Note! Following 156-585 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is 156-587

156-585 Exam Dumps - Check Point Certified Troubleshooting Expert

Go to page:

Question # 4

Some users from your organization have been reported some connection problems with CIFS since this morning. You suspect an IPS Issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to check if the packets pass the IPS. What command do you need to run?

fw monitor -ml -pl 5 -e

fw monitor -pi 5 -e

tcpdump -eni any

fw monitor -pl asm

Full Access

Question # 5

Check Point provides tools & commands to help you to identify issues about products and applications. Which Check Point command can help you to display status and statistics information for various Check Point products and applications?

cpstat

CPstat

CPview

fwstat

Full Access

Question # 6

After kernel debug with "fw ctl debug" you received a huge amount of information It was saved in a very large file that is difficult to open and analyze with standard text editors Suggest a solution to solve this issue.

Use "fw ctl zdebug' because of 1024KB buffer size

Divide debug information into smaller files Use "fw ctl kdebug -f -o "filename" -m 25 - s "1024"

Reduce debug buffer to 1024KB and run debug for several times

Use Check Point InfoView utility to analyze debug output

Full Access

Question # 7

What is the most efficient way to view large fw monitor captures and run filters on the file?

wireshark

CLISH

CLI

snoop

Full Access