nerdexam
Check_Point

156-581 · Question #78

156-581 Question #78: Real Exam Question with Answer & Explanation

The correct answer is B. it is required to verify if a packet is dropped or changed after inspection by a certain kernel. See the full explanation below for the reasoning.

Question

The tcpdump and fw monitor commands can both be used to capture packets on the security gateway. While troubleshooting an issue one may choose to use fw monitor but not tcpdump?

Options

  • Athe traffic needs to be captured to a pcap file for later analysis in wireshark
  • Bit is required to verify if a packet is dropped or changed after inspection by a certain kernel
  • Cthe capture process needs to be automated using shell script
  • Dtraffic needs to be filtered based on source port

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 156-581 Practice