The SmartEvent Correlation Unit:

The SmartEvent Correlation Unit:

The SmartEvent Correlation Unit:

A.
analyzes each IPS log entry as it enters the Log server.

B.
assigns a severity level to an event.

C.
adds events to the events database.

D.
displays the received events.

Show Hint

Leave a Reply 11

Your email address will not be published. Required fields are marked *

bergermn

bergermn

I think the correct answer is “forwards what is identified as an event to the SmartEvent server.”

However all older test that have this question have the answer as “C. analyzes each IPS log entry as it enters the Log server.”

This may be a situation where in this test they got the answer correct and it is now , the “REAL answer” Which is “forwards what is identified as an event to the SmartEvent server.”

But I am not sure how I will answer this on the test, I will update and let you all know if I get the question.

Reply

Raul

Raul

In this case the correct answer is C.

Here´s a extract from the Security Engineering Student Manual:

Correlation unit Analyzes logs looking for patterns according to the installed Event Policy. When a threat pattern is identified, the CU forwards an event to the Event Analyzer Server.

Reply

h3r3tic

h3r3tic

But is forwarding an event the same as adding it to the database?

Reply

Bhakti Prasanna Dash

Bhakti Prasanna Dash

From a Article on Checkpoint Website….

The Correlation Unit analyzes each log entry as it enters a Log server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the Correlation Unit forwards what is known as an event to the SmartEvent server.
When the SmartEvent server receives events from a Correlation Unit, it assigns a severity level to the event, invokes any defined automatic reactions, and adds the event to the Events Database, which resides on the server. The severity level and automatic reaction are based on the Events Policy.

Reply

DatDude

DatDude

The answer is A
Page 143 CCSE student manual – its the first sentence of the paragraph explaining what the CU is!

Reply

ccse

ccse

A.
The Correlation Unit analyzes each log entry as it enters a Log server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the Correlation Unit forwards what is known as an event to the SmartEvent server.

SmartEvent Administration Guide R77 | page 9

Reply

florentjustin

florentjustin

Answer A

https://sc1.checkpoint.com/documents/R77/CP_R77_SmartEvent_WebAdminGuide/17393.htm

The SmartEvent Architecture

SmartEvent has several components that work together to help track down security threats and make your network more secure:

* SmartEvent Correlation Unit, which analyzes log entries on Log servers
* SmartEvent Server, which contains the Events Database
* SmartEvent client, which manages SmartEvent

They work together in the following manner:

* The SmartEvent Correlation Unit analyzes each log entry as it enters a Log Server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the SmartEvent Correlation Unit forwards what is known as an event to the SmartEvent Server.

* When the SmartEvent Server receives events from a SmartEvent Correlation Unit, it assigns a severity level to the event, invokes any defined automatic reactions, and adds the event to the Events Database, which resides on the server. The severity level and automatic reaction are based on the Events Policy.

* The SmartEvent client displays the received events, and is the place to manage events (such as filtering and closing events) and fine-tune and install the Events Policy.

Reply

Catalin

Catalin

A

Correlation Unit (CU)
• analyzes logs looking for patterns according to the installed Event Policy.
• forwards an event to the Eventia Analyzer Server.

Analyzer Server
• receives events from the CU
• assigns a severity level to the event
• invokes any defined automatic reactions
• adds the event to the Events Database
• assigns severity level and automatic reaction based on the Events Policy
• it imports certain objects from the management server to define the internal network. Changes made to the objects on the management server are reflected in the client.
• defines automatic responses and manages the database.

Analyzer Client
• displays the received events
• manages them for filtering and status (i.e., closed events)
• provides fine tuning and installation of the Events Policy

Reply

Esteban

Esteban

A. analyzes each IPS log entry as it enters the Log server

Reply

Andrey Padalko

Andrey Padalko

Wrote 156-315.77 last Friday, and passed with 95%!

There were 89 questions of my 156-315.77 exam, many Fill in the Blank questions.

Around 10-15 new questions (IPS, Threat Prevention FW Monitor, VPN Tunnel Sharing, GAiA…etc.).

Be careful of questions on Command and Syntax, GAiA Command.

I used the PassLeader 156-315.77 dumps ( http://www.passleader.com/156-315-77.html ) (752q VCE and PDF dumps) for preparing for exam, all NEW questions were from it, the most valid 156-315.77 dumps!

Reply