Exam 156-215.81 topic 1 question 46 discussion

I would vote for Suspicious Activity Monitor. If changing the policy is not possible, a fast SAM rule can block any unwanted traffic. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm

Monitoring Suspicious Activity Rules Suspicious Activity Monitoring (SAM) is a utility that is integrated in SmartView Monitor. It can be used to block activities that are displayed in the SmartView Monitor results and appear to be suspicious. For example, a user who continually tries to gain unauthorized access to a network or Internet resource can be blocked. A Security Gateway with SAM enabled has Firewall rules to block suspicious connections that are not restricted by the Security Policy. These rules are applied immediately. Installing policy is not required. SAM rules allow administrators to react to a security problem without having to change the Firewall rules of the Access Control Rule Base. This is useful in cases where a specific user needs to be instantly blocked. All inbound and outbound network activity should be inspected and identified as suspicious when necessary, such as when system activity indicates that someone is attempting to break into the network.

you can do this with SAM

SAM It is I had same question in my pearsonvue practice test answer is SAM

SAM it is...

I've noticed a lot of the "show suggested answer" are incorrect. I am doing some studying with testing question software and I've searched the questions to confirm if they are right or not. I've been doing CP for many years and I know the answer, but see they said something else. So it got me to question if I was right or what. So on my study question I'm doing it says the correct answer is "policy-based routing". This site says it's "Anti-Malware protection". I personally thought it was SAM and that is why I looked it up and I see everyone else is saying the same thing. Has anyone taken the R81 test and gotten these questions? Are you using your own correct answer, or do you go with the ones that they are saying on here or other testing software?

Check Point Certified Security Administrator (CCSA) R81.10 guide (page 595): "SAM rules let administrators react to a security problem without having to change the Firewall rules of the Access Control Rulebase. This is useful in cases where a specific user needs to be instantly blocked."

SAM you can block networks OR HOSTS/ 32 on the fly without installing policy - ANS =D

SAM is correct

SAM is correct

SAM is correct

D is correct