A financial services company is experiencing intermittent failures with their Management High Availability (MHA) synchronization. The primary Security Management Server (SMS) reports 'synchronization is running', but the secondary SMS shows a 'collision' state and fails to become active. A network trace reveals no packet loss between the management servers. Which initial command should a troubleshooting expert run on the primary SMS to diagnose the cause of the collision state?
During a performance audit of a Check Point R81.20 cluster, an administrator observes that traffic for a high-volume, trusted internal application is being handled by the Firewall Worker (fwk) processes instead of being accelerated by SecureXL. The rule for this traffic is placed at the top of the policy, and logs confirm it is being matched. Which of the following is the MOST likely reason for this behavior?
A hospital's security team is troubleshooting an Identity Awareness issue where physicians using shared workstations cannot be uniquely identified, causing incorrect policy application. The current setup uses AD Query. The goal is to force each user to authenticate when they access a specific set of clinical research portals, regardless of any existing session from a previous user on the same machine. Which configuration change would BEST achieve this requirement?
A user is unable to connect to the corporate network using the Check Point Mobile Access VPN client. The connection fails during the key negotiation phase. The administrator runs `vpn debug trunc` on the Security Gateway and captures the IKE debug logs. The output contains the message: `NO_PROPOSAL_CHOSEN`. What are the two MOST likely causes of this error? (Select TWO).
An administrator is troubleshooting a slow policy installation process to a remote Security Gateway. Which two processes on the Security Management Server are primarily responsible for compiling the policy and transferring it to the gateway? (Select TWO).
A kernel debug using `fw ctl zdebug` is being performed on a production gateway to diagnose a connectivity issue. The administrator is concerned about the performance impact and wants to ensure the debug buffer does not overwrite important initial data too quickly. What is the correct command to increase the kernel debug buffer size to 2048 KB?
True or False: When troubleshooting Identity Awareness, the `pdp` process runs on the Security Gateway (PEP) and is responsible for enforcing the identity-based policy.
A retail company has deployed Check Point firewalls at its headquarters (HQ) and multiple branch offices. They are experiencing issues where the Site-to-Site VPN tunnels between HQ and the branches flap intermittently. The administrator suspects a Dead Peer Detection (DPD) issue. Which command should be used on the Security Gateway to view the current DPD timers and status for active tunnels?
An administrator notices that the `/var/log/` partition on a Security Gateway is filling up rapidly with `fw.log` files. The gateway is configured to send logs to a dedicated Log Server, and connectivity between the two is stable. What is the MOST likely cause for the local logging?
A consultant is tasked with troubleshooting a complex application performance issue through a Check Point cluster. The traffic is encrypted (HTTPS) and uses multiple, short-lived TCP sessions. The consultant needs to see the full, unencrypted payload and correlate it with kernel-level decisions like NAT and routing for specific packets. Which combination of tools would be the MOST effective for this task?