Check Point Certified Security Administrator (CCSA) R81.20 — Question 17

A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?

Answer options

• A. Security Zones are not supported by Check Point firewalls.
• B. The firewall rule can be configured to include one or more subnets in a zone.
• C. The zone is based on the network topology and determined according to where the interface leads to.
• D. The local directly connected subnet defined by the subnet IP and subnet mask.

Correct answer: C

Explanation

The correct answer, C, accurately reflects that a zone is established based on the network topology and the destination of the interface. Option A is incorrect because Check Point firewalls do support Security Zones. Option B is misleading as it pertains to firewall rules rather than the definition of the zone itself, and option D is too specific, focusing only on directly connected subnets rather than the overall zone concept.