156-582 시험 - Check Point실제시험문제와 답 - 75문항

Question No : 1

The Check Point FW Monitor tool captures and analyzes incoming packets at multiple points in the traffic inspections.
Which of the following is the correct inspection flow for traffic?

A.(i) - pre-inbound, (I) - post-inbound, (o) - pre-outbound, (O) - post-outbound
B.(o) - pre-outbound, (O) - post-inbound, (i) - pre-inbound, (I) - post-inbound
C.(O) - post-outbound, (o) - pre-outbound, (I) - post-inbound, (i) - pre-inbound
D.(1) - pre-inbound, (i) - post-inbound, (O) - pre-outbound, (o) - post-outbound

정답:
Explanation:
The correct inspection flow using fw monitor is:
(i) - pre-inbound: Before the packet enters the inbound processing path.
(I) - post-inbound: After the inbound processing.
(o) - pre-outbound: Before the packet enters the outbound processing path.
(O) - post-outbound: After the outbound processing.
This sequence ensures that packets are captured and analyzed at all critical points during their traversal through the firewall.

Question No : 2

You want to print the status of WatchDog-monitored processes.
What command best meets your needs?

A.cpwd_admin list
B.tcpdump
C.cppcap
D.cpplic print

정답:
Explanation:
The cpwd_admin list command is used to display the status of processes monitored by the WatchDog service in Check Point. WatchDog ensures that critical processes are running and restarts them if they fail, maintaining the stability and security of the gateway.

Question No : 3

Running tcpdump causes a significant increase in CPU usage, what other option should you use?

A.o
B.O
C.I
D.i

정답:
Explanation:
(Note: The provided multiple-choice options for this question appear to be incomplete or incorrect.
The best practice and commonly recommended alternative to tcpdump on Check Point to reduce CPU usage is cppcap. If we assume option "C" corresponds to using cppcap, we select that.)
Given the context, the correct answer is C, assuming it refers to cppcap. cppcap is optimized for packet capturing in Check Point environments and is less CPU-intensive compared to tcpdump.

Question No : 4

Check Point provides tools & commands to help you identify issues about products and applications.
Which Check Point command can help you display status and statistics information for various Check Point products and applications?

A.cpstat
B.CP-stat
C.CPview
D.fwstat

정답:
Explanation:
The cpstat command is a versatile tool provided by Check Point to display status and statistics for various Check Point products and applications. It offers insights into system performance, service statuses, and resource utilization, which are essential for diagnosing and resolving issues effectively.

Question No : 5

Which of the following allows you to capture packets at four inspection points as they traverse a Check Point gateway?

A.tcpdump
B.Firewall logs
C.Kernel debugs
D.fw monitor

정답:
Explanation:
The fw monitor tool allows packet capture at multiple inspection points within a Check Point gateway, typically four in total. This capability provides comprehensive visibility into how packets are processed as they move through different stages of the firewall's inspection chain, facilitating effective troubleshooting and analysis.

Question No : 6

After reviewing the Install Policy report and error codes listed in it, you need to check if the policy installation port is open on the Security Gateway.
What is the correct port to check?

A.19009
B.18190
C.18210
D.18191

정답:
Explanation:
Port 18191 is used by Check Point for communication between the Security Management Server and the Security Gateway during policy installations. Ensuring that this port is open and not blocked by any firewall rules is crucial for successful policy deployment. Other ports listed serve different
functions within the Check Point ecosystem.

Question No : 7

What is a primary advantage of using the fw monitor tool?

A.It is menu-driven, making it easy to configure
B.It can capture packets in various positions as they move through the firewall
C.It has no negative impact on firewall performance
D.It always captures all packets hitting the physical layer

정답:
Explanation:
The primary advantage of using the fw monitor tool is its ability to capture packets at multiple inspection points within the firewall's processing chain. This allows for detailed analysis of how packets are handled at different stages, facilitating effective troubleshooting and performance optimization. While fw monitor is efficient, it can still impact performance if not used judiciously, and it does not capture all physical layer traffic unless specifically configured to do so.

Question No : 8

Which of the following is true about tcpdump?

