What is the name of the FW1 facility that scans the log file and alerts the system administrator that
a prespecified suspicious event has occurred?
A.
SYNDefender
B.
CVP
C.
alertf
D.
CPMAD
Explanation:
: “Check Point Malicious Activity Detection” (CPMAD) is a handy log analyzer. This feature aids in
detection of unusual, potentially dangerous activities across a range of firewall modules, it can
notify administrators about special conditions. It can be used to detect 8 types of attacks, they are:
syn attacks, anti spoofing, successive alerts, port scanning, blocked connections port scanning,
login failure, successive multiple connections, land attack. See page 406-407 of Syngress Book
“Checkpoint NG – Next Generation Security Administration”.