Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-587

Free 156-587 Exam Braindumps (page: 12)

Page 11 of 29
PDF with 109 Questions

What is correct about the Resource Advisor (RAD) service on the Security Gateways?

  1. RAD is not a separate module, it is an integrated function of the `fw' kernel module and does all operations in the kernel space
  2. RAD functions completely in user space The Pattern Matter (PM) module of the CMI looks up for URLs in the cache and if not found, contact the RAD process in user space to do online categorization
  3. RAD is completely loaded as a kernel module that looks up URL in cache and if not found connects online for categorization There is no user space involvement in this process
  4. RAD has a kernel module that looks up the kernel cache notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization

Answer(s): D

Explanation:

The Resource Advisor (RAD) service on the Security Gateways is responsible for online categorization of URLs and resources for Application Control and Threat Prevention blades. RAD has two components: a kernel module and a user space module. The kernel module looks up the kernel cache for URLs and resources, notifies the client about hits and misses, and forwards asynchronous requests to the user space module. The user space module handles the communication with the Check Point online web service and updates the kernel cache with the results. RAD can operate in three modes: hold, background, and custom, depending on the configuration of the blades and the policy.


Reference:

Check Point Processes and Daemons - Section: Security Gateway Software Blades and Features - Subsection: URL Filtering Blade

Solved: Re: RAD's high utilization - Post by @PhoneBoy

Check Point Certified Troubleshooting Expert (CCTE) - Exam Topics - Module 5: Advanced Access Control



What file contains the RAD proxy settings?

  1. rad_control.C
  2. rad_scheme.C
  3. rad_services.C
  4. rad_settings.C

Answer(s): D



Which Daemon should be debugged for HTTPS inspection related issues?

  1. VPND
  2. WSTLSD
  3. FWD
  4. HTTPD

Answer(s): B

Explanation:

The WSTLSD daemon is responsible for handling HTTPS Inspection related issues on the Security Gateway. It performs SSL/TLS termination and re-encryption, certificate validation and generation,

and URL categorization for HTTPS traffic1. The WSTLSD daemon can be debugged using the command wstlsd debug on TDERROR_ALL_ALL=52. The debug file is located in $FWDIR/log/wstlsd.elg2. The other daemons, such as FWD, HTTPD, and VPND, are not directly related to HTTPS Inspection, but rather to policy installation, web server, and VPN, respectively.


Reference:

1: sk65144: HTTPS Inspection Architecture 2: sk83520: How to debug the WSTLSD daemon



When URL category is not found in the kernel cache, what action will GW do?

  1. RAD In user space will forward request to the cloud
  2. GW will update kernel cache during next policy install
  3. RAD in kernel space will forward request to the cloud
  4. RAD forwards this request to CMI which is the brain of inspection

Answer(s): A






Post your Comments and Discuss Checkpoint 156-587 exam with other Community members:

Exam Discussions & Posts