Check Point Certified Security Administrator (CCSA) R81.20 — Question 145

In SmartEvent, a correlation unit (CU) is used to do what?

Answer options

• A. Receive firewall and other software blade logs in a region and forward them to the primary log server.
• B. Collect security gateway logs, index the logs and then compress the logs.
• C. Send SAM block rules to the firewalls during a DOS attack.
• D. Analyze log entries and identify events.

Correct answer: D

Explanation

The correct answer is D because the correlation unit in SmartEvent is specifically designed to analyze log entries and detect significant events. Options A, B, and C describe other functionalities that are not the primary purpose of a correlation unit, such as log forwarding, log compression, and rule dispatching.