Check Point Certified Security Expert (CCSE) R80 — Question 122

During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?

Answer options

• A. Host having a Critical event found by Threat Emulation
• B. Host having a Critical event found by IPS
• C. Host having a Critical event found by Antivirus
• D. Host having a Critical event found by Anti-Bot

Correct answer: D

Explanation

The correct answer is D because Anti-Bot events typically indicate compromised systems that are actively participating in botnet activities, which poses an immediate threat. While the other events are serious, they may not represent ongoing malicious activity as directly as an Anti-Bot event does.