Question 1

You want to print the status of WatchDog-monitored processes. What command best meets your needs?

Acpwd_admin list

Btcpdump

Ccppcap

Dcpplic print

Answer : A

The cpwd_admin list command is used to display the status of processes monitored by the WatchDog service in Check Point. WatchDog ensures that critical processes are running and restarts them if they fail, maintaining the stability and security of the gateway.

Question 2

The Check Point FW Monitor tool captures and analyzes incoming packets at multiple points in the traffic inspections. Which of the following is the correct inspection flow for traffic?

A(i) - pre-inbound, (I) - post-inbound, (o) - pre-outbound, (O) - post-outbound

B(o) - pre-outbound, (O) - post-inbound, (i) - pre-inbound, (I) - post-inbound

C(O) - post-outbound, (o) - pre-outbound, (I) - post-inbound, (i) - pre-inbound

D(1) - pre-inbound, (i) - post-inbound, (O) - pre-outbound, (o) - post-outbound

Answer : A

The correct inspection flow using fw monitor is:

(i) - pre-inbound: Before the packet enters the inbound processing path.

(I) - post-inbound: After the inbound processing.

(o) - pre-outbound: Before the packet enters the outbound processing path.

(O) - post-outbound: After the outbound processing.

This sequence ensures that packets are captured and analyzed at all critical points during their traversal through the firewall.

Question 3

What does the FWD daemon instruct the gateway to do when communication issues between the gateway and SMS/Log Server occur?

AIt instructs the gateway to continue forwarding logs to SMS/Log Server and the logs will be stored in a holding queue for the server until communication is restored.

BIt instructs the gateway to stop logging until it can restore communication.

CIt instructs the gateway to store logs locally as it continues to try to restore communication.

DIt instructs the gateway to only log a specified number of logs as defined in the Security Policy.

Answer : C

When there are communication issues between the Security Gateway and the Security Management Server (SMS)/Log Server, the FWD daemon directs the gateway to store logs locally. This ensures that logging continues without interruption, and the logs are queued until communication with the SMS/Log Server is re-established, preventing any loss of log data.

Question 4

You tested the connection from source to destination and you are not able to find logs in your Security Management. What is the best possible reason?

AThe FWM process crashed on Security Management, therefore logging will not work.

BThere is not enough storage in Security Management, so the logs can't be stored.

CThe logging blade was not enabled on Security Gateway.

DThe gateway is logging locally.

Answer : C

If logs are not appearing in the Security Management despite successful traffic flow, the most likely reason is that the logging blade is not enabled on the Security Gateway. Without enabling the logging functionality, the gateway will not send logs to the Security Management Server, even though the traffic itself is passing through successfully.

Question 5

You need to switch the active log file on the Security Gateway. What is the correct command?

Afw -p -o <log file> switch

Bfw logswitch

CInstall security policy

Dfw switchlog

Answer : B

The fw logswitch command is used to switch the active log file on a Check Point Security Gateway. This command forces the gateway to start writing logs to a new file, which is useful for log management and troubleshooting purposes. Other options listed are either incorrect or do not perform the log-switching function.

Free Practice Questions for CheckPoint 156-582 Exam

Question 1

Question 2

Question 3

Question 4

Question 5