Check Point Certified Security Administrator (CCSA) R80 — Question 366

SmartEvent does NOT use which of the following procedures to identity events:

Answer options

• A. Matching a log against each event definition
• B. Create an event candidate
• C. Matching a log against local exclusions
• D. Matching a log against global exclusions

Correct answer: C

Explanation

The correct answer is C because SmartEvent does not employ local exclusions in its event identification process. Instead, it focuses on matching logs with event definitions, generating event candidates, and applying global exclusions.