PrepAway - Latest Free Exam Questions & Answers

How would you accomplish this?

You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event
when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from
a host within 10 seconds of each other. How would you accomplish this?

PrepAway - Latest Free Exam Questions & Answers

A.
Define the two port-scan detections as an exception.

B.
You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each
other.

C.
Select the two port-scan detections as a sub-event.

D.
Select the two port-scan detections as a new event.

4 Comments on “How would you accomplish this?

  1. palantir says:

    answer is A.

    Exceptions allow an event to be independently configured for the sources or destinations that appear here. For example, if the event Port Scan from Internal Network is set to detect an event when 30 port scans have occurred within 60 seconds, you can also define that two port scans detected from host A within 10 seconds of each other is also an event.

    To manually add an exception, under the heading Apply the following exceptions, click Add and select either the Source and/or Destination of the object to which you want to apply different criteria for this event.




    0



    0
  2. ileht says:

    1. “You ALSO want to detect,” you don’t want an exception.
    2. Exceptions refine src/dst, not counts and time periods.

    You can create new “User Defined” event based on the existing one, and modify its parameters.
    D




    0



    0
  3. Viper says:

    The answer is “A”
    Exceptions allow an event to be independently configured for the sources or destinations that appear here. For example, if the event Port Scan from Internal Network is set to detect an event when 30 port scans have occurred within 60 seconds, you can also define that two port scans detected from host A within 10 seconds of each other is also an event.

    To manually add an exception, under the heading Apply the following exceptions, click Add and select either the Source and/or Destination of the object to which you want to apply different criteria for this event.
    https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm




    0



    0
  4. Esteban says:

    A. Define the two port-scan detections as an exception.

    Eexceptions work to separate events independently so if the event in the example occurs, with the exception is show as 2 and not as 1 event.




    0



    0

Leave a Reply