A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?
If firewall policy changes cannot be made at the moment, the best tool to use for blocking traffic from a malicious host is Suspicious Activity Monitoring (SAM) rules. SAM rules enable administrators to instantly block specific users or hosts without modifying the firewall rules. These rules are immediately applied and do not require installing a new policy, making them suitable for rapid response in situations where policy changes are restricted.
I would vote for Suspicious Activity Monitor. If changing the policy is not possible, a fast SAM rule can block any unwanted traffic. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm
I agree answer D
Check Point Certified Security Administrator (CCSA) R81.10 guide (page 595): "SAM rules let administrators react to a security problem without having to change the Firewall rules of the Access Control Rulebase. This is useful in cases where a specific user needs to be instantly blocked."
D is correct
Monitoring Suspicious Activity Rules Suspicious Activity Monitoring (SAM) is a utility that is integrated in SmartView Monitor. It can be used to block activities that are displayed in the SmartView Monitor results and appear to be suspicious. For example, a user who continually tries to gain unauthorized access to a network or Internet resource can be blocked. A Security Gateway with SAM enabled has Firewall rules to block suspicious connections that are not restricted by the Security Policy. These rules are applied immediately. Installing policy is not required. SAM rules allow administrators to react to a security problem without having to change the Firewall rules of the Access Control Rule Base. This is useful in cases where a specific user needs to be instantly blocked. All inbound and outbound network activity should be inspected and identified as suspicious when necessary, such as when system activity indicates that someone is attempting to break into the network.
you can do this with SAM
SAM It is I had same question in my pearsonvue practice test answer is SAM
SAM it is...
I've noticed a lot of the "show suggested answer" are incorrect. I am doing some studying with testing question software and I've searched the questions to confirm if they are right or not. I've been doing CP for many years and I know the answer, but see they said something else. So it got me to question if I was right or what. So on my study question I'm doing it says the correct answer is "policy-based routing". This site says it's "Anti-Malware protection". I personally thought it was SAM and that is why I looked it up and I see everyone else is saying the same thing. Has anyone taken the R81 test and gotten these questions? Are you using your own correct answer, or do you go with the ones that they are saying on here or other testing software?
SAM you can block networks OR HOSTS/ 32 on the fly without installing policy - ANS =D
SAM is correct
SAM is correct
SAM is correct