Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-587

Checkpoint 156-587 Exam Questions
Check Point Certified Troubleshooting Expert - R81.20 (Page 3 )

Updated On: 10-Mar-2026
Page 3 of 23
PDF with 109 Questions

What tool would you run to diagnose logging and indexing?

  1. run cpm_doctor.sh
  2. cpstat mg -f log_server
  3. run diagnostic view
  4. run doctor-log.sh

Answer(s): D



You found out that $FWDIR/Iog/fw.log is constantly growing in size at a Security Gateway, what is the reason?

  1. TCP state logging is enabled
  2. Its not a problem the gateways is logging connections and also sessions
  3. fw.log can grow when GW does not have space in logging directory
  4. The GW is logging locally

Answer(s): B



What is the best way to resolve an issue caused by a frozen process?

  1. Power off the machine
  2. Restart the process
  3. Reboot the machine
  4. Kill the process

Answer(s): D

Explanation:

When a process is frozen (hung or unresponsive), the typical method to resolve it is to kill the process. On Check Point, you can use cpwd_admin kill -name <ProcessName> or a standard Linux kill -9 <PID> command if necessary. You then allow CPWD (the Check Point watchdog) to restart it, or manually restart it if needed.

Other options:

A . Power off the machine: This is too drastic and not recommended just for a single frozen process.

B . Restart the process: While this sounds viable, you typically must kill the frozen process first, then let WatchDog or an admin restart it.

C . Reboot the machine: Similar to powering off--too disruptive for just one stuck process.

Hence, the most direct and standard approach:
"Kill the process."

Check Point Troubleshooting Reference sk97638 ­ Explanation of CPWD (Check Point WatchDog) and how to manage processes.

sk43807 ­ How to gracefully stop or kill a Check Point process.

Check Point CLI Reference Guide ­ Details on using cpwd_admin commands to kill or restart processes.



Which of the following file is commonly associated with troubleshooting crashes on a system such as the Security Gateway?

  1. tcpdump
  2. core dump
  3. fw monitor
  4. CPMIL dump

Answer(s): B

Explanation:

When troubleshooting crashes on a Security Gateway (or any Linux-based system), the file type that is typically generated and used for in-depth analysis is a core dump.

A core dump captures the memory state of a process at the time it crashed and is critical for root- cause analysis.

Other options:

A . tcpdump: A packet capture file, not a crash-related file.

C . fw monitor: A Check Point packet capture tool, but not for crash debugging.

D . CPMIL dump: Not a common or standard crash dump reference in Check Point.



When a User Mode process suddenly crashes, it may create a core dump file.
Which of the following information is available in the core dump and may be used to identify the root cause of the crash?

  1. Program Counter ii. Stack Pointer iii. Memory management information iv. Other Processor and OS flags / information
  2. iii and iv only
  3. i and ii only
  4. i, ii, iii and iv
  5. Only lii

Answer(s): C

Explanation:

A core dump file is essentially a snapshot of the process's memory at the time of the crash. This snapshot includes crucial information that can help diagnose the cause of the crash. Here's why all the options are relevant:

i. Program Counter: This register stores the address of the next instruction the CPU was supposed to execute. It pinpoints exactly where in the code the crash occurred.

ii. Stack Pointer: This register points to the top of the call stack, which shows the sequence of function calls that led to the crash. This helps trace the program's execution flow before the crash.

iii. Memory management information: This includes details about the process's memory allocations, which can reveal issues like memory leaks or invalid memory access attempts.

iv. Other Processor and OS flags/information: This encompasses various registers and system information that provide context about the state of the processor and operating system at the time of the crash.

By analyzing this information within the core dump, you can often identify the root cause of the crash, such as a segmentation fault, null pointer dereference, or stack overflow.

Check Point Troubleshooting


Reference:

While core dumps are a general concept in operating systems, Check Point's documentation touches upon them in the context of troubleshooting specific processes like fwd (firewall) or cpd (Check Point daemon). The fw ctl zdebug command, for example, can be used to trigger a core dump of the fwd process for debugging purposes.



Viewing page 3 of 23
Viewing questions 11 - 15 out of 109 questions



Post your Comments and Discuss Checkpoint 156-587 exam dumps with other Community members:

156-587 Exam Discussions & Posts

AI Tutor