Check Point Certified Cloud Specialist (CCCS) R82 — Question 34

Which is the correct “fw monitor” syntax for creating a capture file for loading it into WireShark?

Answer options

• A. fw monitor -e “accept<FILTER EXPRESSION>;” >> Output.cap
• B. This cannot be accomplished as it is not supported with R80.10
• C. fw monitor -e “accept<FILTER EXPRESSION>;” -file Output.cap
• D. fw monitor -e “accept<FILTER EXPRESSION>;” -o Output.cap

Correct answer: D

Explanation

The correct answer is D because the '-o' option is used to specify the output file for the capture. Option A incorrectly uses '>>', which appends to a file rather than specifying it, while option C uses '-file', which is not a valid syntax for 'fw monitor'. Option B is incorrect as it asserts that this functionality is unsupported, which is not true.