Check Point Certified Security Expert (CCSE) R80 — Question 205

Is the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is send back through the kernel?

Answer options

• A. Nothing
• B. TCP FIN
• C. TCP RST
• D. ICMP unreachable

Correct answer: A

Explanation

The correct answer is A because when a UDP packet is dropped due to a security rule, no response is sent back to the sender. The other options are incorrect as TCP FIN and TCP RST are specific to TCP sessions, and ICMP unreachable is used for unreachable destinations, not for UDP packet rejections.