Check Point Certified Security Expert (CCSE) R80 — Question 160

Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.

Answer options

• A. Better understand the behavior of the Access Control Policy
• B. Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base
• C. Automatically rearrange Access Control Policy based on Hit Count Analysis
• D. Analyze a Rule Base - You can delete rules that have no matching connections

Correct answer: C

Explanation

The correct answer is C because Hit Count does not have the capability to automatically rearrange rules; it requires manual intervention. Options A, B, and D explain valid benefits of Hit Count, such as understanding policy behavior, improving performance by repositioning rules, and aiding in the removal of ineffective rules.