What is the BEST immediate action to take?

156-215.81.20 V1 0 Comments

You have discovered suspicious activity in your network.

What is the BEST immediate action to take?
A . Create a policy rule to block the traffic.
B . Create a suspicious action rule to block that traffic.
C . Wait until traffic has been identified before making any changes.
D . Contact ISP to block the traffic.

Answer: B

Explanation:

The BEST immediate action to take when you have discovered suspicious activity in your network is to create a suspicious action rule to block that traffic. A suspicious action rule is a special type of rule that is triggered when a predefined condition is met, such as a malicious file download, a ransomware attack, or a data exfiltration attempt13. A suspicious action rule can block the traffic, quarantine the source, or send an alert to the administrator. Creating a policy rule to block the traffic may not be effective if the traffic does not match the rule criteria or if the policy installation is delayed. Waiting until traffic has been identified before making any changes may allow the threat to spread or cause more damage. Contacting ISP to block the traffic may not be feasible or timely, and may also affect legitimate traffic.

Reference: Check Point R81 Security Gateway Technical Administration Guide, Check Point CCSA – R81: Practice Test & Explanation | Udemy

Latest 156-215.81.20 Dumps Valid Version with 369 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 156-215.81.20 PDF     156-215.81.20 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments