EMT Practice Test

1. Question Content...


Question List

Question1: Which is the correct "fw monitor" syntax for creating a capture file for loading it into WireShark?

Question2: Which one of the following is NOT considered a Solr core partition:

Question3: Select the technology that does the following actions
- provides reassembly via streaming for TCP
- handles packet reordering and congestion
- handles payload overlap
- provides consistent stream of data to protocol parsers

Question4: What process is responsible for sending and receiving logs in the management server?

Question5: You have configured IPS Bypass Under Load function with additional kernel parameters ids_tolerance_no_stress=15 and ids_tolerance_stress-15 For configuration you used the *fw ctl set' command After reboot you noticed that these parameters returned to their default values What do you need to do to make this configuration work immediately and stay permanent?

Question6: During firewall kernel debug with fw ctl zdebug you received less information than expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?

Question7: What are the main components of Check Point's Security Management architecture?

Question8: For TCP connections, when a packet arrives at the Firewall Kemel out of sequence or fragmented, which layer of IPS corrects this lo allow for proper inspection?

Question9: What is the name of the VPN kernel process?

Question10: What are four main database domains?

Question11: Some users from your organization have been reported some connection problems with CIFS since this morning. You suspect an IPS Issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to check if the packets pass the IPS. What command do you need to run?

Question12: The customer is using Check Point appliances that were configured long ago by third-party administrators. Current policy includes different enabled IPS protections and Bypass Under Load function. Bypass Under Load is configured to disable IPS inspections of CPU and Memory usage is higher than 80%. The Customer reports that IPS protections are not working at all regardless of CPU and Memory usage.
What is the possible reason of such behavior?

Question13: What is the main SecureXL database for tracking acceleration status of traffic?

Question14: Which daemon governs the Mobile Access VPN blade and works with VPND to create Mobile Access VPN connections? It also handles interactions between HTTPS and the Multi-Portal Daemon.

Question15: For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented, which layer of IPS corrects this to allow for proper inspection?

Question16: Which file is commonly associated with troubleshooting crashes on a system such as the Security Gateway?

Question17: What process monitors, terminates, and restarts critical Check Point processes as necessary?

Question18: What command is usually used for general firewall kernel debugging and what is the size of the buffer that is automatically enabled when using the command?

Question19: What is the correct syntax to set all debug flags for Unified Policy related issues?

Question20: Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation files and communications with Threat Cloud?

Question21: What is the buffer size set by the fw ctl zdebug command?

Question22: Which of the following is contained in the System Domain of the Postgres database?

Question23: When running a debug with fw monitor, which parameter will create a more verbose output?

Question24: What are the maximum kernel debug buffer sizes, depending on the version

Question25: You are running R80.XX on an open server and you see a high CPU utilization on your 12 CPU cores You now want to enable Hyperthreading to get more cores to gain some performance. What is the correct way to achieve this?

Question26: Which situation triggers an IPS bypass under load on a 24-core Check Point appliance?

Question27: Which command is used to write a kernel debug to a file?

Question28: Which command do you need to execute to insert fw monitor after TCP streaming (out) in the outbound chain using absolute position? Given the chain was 1ffffe0, choose the correct answer.

Question29: An administrator receives reports about issues with log indexing and text searching regarding an existing Management Server. In trying to find a solution she wants to check if the process responsible for this feature is running correctly. What is true about the related process?

Question30: Your fwm constantly crashes and is restarted by the watchdog. You can't find any coredumps related to this process, so you need to check If coredumps are enabled at all How can you achieve that?

Question31: Rules within the Threat Prevention policy use the Malware database and network objects. Which directory is used for the Malware database?

Question32: The Check Pom! Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process There are two procedures available for debugging the firewall kernel Which procedure/command is used for troubleshooting packet drops and other kernel activites while using minimal resources (1 MB buffer)?

Question33: Rules within the Threat Prevention policy use the Malware database and network objects. Which directory is used for the Malware database?

Question34: VPN's allow traffic to pass through the Internet securely byencryptingthe traffic as it enters the VPN tunnel and then decrypting the exists. Which process is responsible for Mobile VPN connections?

Question35: Joey is configuring a site-to-site VPN with his business partner. On Joey's site he has a Check Point R80.10 Gateway and his partner uses Cisco ASA 5540 as a gateway.
Joey's VPN domain on the Check Point Gateway object is manually configured with a group object that contains two network objects:
VPN_Domain3 = 192.168.14.0/24
VPN_Domain4 = 192.168.15.0/24
Partner's site ACL as viewed from "show run"
access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.14.0 255.255.255.0 access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.15.0 255.255.255.0 When they try to establish VPN tunnel, it fails. What is the most likely cause of the failure given the information provided?

Question36: Which kernel process is used by Content Awareness to collect the data from contexts?

Question37: What is the function of the Core Dump Manager utility?

Question38: What is the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

Question39: PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell Which command do you need to enter the PostgreSQL interactive shell?

Question40: James is using the same filter expression in fw monitor for CITRIX very often and instead of typing this all the time he wants to add it as a macro to the fw monitor definition file. What's the name and location of this file?

Question41: What is the purpose of the Hardware Diagnostics Tool?

Question42: Which of the following is contained in the System Domain of the Postgres database?

Question43: What are the four ways to insert an FW Monitor into the firewallkernel chain?

Question44: What table does command "fwaccel conns" pull information from?

Question45: Where do Protocol parsers register themselves for IPS?

Question46: The Check Point Firewall Kernel is the core component of the Gala operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?