Check Point Certified Security Expert (CCSE) R80 — Question 179

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

Answer options

• A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
• B. Correlates all the identified threats with the consolidation policy.
• C. Collects syslog data from third party devices and saves them to the database.
• D. Connects with the SmartEvent Client when generating threat reports.

Correct answer: A

Explanation

The correct answer is A because the Correlation Unit's primary duty is to analyze incoming log entries and forward identified threats to the SmartEvent Server. Options B and C describe different functions related to threat correlation and data collection, while option D pertains to report generation, not the core function of the Correlation Unit.