Check Point Certified Security Expert (CCSE) R81 — Question 326

Hit Count is a feature to track the number of connections that each rule matches, which one is not a benefit of Hit Count.

Answer options

• A. Better understand the behavior of the Access Control Policy
• B. Improve Firewall performance - You can move a rule that has a high hit count to a higher position in the Rule Base
• C. Automatically rearrange Access Control Policy based on Hit Count Analysis.
• D. Analyze a Rule Base - You can delete rules that have no matching connections

Correct answer: C

Explanation

The correct answer is C because Hit Count does not have the capability to automatically rearrange the Access Control Policy. Options A, B, and D are all valid benefits of using Hit Count, as they help in understanding rule behavior, improving performance, and analyzing which rules are unnecessary.