Check Point Certified Security Administrator (CCSA) R81 — Question 154

You have discovered suspicious activity in your network. What is the BEST immediate action to take?

Answer options

• A. Contact your ISP to request them to block the traffic.
• B. Wait until traffic has been identified before making any changes.
• C. Create a new policy rule to block the traffic.
• D. Create a Suspicious Activity Monitoring (SAM) rule to block that traffic.

Correct answer: D

Explanation

Creating a Suspicious Activity Monitoring (SAM) rule to block the traffic is the most effective immediate action because it directly addresses the suspicious activity. Contacting your ISP or waiting to analyze the traffic does not provide an immediate solution to the potential threat. While creating a new policy rule might help, it may not be as targeted or efficient as a SAM rule specifically designed for monitoring suspicious behavior.