To increase security, the administrator has modified the Core protection 'Host Port Scan' from 'Medium' to 'High' Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?
To increase security, the administrator has modified the Core protection 'Host Port Scan' from 'Medium' to 'High' Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?
When modifying the sensitivity of the 'Host Port Scan' feature, you are dealing with changes that involve both access control and threat prevention measures. Both these policies need to be updated to implement the changes effectively. This ensures that the new security settings for detecting and responding to port scans are applied across relevant parts of the system, encompassing both access control measures and threat prevention features.
https://sc1.checkpoint.com/documents/R80.30/SmartConsole_OLH/EN/html_frameset.htm?topic=documents/R80.30/SmartConsole_OLH/EN/M0dJyXtObiXDtT11ShxxwQ2 The IPS protections are divided into two main types: Core protections - These protections are included in the product and are assigned per gateway. They are part of the Access Control policy.
D is correct, When dealing with Host Port Scan settings within the Threat Prevention policy, you are addressing a specific security threat related to scanning activities. In this case, the Host Port Scan feature is part of the threat prevention measures and would be configured within the Threat Prevention policy.
When you modify settings in the Core Protection, such as the sensitivity level for the "Host Port Scan" feature from 'Medium' to 'High,' you are making changes to the Threat Prevention policy. The Threat Prevention policy is where security administrators configure and manage settings related to various threat prevention features, including Host Port Scan. To apply the changes you've made in the Threat Prevention policy, you will need to install the Threat Prevention policy. The installation process ensures that the updated policy configurations take effect on the relevant security gateways and enforcement points within your Check Point environment.
B - Core protections modifications require an access control policy installation.
"Core Protections are configured by selecting the inspection Settings hyperlink in the Threat Prevention Policy. However, they are installed as part of the Access Control Policy
I tested in lab and when i install policy appears modification in The Access Control and Threat Prevention Policies, than the correct in my opnion is /"A"
Threat prevention policy installation is required
D is correct, Host scan is on IPS blade which is part of the Treat Prevention Policy