpn debug truncon
• C. vpn truncon debug
• D. cp debug truncon

Answer: B

NEW QUESTION # 72
In Mobile Access VPN. clientless access is done using a web browser. The primary communication path for these browser based connections is a process that allows numerous processes to utilize port
443 and redirects traffic to a designated port of the respective process Which daemon handles this?

• A. Multi-portal Daemon (MPD)
• B. Connectra VPN Daemon (cvpnd)
• C. HTTPS Inspection Daemon (HID)
• D. Mobile Access Daemon (MAD)

Answer: A

Explanation:
The Multi-portal Daemon (mpdaemon) is responsible for handling the clientless access connections in Mobile Access VPN. It listens on port 443 and redirects the traffic to the appropriate port of the process that handles the specific connection type, such as cvpnd for SSL Network Extender, MAD for Mobile Access Portal, or HID for HTTPS Inspection. The mpdaemon also performs authentication and authorization for the clientless access connections. Reference: Check Point Processes and Daemons1, Mobile Access Blade Administration Guide
1: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638 : https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Mobile_Access_AdminGuide/html_frameset.htm

NEW QUESTION # 73
That is the proper command for allowing the system to create core files?

• A. service core-dump start
• B. # set core-dump enable
  # save config
• C. $FWDIR/scripts/core-dump-enable.sh
• D. > set core-dump enable
  > save config

Answer: D

NEW QUESTION # 74
What is the function of the Core Dump Manager utility?

• A. To send crash information to an external analyzer
• B. To determine which process is slowing down the system
• C. To generate a new core dump for analysis
• D. To limit the number of core dump files per process as well as the total amount of disk space used by core files

Answer: D

Explanation:
The Core Dump Manager (CDM) is a utility that helps manage core dump files on Check Point systems. Its main functions include:
* Limiting file size and number: CDM can be configured to limit the size of individual core dump files and the total amount of disk space used for core dumps. This prevents core dumps from filling up valuable disk space.
* Compression: CDM can compress core dump files to reduce their storage size. This is particularly helpful when dealing with large core dumps.
* Process filtering: CDM allows you to specify which processes should be allowed to generate core dumps. This can help prevent unnecessary core dumps from being created.
* Remote collection: CDM can be configured to send core dump files to a remote server for analysis.
This is useful in environments where direct access to the system generating the core dump is limited.
By using CDM, you can effectively manage core dump files and ensure that they are not overwhelming your system's resources.

NEW QUESTION # 75
Which of the following would NOT be a flag when debugging a unified policy?

• A. clob
• B. rulebase
• C. connection
• D. tls

Answer: D

NEW QUESTION # 76
In Mobile Access VPN. clientless access is done using a web browser. The primary communication path for these browser based connections is a process that allows numerous processes to utilize port
443 and redirects traffic to a designated port of the respective process Which daemon handles this?

• A. Multi-portal Daemon (MPD)
• B. Connectra VPN Daemon (cvpnd)
• C. HTTPS Inspection Daemon (HID)
• D. Mobile Access Daemon (MAD)

Answer: A

Explanation:
The Multi-portal Daemon (mpdaemon) is responsible for handling the clientless access connections in Mobile Access VPN. It listens on port 443 and redirects the traffic to the appropriate port of the process that handles the specific connection type, such as cvpnd for SSL Network Extender, MAD for Mobile Access Portal, or HID for HTTPS Inspection. The mpdaemon also performs authentication and authorization for the clientless access connections. References: Check Point Processes and Daemons1, Mobile Access Blade Administration Guide
1: https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638 : https://sc1.checkpoint.com/documents/R81.10
/WebAdminGuides/EN/CP_R81.10_Mobile_Access_AdminGuide/html_frameset.htm

NEW QUESTION # 77
You are using the identity Collector with identity Awareness in large environment. Users report that they cannot access resources on Internet You identify that the traffic is matching the cleanup rule Instead of the proper rule with Access Roles using the IDC How can you check if IDC is working?

• A. ad query I debug on
• B. pdp debug set IDP all
• C. pep debug idc on
• D. pdp connections idc

Answer: D

NEW QUESTION # 78
What command is usually used for general firewall kernel debugging and what is the size of the buffer that is automatically enabled when using the command?

• A. fw ctl zdebug, buffer size is 1 MB
• B. fw ctl kdebug, buffer size is 32000 KB
• C. fw ctl zdebug, buffer size is 32768 KB
• D. fw ctl debug, buffer size is 1024 KB

Answer: C

NEW QUESTION # 79
An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution she wants to check if the process responsible for this feature is running correctly. What is true about the related process?

• A. solr is a child process of cpm
• B. fwm manaqes this database after initialization of the 1CA
• C. fwssd crashes can affect therefore not show in the list
• D. cpd needs to be restarted manual to show in the list

Answer: A

NEW QUESTION # 80
For Identity Awareness, what is the PDP process?

• A. UserAuth Database
• B. Log Sifter
• C. Captive Portal Service
• D. Identity server

Answer: D

NEW QUESTION # 81
What is the correct syntax to turn a VPN debug on and create new empty debug files'?

• A. vpndebug trunc on
• B. vpn debug truncon
• C. vpn kdebug on
• D. vpn debug trunkon

Answer: B

NEW QUESTION # 82
Which of the following commands can be used to see the list of processes monitored by the Watch Dog process?

• A. cpstat fw -f watchdog
• B. ps -ef | grep watchd
• C. fw ctl get str watchdog
• D. cpwd_admin list

Answer: D

NEW QUESTION # 83
......

Authentic 156-587 Exam Dumps PDF - Jul-2025 Updated: https://certkingdom.practicedump.com/156-587-practice-dumps.html