Check Point Certified Security Administrator (CCSA) R81 — Question 29

In SmartEvent, a correlation unit (CU) is used to do what?

Answer options

• A. Collect security gateway logs, Index the logs and then compress the logs.
• B. Receive firewall and other software blade logs in a region and forward them to the primary log server.
• C. Analyze log entries and identify events.
• D. Send SAM block rules to the firewalls during a DOS attack.

Correct answer: C

Explanation

The correct answer is C because the primary function of a correlation unit (CU) is to analyze log entries and identify significant events. Options A and B focus on log collection and forwarding, which are not the main tasks of a CU, while option D pertains to actions taken during a DOS attack, unrelated to the core analysis function.