Check Point Certified Security Administrator (CCSA) R81 — Question 73

Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1?

Answer options

• A. src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop
• B. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop
• C. 192.168.1.1 AND 172.26.1.1 AND drop
• D. 192.168.1.1 OR 172.26.1.1 AND action:Drop

Correct answer: B

Explanation

The correct answer, B, specifies both the source and destination addresses along with the action of dropping packets, ensuring that only the relevant packets are displayed. Option A incorrectly uses 'OR', which would include packets from either address, not both. Options C and D lack the correct syntax and do not explicitly define the action as 'Drop' for both addresses.