Which Windows file contains the CPMAD configuration?
A.
$FWDIR/cpmad/cpmad_config.conf
B.
$FWDIR/cpmad/config.conf
C.
$FWDIR/conf/cpmad_config.conf
D.
$FWDIR/conf/cpmad.conf
Explanation:
: The main configuration file for CPMAD events is cpmad_config.conf. This file can be found in the
$FWDIR/conf directory. Its format is pretty standard. You can place comments in it with the “#”symbol. Just to remember, Check Point Malicious Activity Detection (CPMAD) is a handy log
analyzer. This feature aids in detection of unusual, potentially dangerous activities across a range
of firewall modules. It can be used to detect 8 types of attacks, they are: syn attacks, anti spoofing,
successive alerts, port scanning, blocked connections port scanning, login failure, successive
multiple connections, land attack. See page 406-407 of Syngress Book “Checkpoint NG – Next
Generation Security Administration”.