The SmartEvent Correlation Unit:
A.
analyzes each IPS log entry as it enters the Log server.
B.
assigns a severity level to an event.
C.
adds events to the events database.
D.
displays the received events.
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
I think the correct answer is “forwards what is identified as an event to the SmartEvent server.”
However all older test that have this question have the answer as “C. analyzes each IPS log entry as it enters the Log server.”
This may be a situation where in this test they got the answer correct and it is now , the “REAL answer” Which is “forwards what is identified as an event to the SmartEvent server.”
But I am not sure how I will answer this on the test, I will update and let you all know if I get the question.
0
0
In this case the correct answer is C.
Here´s a extract from the Security Engineering Student Manual:
Correlation unit Analyzes logs looking for patterns according to the installed Event Policy. When a threat pattern is identified, the CU forwards an event to the Event Analyzer Server.
0
0
But is forwarding an event the same as adding it to the database?
0
0
From a Article on Checkpoint Website….
The Correlation Unit analyzes each log entry as it enters a Log server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the Correlation Unit forwards what is known as an event to the SmartEvent server.
When the SmartEvent server receives events from a Correlation Unit, it assigns a severity level to the event, invokes any defined automatic reactions, and adds the event to the Events Database, which resides on the server. The severity level and automatic reaction are based on the Events Policy.
0
0
The answer is A
Page 143 CCSE student manual – its the first sentence of the paragraph explaining what the CU is!
0
0
A.
The Correlation Unit analyzes each log entry as it enters a Log server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the Correlation Unit forwards what is known as an event to the SmartEvent server.
SmartEvent Administration Guide R77 | page 9
0
0
Answer A
https://sc1.checkpoint.com/documents/R77/CP_R77_SmartEvent_WebAdminGuide/17393.htm
The SmartEvent Architecture
SmartEvent has several components that work together to help track down security threats and make your network more secure:
* SmartEvent Correlation Unit, which analyzes log entries on Log servers
* SmartEvent Server, which contains the Events Database
* SmartEvent client, which manages SmartEvent
They work together in the following manner:
* The SmartEvent Correlation Unit analyzes each log entry as it enters a Log Server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the SmartEvent Correlation Unit forwards what is known as an event to the SmartEvent Server.
* When the SmartEvent Server receives events from a SmartEvent Correlation Unit, it assigns a severity level to the event, invokes any defined automatic reactions, and adds the event to the Events Database, which resides on the server. The severity level and automatic reaction are based on the Events Policy.
* The SmartEvent client displays the received events, and is the place to manage events (such as filtering and closing events) and fine-tune and install the Events Policy.
0
0
A
Correlation Unit (CU)
• analyzes logs looking for patterns according to the installed Event Policy.
• forwards an event to the Eventia Analyzer Server.
Analyzer Server
• receives events from the CU
• assigns a severity level to the event
• invokes any defined automatic reactions
• adds the event to the Events Database
• assigns severity level and automatic reaction based on the Events Policy
• it imports certain objects from the management server to define the internal network. Changes made to the objects on the management server are reflected in the client.
• defines automatic responses and manages the database.
Analyzer Client
• displays the received events
• manages them for filtering and status (i.e., closed events)
• provides fine tuning and installation of the Events Policy
0
0
A. analyzes each IPS log entry as it enters the Log server
0
0