Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Checkpoint
  3. 156-587

Checkpoint 156-587 Exam (page: 1)
Checkpoint Check Point Certified Troubleshooting Expert - R81.20
Updated on: 07-Nov-2025

Viewing Page 1 of 17
156-587 PDF 109 Questions

You run a free-command on a gateway and notice that the Swap column is not zero Choose the best answer

  1. Utilization of ram is high and swap file had to be used
  2. Swap file is used regularly because RAM memory is reserved for management traffic
  3. Swap memory is used for heavy connections when RAM memory is full
  4. Its ole Swap is used to increase performance

Answer(s): A



You modified kernel parameters and after rebooting the gateway, a lot of production traffic gets dropped and the gateway acts strangely What should you do"?

  1. Run command fw ctl set int fw1_kernel_all_disable=1
  2. Restore fwkem.conf from backup and reboot the gateway
  3. run fw unloadlocal to remove parameters from kernel
  4. Remove all kernel parameters from fwkem.conf and reboot

Answer(s): B

Explanation:

If you have modified kernel parameters (in fwkern.conf, for example) and the gateway starts dropping traffic or behaving abnormally after a reboot, the best practice is to restore the original or a known-good configuration from backup. Then, reboot again so that the gateway loads the last known stable settings.

Option A (fw ctl set int fw1_kernel_all_disable=1) is not a standard or documented method for "undoing" all kernel tweaks.

Option B (Restore fwkem.conf from backup and reboot the gateway) is the correct and straightforward approach.

Option C (fw unloadlocal) removes the local policy but does not revert custom kernel parameters that have already been loaded at boot.

Option D (Remove all kernel parameters from fwkem.conf and reboot) might help in some cases, but you risk losing other beneficial or necessary parameters if there were legitimate custom settings. Restoring from a known-good backup is safer and more precise.

Hence, the best answer:
"Restore fwkem.conf from backup and reboot the gateway."

Check Point Troubleshooting Reference sk98339 ­ Working with fwkern.conf (kernel parameters) in Gaia OS.

sk92739 ­ Advanced System Tuning in Gaia OS.

Check Point Gaia Administration Guide ­ Section on kernel parameters and system tuning.

Check Point CLI Reference Guide ­ Explanation of using fw ctl, fw unloadlocal, and relevant troubleshooting commands.



What process monitors terminates, and restarts critical Check Point processes as necessary?

  1. CPM
  2. FWD
  3. CPWD
  4. FWM

Answer(s): C

Explanation:

CPWD (Check Point WatchDog) is the process that monitors, terminates (if necessary), and restarts critical Check Point processes (e.g., FWD, FWM, CPM) when they stop responding or crash.

CPM (Check Point Management process) is a process on the Management Server responsible for the web-based SmartConsole connections, policy installations, etc.

FWD (Firewall Daemon) handles logging and communication functions in the Security Gateway.

FWM (FireWall Management) is an older reference to the management process on the Management Server for older versions.

Therefore, the best answer is CPWD.

Check Point Troubleshooting Reference sk97638: Check Point WatchDog (CPWD) process explanation and commands.

R81.20 Administration Guide ­ Section on CoreXL, Daemons, and CPWD usage.

sk105217: Best Practices ­ Explains system processes, how to monitor them, and how CPWD is utilized.



When dealing with monolithic operating systems such as Gaia where are system calls initiated from to achieve a required system level function?

  1. Kernel Mode
  2. Slow Path
  3. Medium Path
  4. User Mode

Answer(s): A



Which of the following commands can be used to see the list of processes monitored by the Watch Dog process?

  1. cpstat fw -f watchdog
  2. fw ctl get str watchdog
  3. cpwd_admin list
  4. ps -ef | grep watchd

Answer(s): C

Explanation:

To see the list of processes monitored by the WatchDog process (CPWD), you use the cpwd_admin list command.

Option A (cpstat fw -f watchdog): Shows firewall status and statistics for the "fw" context, not necessarily the list of monitored processes.

Option B (fw ctl get str watchdog): Not a valid parameter for retrieving the list of monitored processes; "fw ctl" deals with kernel parameters.

Option C (cpwd_admin list): Correct command that lists all processes monitored by CPWD, their status, and how many times they have been restarted.

Option D (ps -ef | grep watchd): This will list any running process that matches the string "watchd" but will not specifically detail which processes are being monitored by CPWD.

Therefore, the best answer is cpwd_admin list.

Check Point Troubleshooting Reference sk97638: Explains Check Point WatchDog (CPWD) usage and the cpwd_admin utility.

R81.20 CLI Reference Guide: Describes common troubleshooting commands including cpwd_admin list.

Check Point Gaia Administration Guide: Provides instructions for monitoring system processes and verifying CPWD.



Viewing Page 1 of 17



Share your comments for Checkpoint 156-587 exam with other users:

cert 9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
Anonymous


Yves 8/29/2023 8:46:00 PM

very inciting
Anonymous


Miguel 10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;
SPAIN


Byset 9/25/2023 12:49:00 AM

it look like real one
Anonymous


Debabrata Das 8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps
Anonymous


nITA KALE 8/22/2023 1:57:00 AM

i need dumps
Anonymous


CV 9/9/2023 1:54:00 PM

its time to comptia sec+
GREECE


SkepticReader 8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).
UNITED STATES


Nabin 10/16/2023 4:58:00 AM

helpful content
MALAYSIA


Blessious Phiri 8/15/2023 3:19:00 PM

oracle 19c is complex db
Anonymous


Sreenivas 10/24/2023 12:59:00 AM

helpful for practice
Anonymous


Liz 9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.
UNITED STATES


Namrata 7/15/2023 2:22:00 AM

helpful questions
Anonymous


lipsa 11/8/2023 12:54:00 PM

thanks for question
Anonymous


Eli 6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.
EUROPEAN UNION


open2exam 10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?
Anonymous


Gerald 9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam
UNITED STATES


ryo 9/10/2023 2:27:00 PM

very helpful
MEXICO


Jamshed 6/20/2023 4:32:00 AM

i need this exam
PAKISTAN


Roberto Capra 6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?
Anonymous


Synt 5/23/2023 9:33:00 PM

need to view
UNITED STATES


Vey 5/27/2023 12:06:00 AM

highly appreciate for your sharing.
CAMBODIA


Tshepang 8/18/2023 4:41:00 AM

kindly share this dump. thank you
Anonymous


Jay 9/26/2023 8:00:00 AM

link plz for download
UNITED STATES


Leo 10/30/2023 1:11:00 PM

data quality oecd
Anonymous


Blessious Phiri 8/13/2023 9:35:00 AM

rman is one good recovery technology
Anonymous


DiligentSam 9/30/2023 10:26:00 AM

need it thx
Anonymous


Vani 8/10/2023 8:11:00 PM

good questions
NEW ZEALAND


Fares 9/11/2023 5:00:00 AM

good one nice revision
Anonymous


Lingaraj 10/26/2023 1:27:00 AM

i love this thank you i need
Anonymous


Muhammad Rawish Siddiqui 12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.
SAUDI ARABIA


al 6/7/2023 10:25:00 AM

most answers not correct here
Anonymous


Bano 1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?
UNITED STATES


Oliviajames 10/25/2023 5:31:00 AM

i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!
UNITED STATES