Check Point Certified Security Expert (CCSE) R80 — Question 223

When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?

Answer options

• A. If the Action is Accept, the gateway allows the packet to pass through the gateway.
• B. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
• C. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
• D. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.

Correct answer: C

Explanation

The correct answer is C because when a packet is accepted, the gateway does not need to check further rules in the next Policy Layer, as it has already processed the packet according to the match. Options A and B are incorrect because they misrepresent the behavior following an Accept or Drop action, and option D is misleading as it does not accurately describe the process following a Drop action.