A user complains that some Internet resources are not available. The Administrator is having issues seeing it packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue?
Correct Answer: D
Explanation The solution to troubleshoot the issue of some Internet resources being unavailable is to run fw ctl zdebug drop on the relevant gateway1. This command lists all dropped packets in real time and explains the reasons for the drop2. It is a powerful tool that can help diagnose connectivity problems and firewall policy issues3. To use this command, you need to access the gateway in expert mode and run fw ctl zdebug + drop2. You can also filter the output by using grep with an IP address or a keyword, for example: fw ctl zdebug + drop | grep 10.10.10.10 or fw ctl zdebug + drop | grep SYN3. This command is a wrapper for the full debugs, and it will run the debug commands for you and will allow you to run debug from one debug module only4. By default, it will use a small debug buffer but if you wish, you can provide the -buf option to use your own size4. To stop the command, press Ctrl+C and then run fw ctl debug 0 to reset the debug state3. Note: Running this command may affect the performance of the firewall, so use it with caution and only when necessary3. References: Solved: is it possible /supported to run fw ctl zdebug on ... - Check ..., How to use the fw ctl zdebug command to view drops on the Security Gateway, Troubleshooting dropped packets in Checkpoint using zdebug, "fw ctl zdebug" - Helpful Command Combinations - Check Point CheckMates
Question 42
What API command below creates a new host with the name "New Host" and IP address of "192.168.0.10"?
Correct Answer: C
Question 43
What two ordered layers make up the Access Control Policy Layer?
Correct Answer: A
Question 44
Fill in the blank: Authentication rules are defined for ________ .
Correct Answer: A
Explanation Authentication rules are defined for user groups, not individual users or all users in the database. Authentication rules allow you to control which user groups can access specific resources or services through the Security Gateway. You can define different authentication methods and schemes for different user groups, such as Check Point Password, OS Password, RADIUS, TACACS, SecurID, LDAP, or Certificate. You can also define different session timeouts and source restrictions for different user groups. Authentication rules are processed before the network access rules in the rule base.
Question 45
The admin is connected via ssh lo the management server. He wants to run a mgmt_dl command but got a Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue?
Correct Answer: D
Explanation The error message "Error 404. The Management API server is not available. Please check that the Management API server is up and running." indicates that the API is not running on the Management Server. The netstat command shows that there is no process listening on port 4434, which is the default port for the API. To start the API, the command 'api start' should be used. The other options are not relevant to this issue. References: Check Point R81 Installation and Upgrade Guide, page 18.
