CheckPoint Exam 156-587 Topic 5 Question 13 Discussion

When a Security Gateway performs a URL lookup and the URL is not found in the local caches, a request for online categorization is necessary. This process involves the Resource Advisor Daemon (RAD), which has components in both kernel space and user space.

Based on descriptions of the URL Filtering categorization process (often cited in CCTE R81.20 materials):

A client (internal component, potentially the URLF Kernel Client or a similar kernel module handling the traffic) initiates a URL lookup.

The URL is first checked against kernel caches.

If the URL is not found in the kernel cache (a cache miss), the RAD kernel component is notified.

The client component then typically sends an asynchronous request to the RAD kernel component.

The RAD Kernel Space component is then responsible for forwarding this request to the RAD User Space module.

The RAD User Space module handles the actual online categorization, often by querying the URLF Online Service (Check Point's cloud-based categorization service).

The result is then returned, and the kernel cache is updated.

The question asks where the sync-request (or a request requiring immediate online lookup) is forwarded from. In this flow, the RAD Kernel Space acts as the intermediary that forwards the request from the initial kernel-level lookup mechanism to the user-space RAD process for further handling.

Supporting Information (derived from CCTE R81.20 related materials/discussions):

The typical flow for URL categorization when an online lookup is needed involves these steps:

'The kernel cache notifies the RAD kernel of hits and misses.'

'The client sends an a-sync request back to RAD if the URL was not found.' (This request goes to the RAD Kernel Space).

'The a-sync request is forwarded to the RAD User space via the RAD kernel for online categorization.'

This indicates that the RAD Kernel (RAD Kernel Space) is the component that forwards the request to the RAD User Space.

Therefore, if a sync-request (a request needing immediate online lookup) is required, it is forwarded from the RAD Kernel Space to the RAD User Space.

Reference Context (based on CCTE R81.20 materials and general Check Point URL Filtering architecture):

Discussions and explanations related to Check Point Certified Troubleshooting Expert (CCTE) R81.20 curriculum often detail this RAD architecture. For example, study materials might state: 'RAD has a kernel module that looks up the kernel cache, notifies client about hits and misses and forwards a-sync requests to RAD user space module which is responsible for online categorization.' The 1 'RAD kernel module' corresponds to the RAD Kernel Space, and it is this component that performs the forwarding action to the RAD User Space.(Exact page numbers like 'CCTE R81.20, p338/339' have been referenced in public CCTE exam discussions pointing to this flow)