Check Point Certified Cloud Specialist (CCCS) R82 — Question 57

Some users from your organization have been reported some connection problems with CIFS since this morning. You suspect an IPS Issue after an automatic IPS update last night. So you want to perform a packet capture on uppercase I only directly after the IPS module (position 4 in the chain) to check if the packets pass the IPS. What command do you need to run?

Answer options

• A. fw monitor -ml -pl 5 -e <filterexpression>
• B. fw monitor -pi 5 -e <filterexpression>
• C. tcpdump -eni any <filterexpression>
• D. fw monitor -pl asm <filterexpression>

Correct answer: A

Explanation

The correct command is A because it specifies the correct position and parameters needed for capturing packets right after the IPS module. Option B is incorrect as it uses the wrong flag, while C is a general packet capture command that doesn't focus on the IPS module. Option D is also incorrect because it refers to a different monitoring mode that does not target the IPS specifically.