Check Point Certified Security Administrator (CCSA) R80 — Question 77

You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?

Answer options

• A. The POP3 rule is disabled.
• B. POP3 is accepted in Global Properties.
• C. The POP3 rule is hidden.
• D. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.

Correct answer: C

Explanation

The correct answer is C because the POP3 rule may be present but not visible in the Rule Base, which can happen if it is hidden. Option A is incorrect because if the rule were disabled, it wouldn't accept traffic. Option B is also incorrect as Global Properties settings don't handle individual rule visibility. Option D is misleading as it refers to the default mail object configuration and does not explain the absence of an explicit POP3 rule.