ExamGecko
Search Search Login
Home Home / Checkpoint / 156-215.81
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What needs to be configured if the NAT property 'Translate destination on client side' is not enabled in Global properties?
Which is a suitable command to check whether Drop Templates are activated or not?
Which Check Point software blade provides Application Security and identity control?
How are the backups stored in Check Point appliances?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.
Which of the following is true about Stateful Inspection?
What is the main difference between Threat Extraction and Threat Emulation?
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
When should you generate new licenses?

Question 102 - 156-215.81 discussion

Report
Export

You have discovered suspicious activity in your network. What is the BEST immediate action to take?

A.
Create a policy rule to block the traffic.
Answers
A.
Create a policy rule to block the traffic.
B.
Create a suspicious action rule to block that traffic.
Answers
B.
Create a suspicious action rule to block that traffic.
C.
Wait until traffic has been identified before making any changes.
Answers
C.
Wait until traffic has been identified before making any changes.
D.
Contact ISP to block the traffic.
Answers
D.
Contact ISP to block the traffic.
Suggested answer: B

Explanation:

The BEST immediate action to take when you have discovered suspicious activity in your network is to create a suspicious action rule to block that traffic.A suspicious action rule is a special type of rule that is triggered when a predefined condition is met, such as a malicious file download, a ransomware attack, or a data exfiltration attempt13. A suspicious action rule can block the traffic, quarantine the source, or send an alert to the administrator. Creating a policy rule to block the traffic may not be effective if the traffic does not match the rule criteria or if the policy installation is delayed. Waiting until traffic has been identified before making any changes may allow the threat to spread or cause more damage. Contacting ISP to block the traffic may not be feasible or timely, and may also affect legitimate traffic.

Reference:Check Point R81 Security Gateway Technical Administration Guide,Check Point CCSA - R81: Practice Test & Explanation | Udemy

Show Answer
asked 16/09/2024
ahmad hafiz
35 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms