Check Point Certified Security Administrator (CCSA) R81 — Question 57

When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take?

Answer options

• A. SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.
• B. The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall.
• C. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command 'sam block' must be used with the right parameters.
• D. The administrator should open the LOGS & MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.

Correct answer: A

Explanation

The correct answer is A because it states that the administrator can use SmartView Monitor to immediately apply the SAM rules without requiring a policy installation. Option B is incorrect since it implies additional steps like adding policy types and publishing changes, which are unnecessary for immediate application. Option C is wrong as it involves CLI commands, which are not needed in this context. Option D is also incorrect because it suggests a method that relies on logs instead of directly applying the rule through SmartView Monitor.