Free 156-582 Exam Braindumps (page: 6)

Page 5 of 20

Which of the following is a valid way to capture packets on Check Point gateways?

  1. Firewall logs
  2. Wireshark
  3. tcpdump
  4. Network taps

Answer(s): C

Explanation:

tcpdump is a valid and commonly used tool for capturing packets on Check Point gateways. It allows administrators to capture and analyze network traffic directly from the command line.
While Wireshark can be used to analyze the captured packets, the actual capture is typically performed using tcpdump. Network taps are hardware devices and not software methods, and firewall logs provide event logging rather than packet-level capture.



Which of the following is true about tcpdump?

  1. The tcpdump can only capture TCP packets and not UDP packets
  2. A tcpdump session can be initiated from the SmartConsole
  3. The tcpdump has to be run from clish mode in Gaia
  4. Running tcpdump without the correct switches will negatively impact the performance of the Firewall

Answer(s): D

Explanation:

Running tcpdump without appropriate filtering or with verbose options can lead to excessive CPU usage and impact the performance of the firewall. It is essential to use specific switches and filters to limit the scope of the capture to necessary traffic only, thereby minimizing the performance overhead. Contrary to Option A, tcpdump can capture various types of packets, including TCP and UDP. Option B is incorrect as tcpdump is run from the command line, not initiated directly from SmartConsole. Option C is partially true but not as directly relevant as the impact on performance.



What is a primary advantage of using the fw monitor tool?

  1. It is menu-driven, making it easy to configure
  2. It can capture packets in various positions as they move through the firewall
  3. It has no negative impact on firewall performance
  4. It always captures all packets hitting the physical layer

Answer(s): B

Explanation:

The primary advantage of using the fw monitor tool is its ability to capture packets at multiple inspection points within the firewall's processing chain. This allows for detailed analysis of how packets are handled at different stages, facilitating effective troubleshooting and performance optimization.
While fw monitor is efficient, it can still impact performance if not used judiciously, and it does not capture all physical layer traffic unless specifically configured to do so.



After reviewing the Install Policy report and error codes listed in it, you need to check if the policy installation port is open on the Security Gateway.
What is the correct port to check?

  1. 19009
  2. 18190
  3. 18210
  4. 18191

Answer(s): D

Explanation:

Port 18191 is used by Check Point for communication between the Security Management Server and the Security Gateway during policy installations. Ensuring that this port is open and not blocked by any firewall rules is crucial for successful policy deployment. Other ports listed serve different functions within the Check Point ecosystem.






Post your Comments and Discuss Checkpoint 156-582 exam with other Community members:

156-582 Discussions & Posts