Check Point Certified Security Administrator (CCSA) R80 — Question 144

When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?

Answer options

• A. If the Action is Accept, the gateway allows the packet to pass through the gateway.
• B. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
• C. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
• D. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.

Correct answer: C

Explanation

The correct answer is C because when a packet is accepted, the gateway does not continue checking further rules in the next Policy Layer; it effectively ends the rule checking process. Options A and D are incorrect as they misrepresent the actions taken for Accept and Drop actions, respectively, while B is incorrect because the gateway does not check further rules after a Drop action in the same layer.