← Back to exam page

156-585 Check Point Certified Troubleshooting Expert

Loading demo links...

Showing 4–6 of 10 questions

Question 4

What is the proper command for allowing the system to create core files?

Select an option, then click Submit answer.

  • $FWDIR/scripts/core-dump-enable.sh

  • # set core-dump enable # save config

  • service core-dump start

  • >set core-dump enable
    >save config
Question 5

What is the correct syntax to set all debug flags for Unified Policy related issues?

Select an option, then click Submit answer.

  • fw ctl debug -m UP all

  • fw ctl debug -m up all

  • fw ctl kdebug -m UP all

  • fw ctl debug -m fw all
Question 6

Joey is configuring a site-to-site VPN with his business partner. On Joey’s site he has a Check Point R80.10 Gateway and his partner uses Cisco ASA 5540 as a gateway. Joey’s VPN domain on the Check Point Gateway object is manually configured with a group object that contains two network objects:

VPN_Domain3 = 192.168.14.0/24

VPN_Domain4 = 192.168.15.0/24

Partner’s site ACL as viewed from “show run”

access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.14.0 255.255.255.0 access-list JOEY-VPN extended permit ip 172.26.251.0 255.255.255.0 192.168.15.0 255.255.255.0

When they try to establish VPN tunnel, it fails. What is the most likely cause of the failure given the information provided?

Select an option, then click Submit answer.

  • Tunnel falls on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation. Check Point continues to present its own encryption domain as 192.168.14.0/24 and 192.168.15.0/24, but the peer expects the one network 192.168.14.0/23

  • Tunnel fails on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation. Check Point continues to present its own encryption domain as 192.168.14.0/23, but the peer expects the two distinct networks 192.168.14.0/24 and 192.168.15.0/24.

  • Tunnel fails on Joey’s site, because he misconfigured IP address of VPN peer.

  • Tunnel falls on partner site. It is likely that the Cisco ASA 5540 will reject the Phase 2 negotiation due to the algorithm mismatch.