Check Point Certified Security Administrator (CCSA) R81.20 — Question 149

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?

Answer options

• A. Anti-Bot protection
• B. Suspicious Activity Monitoring (SAM) rules
• C. Anti-Malware protection
• D. Policy-based routing

Correct answer: B

Explanation

The correct answer is B, as Suspicious Activity Monitoring (SAM) rules can be employed to block traffic from identified malicious hosts without altering the firewall policy. Options A and C relate to protection mechanisms that do not specifically block traffic from a host. Option D refers to traffic management rather than blocking malicious activity.