ExamTopics Logo
Mail Us[email protected]
Menu
Checkpoint Discussions
exam questions

Exam 156-215.80 All Questions

View all questions & answers for the 156-215.80 exam
Go to Exam

Exam 156-215.80 topic 1 question 250 discussion

Actual exam question from Checkpoint's 156-215.80
Question #: 250
Topic #: 1
[All 156-215.80 Questions]

Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?

  • A. Change the Rule Base and install the Policy to all Security Gateways
  • B. Block Intruder feature of SmartView Tracker
  • C. Intrusion Detection System (IDS) Policy install
  • D. SAM ג€" Suspicious Activity Rules feature of SmartView Monitor
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Kelassal at Jan. 27, 2020, 12:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
babochnik
2 months ago
Selected Answer: D
in R76-R77 main tool SmartView Tracer - Block Intruder feature of SmartView Tracker in R80 main tool SmartView Monitor - SAM - Suspicious Activity Rules feature of SmartView Monitor
upvoted 4 times
...
djreymix
1 year ago
I think is D... Block Intruder apply in Smrt Tracker... in R80 Smrt Tracker is replaced for SmartLog
upvoted 1 times
...
vitera
1 year, 7 months ago
Suspicious Action Rules — In SmartView Monitor, suspicious network activity can be blocked while investigating the real risk or to quickly block an obvious intruder. CCSS R80 GUIDE P.509
upvoted 2 times
...
eww_cybr
2 years ago
key word is "enforces a strict change control policy", so block intruder is correct
upvoted 1 times
...
lohitnadimpalli
2 years, 2 months ago
The key word is "active connection" So Using Block Intruder SmartView Tracker allows you to terminate an active connection and block further connections from and to specific IP addresses.
upvoted 1 times
...
[Removed]
2 years, 3 months ago
Answer would be D
upvoted 3 times
...
Kelassal
2 years, 5 months ago
Why not D
upvoted 2 times
Nickname_00
2 years, 4 months ago
Good point. I believe in the question keyword is "quickly". Compare both the steps of block intruder and SAM yourself and you will know the answer. https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewTracker_AdminGuide/89751.htm https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewMonitor_AdminGuide/17670.htm
upvoted 2 times
C4rlos
2 years, 3 months ago
But there is no SmartViewTracker in R80, so I think answer is D.
upvoted 1 times
C4rlos
2 years, 2 months ago
Correction. SmartViewTacker is still available in R80, but SmartLog is the preferred option. SmartViewTracker can be found here C:\Program Files (x86)\CheckPoint\SmartConsole\R80.30\PROGRAM\CPlgv.exe
upvoted 2 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago