EMT Practice Test

1. Question Content...


Question List

Question1: You need to run a kernel debug over a longer period of time as the problem occurs only once or twice a week. Therefore, you need to add a timestamp to the kernel debug and write the output to a file but you can't afford to fill up all the remaining disk space and you only have 10 GB free for saving the debugs. What is the correct syntax for this?

Question2: Check Point provides tools & commands to help you to identify issues about products and applications. Which Check Point command can help you to display status and statistics information for various Check Point products and applications?

Question3: As a security administrator/engineer in your company, you have noticed that your HQ Check Point Security Management Server is not receiving logs from your HQ Check Point Gateway/Cluster.
To investigate this issue in the command line, you will need to verify which process is running?

Question4: In Mobile Access VPN, clientless access is done using a web browser. The primary communication path for these browser based connections is a process that allows numerous processes to utilize port 443 and redirects traffic to a designated port of the respective process.
Which daemon handles this?

Question5: What is the correct syntax to turn a VPN debug on and create new empty debug files?

Question6: PostgreSQL is a powerful, open source relational database management system. Check Point offers a command for viewing the database to interact with Postgres interactive shell. Which command do you need to enter the PostgreSQL interactive shell?

Question7: Check Point Access Control Daemons contains several daemons for Software Blades and features. Which Daemon is used for Application & Control URL Filtering?

Question8: When a User Mode process suddenly crashes, it may create a core dump file. Which of the following information is available in the core dump and may be used to identify the root cause of the crash?
i. Program Counter
ii. Stack Pointer
iii. Memory management information
iv. Other Processor and OS flags / information

Question9: What command(s) will turn off all vpn debug collection?

Question10: What information does the doctor-log script supply?

Question11: The two procedures available for debugging in the firewall kernel are
i. fw ctl zdebug
ii. fw ctl debug/kdebug
Choose the correct statement explaining the differences in the two

Question12: You have just acquired new licenses for your Check Point security Gateway. You need to attach the new license.
What is the object in the Security Console where you can attach the license for a software blade?

Question13: What is the name of the VPN kernel process?

Question14: Your users have some issues connecting with Mobile Access VPN to your gateway. How can you debug the tunnel establishment?

Question15: URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required?

Question16: John has renewed his NPTX License but he gets an error (contract for Anti-Bot expired). He wants to check the subscription status on the CLI of the gateway, what command can he use for this?

Question17: What Check Point process controls logging?

Question18: You are seeing output from the previous kernel debug. What command should you use to avoid that?

Question19: The Check Point Firewall Kernel is the core component of the Gaia operating system and an integral part of the traffic inspection process. There are two procedures available for debugging the firewall kernel. Which procedure/command is used for troubleshooting packet drops and other kernel activities while using minimal resources (1 MB buffer)?

Question20: What is NOT a benefit of the `fw ctl zdebug' command?

Question21: When viewing data for CPMI objects in the Postgres database, what table column should be selected to query for the object instance?

Question22: After kernel debug with "fw ctl debug" you received a huge amount of information. It was saved in a very large file that is difficult to open and analyze with standard text editors. Suggest a solution to solve this issue.

Question23: What function receives the AD log event information?

Question24: When dealing with monolithic operating systems such as Gaia, where are system calls initiated from to achieve a required system level function?

Question25: When a User process or program suddenly crashes, a core dump is often used to examine the problem. Which command is used to enable the core-dumping via GAIA clish?

Question26: You receive reports that Users cannot browse internet sites. You are using identity awareness with AD Query and Identity Collector in addition you have the Browser Based Authentication Enabled.
What command can be used to debug the problem?

Question27: What are the three main component of Identity Awareness?

Question28: Which of the following commands can be used to see the list of processes monitored by the Watch Dog process?

Question29: What cli command is run on the GW to verify communication to the Identity Collector?

Question30: The management configuration stored in the Postgres database is partitioned into several relational database domains. What is the purpose of the Global Domain?

Question31: SmartEvent utilizes the Log Server, Correlation Unit and SmartEvent Server to aggregate logs and identify security events. The three main processes that govern these SmartEvent components are:

Question32: What command is used to find out which port Multi-Portal has assigned to the Mobile Access Portal?

Question33: What are the main components of Check Point's Security Management architecture?

Question34: User defined URLS and HTTPS Inspection User defined URLs on the Security Gateway are stored in which database file?

Question35: Which Daemon should be debugged for HTTPS Inspection related issues?

Question36: What is the correct syntax to set all debug flags for Unified Policy related issues?

Question37: Which of the following is a component of the Context Management Infrastructure used to collect signatures in user space from multiple sources, such as Application Control and IPS, and compiles them together into unified Pattern Matchers?

Question38: Which of the following would NOT be a flag when debugging a unified policy?

Question39: During firewall kernel debug with fw ctl zdebug you received less information that expected. You noticed that a lot of messages were lost since the time the debug was started. What should you do to resolve this issue?