EMT Practice Test

1. Question Content...


Question List

Question1: Troubleshooting issues with Mobile Access requires the following:

Question2: Which of the following is NOT a valid "fwaccel" parameter?

Question3: What are the four ways to insert an FW Monitor into the firewallkernel chain?

Question4: Where will the usermode core files be located?

Question5: Which of the following daemons is used for Threat Extraction?

Question6: Check Point's PostgreSQL is partitioned into several relational database domains. Which domain contains network objects and security policies?

Question7: Joey is configuring a site-to-site VPN with his business partner. On Joey's site he has a Check Point R80.10 Gateway and his partner uses Cisco ASA 5540 as a gateway.
Joey's VPN domain on the Check Point Gateway object is manually configured with a group object that contains two network objects:
VPN_Domain3 = 192.168.14.0/24
VPN_Domain4 = 192.168.15.0/24
Partner's site ACL as viewed from "show run"
access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.14.0 255.255.255.0 access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.15.0 255.255.255.0 When they try to establish VPN tunnel, it fails. What is the most likely cause of the failure given the information provided?

Question8: Which kernel process is used by Content Awareness to collect the data from contexts?

Question9: What is the benefit of running "vpn debug trunc over "vpn debug on"?

Question10: You need to runa kernel debug over a longer period of time as the problem occurs only once or twice a week.
Therefore you need to add a timestamp to the kernel debug and write the output to a file What is the correct syntax for this?

Question11: The Check Point Firewall Kernel is the core component of the Gala operating system and an integral part of traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for detailed troubleshooting and needs more resources?

Question12: How does the URL Filtering Categorization occur in the kernel?
1. RAD provides the status of the search to the client.
2. The a-sync request is forwarded to the RAD User space via the RAD kernel for online categorization.
3. The online detection service responds with categories and the kernel cache is updated.
4. The kernel cache notifies the RAD kernel of hits and misses.
5. URL lookup initiated by the client.
6. URL lookup occurs in the kernel cache.
7. The client sends an a-sync request back to RAD If the URL was not found.

Question13: When a User process or program suddenly crashes, a core dump is often used to examine the problem. Which command is used to enable the core-dumping via GAIA dish?

Question14: You are running R80.XX on an open server and you see a high CPU utilization on your 12 CPU cores You now want to enable Hyperthreading to get more cores to gain some performance. What is the correct way to achieve this?

Question15: What is the name of the VPN kernel process?

Question16: URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required''

Question17: What is the function of the Core Dump Manager utility?

Question18: What command sets a specific interface as not accelerated?

Question19: Rules within the Threat Prevention policy use the Malware database and network objects. Which directory is used for the Malware database?

Question20: How can you start debug of the Unified Policy with all possible flags turned on?

Question21: How many captures does the command "fw monitor -p all" take?

Question22: If you run the command "fw monitor -e accept src=10.1.1.201 or src=172.21.101.10 or src=192.0.2.10;" from the cli sh What will be captured?

Question23: The two procedures available for debugging in the firewall kernel are
i fw ctl zdebug
ii fw ctl debug/kdebug
Choose the correct statement explaining the differences in the two

Question24: During firewall kernel debug with fw ctl zdebug you received less information than expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?

Question25: the difference in debugging a S2S or C2S (using Check Point VPN Client) VPN?

Question26: Check Point Access Control Daemons contains several daemons for Software Blades and features. Which Daemon is used for Application & Control Filtering?

Question27: You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file but you can't afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs. What is the correct syntax for this?

Question28: You are trying to establish a VPN tunnel between two Security Gateways but fail. What initial steps will you make to troubleshoot the issue

Question29: What is the purpose of the Hardware Diagnostics Tool?

Question30: PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell Which command do you need to enter the PostgreSQL interactive shell?

Question31: Which of the following is contained in the System Domain of the Postgres database?

Question32: Which command(s) will turn off all vpn debug collection?

Question33: Which Daemon should be debugged for HTTPS Inspection related issues?

Question34: Which Threat Prevention Daemon is the core Threat Emulation engine and responsible for emulation files and communications with Threat Cloud?

Question35: For TCP connections, when a packet arrives at the Firewall Kernel out of sequence or fragmented, which layer of IPS corrects this to allow for proper inspection?

Question36: What components make up the Context Management Infrastructure?

Question37: Which command is used to write a kernel debug to a file?

Question38: What are the main components of Check Point's Security Management architecture?

Question39: What does CMI stand for in relation to the Access Control Policy?

Question40: What process is responsible for sending and receiving logs in the management server?

Question41: You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore you need to add a timestamp to the kernel debug and write the output to a file What is the correct syntax for this?

Question42: What are the main components of Check Point's Security Management architecture?

Question43: What process monitors, terminates, and restarts critical Check Point processes as necessary?

Question44: Vanessa is reviewing ike.elg file to troubleshoot failed site-to-site VPN connection After sending Mam Mode Packet 5 the response from the peer is PAYLOAD-MALFORMED" What is the reason for failed VPN connection?

Question45: VPN issues may result from misconfiguration, communication failure, or incompatible default configurations between peers Which basic command syntax needs to be used for troubleshooting Site-to-Site VPN Issues?