Check Point Certified Security Administrator (CCSA) R81.20 — Question 156

You have discovered suspicious activity in your network. What is the BEST immediate action to take?

Answer options

• A. Wait until traffic has been identified before making any changes.
• B. Contact your ISP to request them to block the traffic.
• C. Create a Suspicious Activity Monitoring (SAM) rule to block that traffic.
• D. Create a new policy rule to block the traffic.

Correct answer: C

Explanation

Creating a Suspicious Activity Monitoring (SAM) rule is the best immediate action because it allows you to directly address the suspicious traffic and block it effectively. Waiting for traffic identification or contacting your ISP may lead to delays in mitigating the threat, while a new policy rule might not be as specifically targeted as a SAM rule.