156-585 Exam Details

  • Exam Code
    :156-585
  • Exam Name
    :Check Point Certified Troubleshooting Expert (CCTE)
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :114 Q&As
  • Last Updated
    :Jul 10, 2026

CheckPoint 156-585 Online Questions & Answers

  • Question 101:

    The two procedures available for debugging in the firewall kernel are i fw ctl zdebug ii fw ctl debug/kdebug Choose the correct statement explaining the differences in the two

    A. (i) Is used for general debugging, has a small buffer and is a quick way to set kernel debug flags to get an output via command line whereas (ii) is useful when there is a need for detailed debugging and requires additional steps to set the buffer and get an output via command line
    B. (i) is used to debug the access control policy only, however (ii) can be used to debug a unified policy
    C. (i) is used to debug only issues related to dropping of traffic, however (ii) can be used for any firewall issue including NATing, clustering etc.
    D. (i) is used on a Security Gateway, whereas (ii) is used on a Security Management Server

  • Question 102:

    Rules within the Threat Prevention policy use the Malware database and network objects. Which directory is used for the Malware database?

    A. $FWDIR/conf/install_manager_tmp/ANTIMALWARE/conf/
    B. $CPDIR/conf/install_manager_lmp/ANTIMALWARE/conf/
    C. $FWDlR/conf/install_firewall_imp/ANTIMALWARE/conf/
    D. $FWDlR/log/install_manager_tmp/ANTIMALWARBlog?

  • Question 103:

    Which Threat Prevention daemon is the core Threat Emulator, engine and responsible for emulation files and communications with Threat Cloud?

    A. ctasd
    B. inmsd
    C. ted
    D. scrub

  • Question 104:

    You are upgrading your NOC Firewall (on a Check Point Appliance) from R77 to R80 30 but you did not touch the security policy After the upgrade you can't connect to the new R80 30 SmartConsole of the upgraded Firewall anymore What is a possible reason for this?

    A. new new console port is 19009 and a access rule ts missing
    B. the license became invalig and the firewall does not start anymore
    C. the upgrade process changed the interfaces and IP adresses and you have to switch cables
    D. the IPS System on the new R80.30 Version prohibits direct Smartconsole access to a standalone firewall

  • Question 105:

    How does the URL Filtering Categorization occur in the kernel?

    1.

    RAD provides the status of the search to the client.

    2.

    The a-sync request is forwarded to the RAD User space via the RAD kernel for online categorization.

    3.

    The online detection service responds with categories and the kernel cache is updated.

    4.

    The kernel cache notifies the RAD kernel of hits and misses.

    5.

    URL lookup initiated by the client.

    6.

    URL lookup occurs in the kernel cache.

    7.

    The client sends an a-sync request back to RAD If the URL was not found.

    A. 5, 6, 7, 1, 3, 2, 4
    B. 5, 6, 2, 4, 1, 7, 3
    C. 5, 6, 4, 1, 7, 2, 3
    D. 5, 6, 3, 1, 2, 4, 7

  • Question 106:

    When running a debug with fw monitor, which parameter will create a more verbose output?

    A. -i
    B. -i
    C. -0
    D. -d

  • Question 107:

    What is the proper command for allowing the system to create core files?

    A. $FWDIR/scripts/core-dump-enable.sh
    B. # set core-dump enable # save config
    C. service core-dump start
    D. >set core-dump enable >save config

  • Question 108:

    PostgreSQL is a powerful, open source relational database management system Check Point offers a command for viewing the database to interact with Postgres interactive shell Which command do you need to enter the PostgreSQL interactive shell?

    A. psql_client cpm postgres
    B. mysql_client cpm postgres
    C. psql_c!ieni postgres cpm
    D. mysql -u root

  • Question 109:

    How can you increase the ring buffer size to 1024 descriptors?

    A. set interface eth0 rx-ringsize 1024
    B. fw ctl int rx_ringsize 1024
    C. echo rx_ringsize=1024>>/etc/sysconfig/sysctl.conf
    D. dbedit>modify properties firewall_properties rx_ringsize 1024

  • Question 110:

    You are trying to establish a VPN tunnel between two Security Gateways but fail. What initial steps will you make to troubleshoot the issue

    A. capture traffic on both tunnel members and collect debug of IKE and VPND daemon
    B. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags, then collect debug of IKE and VPND daemon
    C. collect debug of IKE and VPND daemon and collect kernel debug for fw module with vm, crypt, conn and drop flags
    D. capture traffic on both tunnel members and collect kernel debug for fw module with vm, crypt, conn and drop flags

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-585 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.