Check Point Certified Security Administrator (CCSA) R80 — Question 59

Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?

Answer options

• A. Change the Rule Base and install the Policy to all Security Gateways
• B. Block Intruder feature of SmartView Tracker
• C. Intrusion Detection System (IDS) Policy install
• D. SAM ג€" Suspicious Activity Rules feature of SmartView Monitor

Correct answer: D

Explanation

The SAM – Suspicious Activity Rules feature of SmartView Monitor is designed specifically to identify and quickly respond to suspicious activities, making it the most effective choice for dropping an attacker's connection. The other options involve broader changes or monitoring that may not provide the immediate response needed in this scenario.