ExamTopics Logo
Mail Us[email protected]
Menu
Checkpoint Discussions
exam questions

Exam 156-587 All Questions

View all questions & answers for the 156-587 exam
Go to Exam

Exam 156-587 topic 1 question 81 discussion

Actual exam question from Checkpoint's 156-587
Question #: 81
Topic #: 1
[All 156-587 Questions]

Which of the following inputs is suitable for debugging HTTPS inspection issues?

  • A. vpn debug cptls on
  • B. fw debug tls on TDERROR_ALL_ALL=5
  • C. fw ctl debug -m fw + conn drop cptls
  • D. fw diag debug tls enable
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Secentity at May 17, 2025, 12:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
keikei1228
3 weeks, 5 days ago
Selected Answer: C
The "cptls" flag in kernel debugging (fw ctl debug) is used to debug Check Point's TLS (Transport Layer Security) module, which is responsible for handling encrypted traffic, such as HTTPS, during inspection. This flag is particularly useful when troubleshooting issues related to HTTPS Inspection, SSL/TLS handshakes, or any encrypted traffic processing by the firewall. # fw ctl debug -m fw + conn drop cptls This command enables debugging for the "cptls" module in the kernel. To get detailed output, you can combine it with other flags like "conn" (connections) or "drop" (dropped packets).
upvoted 1 times
...
Secentity
1 month, 3 weeks ago
Selected Answer: C
R81.20, page 350/351
upvoted 2 times
Abrieg
1 week, 5 days ago
Generic kernel debug; not focused on HTTPS Inspection - answer is B
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel