Check Point Certified Security Expert (CCSE) R81 — Question 242

What is the benefit of "fw monitor" over "tcpdump"?

Answer options

• A. "fw monitor" is also available for 64-Bit operating systems.
• B. "fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.
• C. "fw monitor" reveals Layer 2 information, while "tcpdump" acts at Layer 3.
• D. With "fw monitor", you can see the inspection points, which cannot be seen in "tcpdump".

Correct answer: D

Explanation

'fw monitor' is superior because it provides visibility into inspection points, offering insights that 'tcpdump' fails to display. While the other options mention valid features or capabilities, they do not highlight the unique advantage of seeing inspection points, which is crucial for understanding traffic flow and inspection in security environments.