Question 1

For TCP connections, when a packet arrives at the Firewall Kemel out of sequence or fragmented,
which layer of IPS corrects this lo allow for proper inspection?

• A. Passive Streaming Library
• B. Protections
• C. Protocol Parsers
• D. Context Management

Question 2

What command is usually used for general firewall kernel debugging and what is the size of the
buffer that is automatically enabled when using the command?

• A. fw ctl debug, buffer size is 1024 KB
• B. fw ell zdebug. buffer size is 32768 KB
• C. fw dl zdebug, buffer size is 1 MB
• D. fw ctl kdeoug. buffer size is 32000 KB

Question 3

What does CMI stand for in relation to the Access Control Policy?

• A. Content Matching Infrastructure
• B. Content Management Interface
• C. Context Management Infrastructure
• D. Context Manipulation Interface

Question 4

When a User process or program suddenly crashes, a core dump is often used to examine the
problem. Which command is used to enable the core-dumping via GAIA dish?

• A. set core-dump enable
• B. set core-dump per_process
• C. set user-dump enable
• D. set core-dump total

Question 5

PostgreSQL is a powerful, open source relational database management system Check Point offers a
command for viewing the database to interact with Postgres interactive shell Which command do
you need to enter the PostgreSQL interactive shell?

• A. psql_client cpm postgres
• B. mysql_client cpm postgres
• C. psql_c!ieni postgres cpm
• D. mysql -u root

Question 6

Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation
files and communications with Threat Cloud?
A. ctasd
B. inmsd
C. ted
D. scrub

Question 7

John has renewed his NGTX License but he gets an error (contract for Anti-Bot expired). He wants to
check the subscription status on the CU of the gateway, what command can he use for this?

• A. cpstat antimalware -f subscription_status
• B. fw monitor license status
• C. fwm lie print
• D. show license status

Question 8

During firewall kernel debug with fw ctl zdebug you received less information than expected. You
noticed that a lot of messages were lost since the time the debug was started. What should you do to
resolve this issue?

• A. Increase debug buffer; Use fw ctl debug –buf 32768
• B. Redirect debug output to file; Use fw ctl zdebug –o ./debug.elg
• C. Increase debug buffer; Use fw ctl zdebug –buf 32768
• D. Redirect debug output to file; Use fw ctl debug –o ./debug.elg

Question 9

Which process is responsible for the generation of certificates?

• A. cpm
• B. cpca
• C. dbsync
• D. fwm

Question 10

What command sets a specific interface as not accelerated?

• A. noaccel-s<interface1>
• B. fwaccel exempt state <interface1>
• C. nonaccel -s <interface1>
• D. fwaccel -n <intetface1 >

Question 11

When running a debug with fw monitor, which parameter will create a more verbose output?

• B. -i
• C. -0
• D. -d

Question 12

What is connect about the Resource Advisor (RAD) service on the Security Gateways?

• A. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization
• B. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There is no user space involvement in this process
• C. RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
• D. RAD is not a separate module, it is an integrated function of the 'fw1 kernel module and does all operations in the kernel space

Question 13

What are some measures you can take to prevent IPS false positives?

• A. Exclude problematic services from being protected by IPS (sip, H 323, etc )
• B. Use IPS only in Detect mode
• C. Use Recommended IPS profile
• D. Capture packets. Update the IPS database, and Back up custom IPS files

Question 14

RAD is initiated when Application Control and URL Filtering blades are active on the Security
Gateway What is the purpose of the following RAD configuration file SFWDIR/conf/rad_settings.C?

• A. This file contains the location information tor Application Control and/or URL Filtering entitlements
• B. This file contains the information on how the Security Gateway reaches the Security Managers RAD service for Application Control and URL Filtering
• C. This file contains RAD proxy settings
• D. This file contains all the host name settings for the online application detection engine

Question 15

What is the main SecureXL database for tracking the acceleration status of traffic?

• A. cphwd_db
• B. cphwd_tmp1
• C. cphwd_dev_conn_table
• D. cphwd_dev_identity_table