Check Point Certified Troubleshooting Expert - R81.20 (CCTE) v1.0

Page:    1 / 6   
Exam contains 84 questions
Expand All

Which of these packet processing components stores Rule Base matching state-related information?

  • A. Classifiers
  • B. Manager
  • C. Handlers
  • D. Observers


Answer : D

Check Point Access Control Daemons contains several daemons for Software Blades and features. Which Daemon is used for Application & Control URL Filtering?

  • A. pdpd
  • B. rad
  • C. cprad
  • D. pepd


Answer : B

What is correct about the Resource Advisor (RAD) service on the Security Gateways?

  • A. RAD is not a separate module, it is an integrated function of the ‘fw’ kernel module and does all operations in the kernel space
  • B. RAD functions completely in user space. The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
  • C. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization. There is no user space involvement in this process
  • D. RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization


Answer : D

When URL category is not found in the kernel cache, what action will GW do?

  • A. RAD in user space will forward request to the cloud
  • B. GW will update kernel cache during next policy install
  • C. RAD in kernel space will forward request to the cloud
  • D. RAD forwards this request to CMI which is the brain of inspection


Answer : A

How does Identity Collector connect to Windows Server?

  • A. ADQuery is needed for connection
  • B. LDAP connection
  • C. It uses a PDP demon to connect
  • D. via Windows API


Answer : D

Captive Portal, PDP and PEP run in what space?

  • A. User
  • B. CPM
  • C. FWD
  • D. Kernel


Answer : A

What are the three main component of Identity Awareness?

  • A. Client, SMS and Secure Gateway
  • B. Identity Source, Identity Server (PDP) and Identity Enforcement (PEP)
  • C. Identity Awareness Blade on Security Gateway, User Database on Security Management Server and Active Directory
  • D. User, Active Directory and Access Role


Answer : B

What cli command is run on the GW to verify communication to the Identity Collector?

  • A. pdp connections idc
  • B. pep connections idc
  • C. show idc connections
  • D. fwd connected


Answer : A

What function receives the AD log event information?

  • A. FWD
  • B. CPD
  • C. PEP
  • D. ADLOG


Answer : D

You receive complains that Guest Users cannot login and use the Guest Network which is configured with Access Role of Guest Users. You need to verity the Captive Portal configuration.
Where can you find the config file?

  • A. on the gateway at $NACPORTAL_ HOME/conf/httpd_ nac.conf
  • B. on the management at $CPNAC_ HOME/conf/httpd_ nac.conf
  • C. on the management at $NACPORTAL_ HOME/conf/httpd_ nac.conf
  • D. on the gateway at $CPNAC_ HOME/conf/httpd_ nac.conf


Answer : A

What command would you run to verify the communication between the Security Gateway and the Identity Collector?

  • A. fw ctl debug -m IDAPI
  • B. pdp connections idc
  • C. fw ctl debug -m fw + nac
  • D. adlog


Answer : B

You are using the Identity Collector with Identity Awareness in large environment. Users report that they cannot access resources on Internet. You identify that the traffic is matching the cleanup rule instead of the proper rule with Access Roles using the IDC. How can you check if IDC is working?

  • A. pdp connections idc
  • B. ad query | debug on
  • C. pep debug idc on
  • D. pdp debug set IDP all


Answer : A

For Identity Awareness, what is the PDP process?

  • A. Identity server
  • B. Captive Portal Service
  • C. User Auth Database
  • D. Log Sifter


Answer : A

What is the correct syntax to turn a VPN debug on and create new empty debug files?

  • A. vpndebug trunc on
  • B. vpn debug truncon
  • C. vpn debug trunkon
  • D. vpn kdebug on


Answer : A

How many packets are needed to establish IKEv1?

  • A. Only three packets for main mode
  • B. 8
  • C. 5
  • D. 6


Answer : D

Page:    1 / 6   
Exam contains 84 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy