The correct answer is C. The Change Log in SmartConsole is used to keep a record of changes made to objects and configuration during administrative work. This supports accountability, troubleshooting, and review of what changed before or after publishing. Option A is wrong because policy installation is performed through the Install Policy workflow after changes are published. Option B is wrong because user sessions are handled through session management controls and administrator-session views, not the object Change Log itself. Option D is wrong because network traffic monitoring is performed using logs, SmartView Monitor, SmartEvent, and related monitoring views. The purpose of the Change Log is administrative traceability: when an object is modified, the administrator can review what was changed and understand object-history context. This is especially important in multi-administrator environments where several sessions may modify policies and objects before publication. Reference topics: SmartConsole object management, Change Log, administrative changes, sessions and revisions.
Question # 55
There are 2 ordered layers in a policy with 20 rules each. A connection matches rule number 5 in the first layer and the action for that rule is Drop.
What will the firewall do now?
Options:
A.
Both layers are checked simultaneously and the strictest action is taken, hence the Firewall will wait for the matching results of the second layer before taking an action
B.
The Firewall will check if any rules in the second layer match with the connection and take action accordingly
C.
The Firewall will drop the connection and stop further inspection for it
D.
The Firewall will check if there is an Inline Layer attached to the rule 5 and will continue inspection if found
The correct answer is C. Ordered Layers are evaluated sequentially, but a Drop action is final for the packet or connection. When the packet matches rule 5 in the first Ordered Layer and the action is Drop, the Security Gateway drops the traffic and does not continue evaluating later rules or later Ordered Layers for that connection. This is different from an Accept in an Ordered Layer, where additional Ordered Layers may still need to be evaluated before the final allow decision is reached. Option A is wrong because ordered layers are not evaluated simultaneously. Option B is wrong because the second layer is not checked after a definitive Drop action in the first layer. Option D is incorrect because the action already determines the outcome; the gateway does not continue into an Inline Layer after a Drop action as though the connection were still eligible for deeper rule matching. The exam objective is rulebase enforcement order: Drop is terminating, while Accept may allow continued evaluation across layers depending on policy structure. Reference topics: Ordered Layers, Inline Layers, Access Control Policy enforcement, Drop action behavior.
