Check Point Certified Security Expert (CCSE) R80 — Question 136

SmartEvent does NOT use which of the following procedures to identify events:

Answer options

• A. Matching a log against each event definition
• B. Create an event candidate
• C. Matching a log against local exclusions
• D. Matching a log against global exclusions

Correct answer: C

Explanation

The correct answer is C because SmartEvent does not use local exclusions when identifying events. Instead, it relies on matching logs against event definitions, creating event candidates, and utilizing global exclusions.