nerdexam
Check_Point

156-315.77 · Question #555

156-315.77 Question #555: Real Exam Question with Answer & Explanation

The correct answer is B. Define the two port-scan detections as an exception.. See the full explanation below for the reasoning.

Question

You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other. How would you accomplish this?

Options

  • ASelect the two port-scan detections as a sub-event.
  • BDefine the two port-scan detections as an exception.
  • CYou cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.
  • DSelect the two port-scan detections as a new event.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 156-315.77 Practice