Check Point Certified Security Administrator (CCSA) R80 — Question 211

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host.
You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?

Answer options

• A. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
• B. Select Block intruder from the Tools menu in SmartView Tracker.
• C. Create a Suspicious Activity Rule in Smart Monitor.
• D. Add a temporary rule using SmartDashboard and select hide rule.

Correct answer: C

Explanation

The correct answer is C because creating a Suspicious Activity Rule in Smart Monitor allows you to block traffic without modifying the Rule Base directly. Option A involves altering configuration files, which is not ideal for temporary measures. Option B does not provide the control needed to block traffic for a specified duration, while option D would introduce a new rule, contrary to the requirement of not adding rules.