Which is NOT a SmartEvent component?
Log Consolidatoris NOT a SmartEvent component. SmartEvent is a unified security event management solution that provides visibility, analysis, and reporting of security events across multiple Check Point products. SmartEvent consists of three main components: SmartEvent Server, Correlation Unit, and Log Server. SmartEvent Server is responsible for storing and displaying security events in SmartConsole and SmartEventWeb. Correlation Unit is responsible for collecting and correlating logs from various sources and generating security events based on predefined or custom scenarios. Log Server is responsible for receiving and indexing logs from Security Gateways and other Check Point modules. Log Consolidator is not a valid component or blade of SmartEvent.
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?
The action that is not supported in UserCheck objects is Reject. UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users and display messages or requests on their browsers. The supported actions in UserCheck objects are Ask, Inform, Block, and Continue. The Ask action prompts the user to confirm or cancel an action. The Inform action notifies the user about an event or a policy. The Block action prevents the user from accessing a resource or performing an action. The Continue action allows the user to access a resource or perform an action after displaying a message. Reference: [UserCheck]
In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following:
CoreXL is a performance-enhancing technology that enables the Security Gateway to utilize multiple CPU cores for processing traffic. CoreXL creates multiple instances of the Firewall kernel, each running on a separate CPU core. Each Firewall instance can handle traffic concurrently and independently, applying the same security policy to the packets that are assigned to it. CoreXL does not allow different policies per core, as this would create inconsistency and complexity in the security enforcement.
The references are:
Best Practices - Security Gateway Performance
Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 16
Check Point R81 Quantum Security Gateway Guide, page 42
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
In SmartEvent, the administrator can configure different types of automatic reactions, which include:
Mail notifications
Blocking the source of the event
Blocking the event activity
Running an external script
Sending an SNMP trap
So, the correct answer is 'Mail, Block Source, Block Event Activity, External Script, SNMP Trap.'
Which SmartEvent component is responsible to collect the logs from different Log Servers?