A.The tcpdump can only capture TCP packets and not UDP packets
B.A tcpdump session can be initiated from the SmartConsole
C.The tcpdump has to be run from clish mode in Gaia
D.Running tcpdump without the correct switches will negatively impact the performance of the Firewall

정답:
Explanation:
Running tcpdump without appropriate filtering or with verbose options can lead to excessive CPU usage and impact the performance of the firewall. It is essential to use specific switches and filters to limit the scope of the capture to necessary traffic only, thereby minimizing the performance overhead. Contrary to Option A, tcpdump can capture various types of packets, including TCP and UDP. Option B is incorrect as tcpdump is run from the command line, not initiated directly from SmartConsole. Option C is partially true but not as directly relevant as the impact on performance.

Question No : 9

Which of the following is a valid way to capture packets on Check Point gateways?

A.Firewall logs
B.Wireshark
C.tcpdump
D.Network taps

정답:
Explanation:
tcpdump is a valid and commonly used tool for capturing packets on Check Point gateways. It allows administrators to capture and analyze network traffic directly from the command line. While Wireshark can be used to analyze the captured packets, the actual capture is typically performed using tcpdump. Network taps are hardware devices and not software methods, and firewall logs provide event logging rather than packet-level capture.

Question No : 10

Running tcpdump causes a significant increase on CPU usage, what other option should you use?

A.fw monitor
B.Wait for out of business hours to do a packet capture
C.cppcap
D.You need to use tcpdump with -e option to decrease the length of packet in captures and it will utilize the less CPU

정답:
Explanation:
When tcpdump causes high CPU usage, an alternative is to use cppcap, which is optimized for capturing packets with lower CPU overhead in Check Point environments. cppcap is designed to work efficiently with Check Point's infrastructure, reducing the performance impact compared to generic tools like tcpdump.

Question No : 11

What is the most efficient way to view large fw monitor captures and run filters on the file?

A.snoop
B.CLI
C.CLISH
D.Wireshark

정답:
Explanation:
Wireshark is the most efficient tool for viewing large fw monitor capture files. It provides powerful filtering capabilities, a user-friendly interface, and detailed packet analysis features that make handling large datasets manageable. While CLI tools like snoop and fw monitor offer basic packet viewing, they lack the advanced filtering and visualization options that Wireshark provides.

Question No : 12

Which is the correct "fw monitor" syntax for creating a capture file for loading it into Wireshark?

A.fw monitor -e "accept <FILTER EXPRESSION*;" > Output.cap
B.This cannot be accomplished as it is not supported with R80.10
C.fw monitor -e "accept <FILTER EXPRESSION^" -o Output.cap
D.fw monitor -e "accept <FILTER EXPRESSION*;" -file Output.cap

정답:
Explanation:
The correct syntax for using fw monitor to create a capture file compatible with Wireshark involves specifying the filter expression and the output file with the .cap extension. Option D correctly uses the -e flag for the filter expression and the -file flag to specify the output file, ensuring the captured data can be seamlessly imported into Wireshark for analysis.

Question No : 13

Which Layer of the OSI Model is responsible for routing?

A.Network
B.Transport
C.Session
D.Data link

정답:
Explanation:
Routing decisions are made at the Network Layer (Layer 3) of the OSI model. This layer is responsible for determining the best path for data packets to travel from the source to the destination across multiple networks. Protocols like IP (Internet Protocol) operate at this layer, handling addressing and routing functions essential for network communication.

Question No : 14

Which of the following is NOT a way to insert fw monitor into the chain when troubleshooting
packets throughout the chain?

A.Relative position using id
B.Absolute position
C.Relative position using location
D.Relative position using alias

정답:
Explanation:
When using fw monitor for packet capture in Check Point environments, packets can be monitored at various points in the inspection chain. The insertion methods include specifying a relative position using an identifier (id), using an absolute position, or specifying the position based on location within the chain. However, using an alias to determine the relative position is not a recognized method for inserting fw monitor into the inspection chain.

Question No : 15

When opening a new Service Request, what feature is in place to help guide you through the process?

A.The SmartConsole Help feature
B.The TAC chat room
C.An SR wizard
D.An SR API

정답:
Explanation:
When opening a new Service Request (SR) in Check Point's User Center portal, an SR wizard guides users through the process. This wizard assists in collecting necessary information, categorizing the request appropriately, and ensuring that all required details are provided to expedite the resolution process. The SR wizard simplifies the SR creation process, making it more user-friendly and efficient.

Check Point 156-582 시험