Download Valid Check Point 156-590 Exam Dumps For Best Preparation
Exam
:
156-590
Title
: Check Point Certified Threat
Prevention Specialist
(CTPS)
https://www.passcert.com/156-590.html
1/4
Download Valid Check Point 156-590 Exam Dumps For Best Preparation
1.Task: Verify the enabled Software Blades on a Check Point Security Gateway.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into the Security Gateway.
2. Run the command: cplic print to check license details.
3. Use: enabled_blades or cpstat os to verify enabled blades.
4. Confirm Threat Prevention blades like IPS, Anti-Bot, and Anti-Virus are listed.
5. Use SmartConsole > Gateway > General Properties to visually confirm the same.
2.Task: Validate the Threat Prevention policy is applied correctly to a Security Gateway.
A. See the Explanation.
Answer: A
Explanation:
1. Open SmartConsole > Threat Prevention > Policy.
2. Ensure the policy is assigned to the correct Gateway.
3. Publish and Install the policy.
4. SSH into the Gateway and run: fw stat to confirm active policy name.
5. Cross-verify that Threat Prevention blades are enforcing the loaded policy.
3.Task: Use CLI to test the management server connectivity from the Security Gateway.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into the Security Gateway.
2. Ping the management server: ping .
3. Check hostname resolution: nslookup .
4. Confirm SIC is established: cp_conf sic state.
5. Check for outbound connectivity on port 18210 (CPD).
4.Task: Confirm that Security Management Server is operational.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into the Management Server.
2. Check processes: cpwd_admin list.
3. Validate services: cpstat mg.
4. Confirm GUI is accessible via SmartConsole.
5. Run: netstat -an | grep 19009 to ensure GUI port is open.
5.Task: Check Secure Internal Communication (SIC) status between Management Server and Gateway.
A. See the Explanation.
Answer: A
Explanation:
2/4
Download Valid Check Point 156-590 Exam Dumps For Best Preparation
1. On Management, open SmartConsole > Gateways.
2. Right-click the gateway > Test SIC status.
3. CLI: Run cp_conf sic state on the gateway.
4. Check logs in $FWDIR/log/sic.log.
5. Re-initialize SIC if needed via SmartConsole or CLI.
6.Task: Identify Threat Prevention logs in SmartConsole.
A. See the Explanation.
Answer: A
Explanation:
1. Open SmartConsole > Logs & Monitor.
2. Set a filter: blade:"IPS" or blade:"Anti-Bot".
3. Review recent events with timestamps.
4. Double-click logs for detailed packet info.
5. Verify policy name and action taken.
7.Task: Confirm proper DNS resolution from the Security Gateway.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into the Gateway.
2. Run: nslookup checkpoint.com.
3. Validate /etc/resolv.conf for correct DNS servers.
4. Test with dig or host command.
5. Ensure outbound UDP/53 traffic is not being blocked.
8.Task: Validate NTP synchronization on Security Gateway.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into the Gateway.
2. Run: ntpstat or ntpq -p.
3. Verify synchronization status is “synchronized.”
4. Confirm configured server in /etc/ntp.conf.
5. Ensure outbound UDP port 123 is open.
9.Task: Confirm Internet access from the Security Gateway.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into the Gateway.
2. Use curl https://www.google.com.
3. Check route table via netstat -rn or ip route.
4. Ensure DNS is resolving (as in Q07).
3/4
Download Valid Check Point 156-590 Exam Dumps For Best Preparation
5. Check NAT policy allows outbound Internet access.
10.Task: Validate Anti-Bot blade updates on the Gateway.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into the Gateway.
2. Run: cpstat threat-emulation and cpstat anti-bot.
3. Check SmartConsole > Gateways > Updates tab.
4. Validate signature update timestamps.
5. Ensure outbound connectivity to Check Point update servers.
11.Task: Troubleshoot policy installation failure.
A. See the Explanation.
Answer: A
Explanation:
1. In SmartConsole, attempt policy install again and note error.
2. View install_policy.elg in $FWDIR/log/.
3. Verify SIC is active.
4. Ensure policy contains no rulebase errors.
5. Re-push after resolving syntax or connectivity issues.
12.Task: Enable SSH and HTTP monitoring on Gateway.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into the Gateway.
2. Run: cpconfig and choose “Enable WebUI.”
3. Open firewall rule for ports 22 and 443.
4. Confirm access via browser and SSH client.
5. Check SmartConsole > Logs for connection attempts.
13.Task: Use CLI to check ThreatCloud status.
A. See the Explanation.
Answer: A
Explanation:
1. SSH into Gateway.
2. Run: tecli show cloud status.
3. Look for Status: Connected.
4. Check logs in /opt/CPsuite-R81/fw1/log/te.log.
5. Ensure outbound HTTPS to ThreatCloud servers is allowed.
4/4