Check Point Certified Security Expert (CCSE) R80 — Question 40

The Correlation Unit performs all but the following actions:

Answer options

• A. Marks logs that individually are not events, but may be part of a larger pattern to be identified later.
• B. Generates an event based on the Event policy.
• C. Assigns a severity level to the event.
• D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

Correct answer: C

Explanation

The correct answer is C because the Correlation Unit does not assign severity levels to events; this task typically falls to other components in the system. Options A, B, and D describe functions that the Correlation Unit is responsible for, such as marking logs, generating events, and adding log entries to ongoing events.