156-727.77 Threat Prevention

Page 1   
Question 1

When adding IPS to a gateway, which profile will be set?

  • A. Default_Protection, but with all actions set to “Detect only”
  • B. Default_Protection, but with all actions set to “Prevent”
  • C. Default_Protection
  • D. Recommended_Protection

Answer : C

Question 2

This graphic shows traffic being blocked from certain countries.

What is the deciding factor for this?

  • A. The traffic from selected countries is being blocked because of an IPS traffic-type rule in the rulebase
  • B. The traffic from selected countries is being blocked because it is overloading the Gateway
  • C. The traffic from selected countries is being blocked due to the GeoProtection ruleset
  • D. The traffic from selected countries is being blocked due to IPS-detected specific attacks originating there

Answer : C

Question 3

Which of the following are valid Boolean search terms that can be used in custom
SmartLog queries?

  • A. And, or, with
  • B. And, or, not
  • C. None, Boolean search terms cannot be used in SmartLog.
  • D. And, or, not, with

Answer : B

Question 4

SmartLog can be used to identify which of the following:

  • A. Security Policy version control information
  • B. A list of currently connected users
  • C. The country of origin of specific traffic displayed on a map
  • D. The top destination IP addresses of a specific source

Answer : D

Question 5

What is the most common way a computer can become infected with a bot?

  • A. Malvertising
  • B. Users accessing malicious web sites
  • C. Adobe file vulnerabilities
  • D. Microsoft file vulnerabilities

Answer : B

Question 6

Check Point Signature teams are constantly monitoring the threat space.

  • A. True, twenty four hours a day, everyday
  • B. True, except for major holidays
  • C. True, from Sunday through Thursday
  • D. False

Answer : A

Question 7

How can SmartEvent be launched out of SmartDashboard?

  • A. Threat Prevention Tab > Launch SmartEvent
  • B. Menu SmartConsole > SmartEvent
  • C. Menu SmartConsole > SmartEvent or Threat Prevention Tab > Analyze and Report
  • D. SmartEvent has always to be launched via Start > Programs

Answer : C

Question 8

What is the minimum software version required for a Threat Emulation deployment?

  • A. R76 or higher with Hotfix HF_001 for Threat Emulation
  • B. R75.4x with SecurePlatform, R77 or higher with GaiA
  • C. R77 or higher with GAiA (or SecurePlatform when using ThreatCloud)
  • D. R75.47 or higher with GAiA (or SecurePlatform when using ThreatCloud)

Answer : C

Question 9

When configuring Anti-Bot & Anti-Virus, you notice the following error in the Update Status
of the Gateways page:

What is the most likely cause of this error?

  • A. The Security Gateway is not licensed for Anti-Bot & Anti-Virus inspection.
  • B. There are no updates available for the participating gateway.
  • C. The Anti-Bot & Anti-Virus policy is not installed on the gateway.
  • D. You do not have DNS or proxy settings configured for the gateway.

Answer : D

Question 10

John is troubleshooting a dropped traffic issue. Looking in SmartViewTracker, he cannot
find anything related to it. What CLI command might help him in this situation where he
suspects a possible problem with IPS?

  • A. All of the information is visible in SmartViewTracker without additional commands.
  • B. fw ctl pstat
  • C. fw logexport ¦ grep drop
  • D. fw ctl zdebug drop

Answer : D

Question 11

Which of the following statements regarding the threat prevention database is NOT

  • A. The Security management server connects to the internet to get Malware Database updates.
  • B. By default, updates run on the security gateway every two hours.
  • C. The malware database only updates if you have a valid Anti-Bot/ or Anti-Virus contract.
  • D. The security gateway contains a local cache of the malware requests.

Answer : A

Question 12

SmartEvent > Events >Predefined:in which section can the All Threat Emulation setting
be found?

  • A. Application & URL Filtering
  • B. Threat Prevention
  • C. All Events
  • D. Threat Analysis

Answer : B

Question 13

Put these HTTPS traffic inspections steps in the correct order.
a. Validates the web sites server certificate
b. Intercepts HTTPS requests
c. Decrypts data from client and inspects clear text content
d. Decrypts response from server and inspects clear text content
e. Creates a certificate for use between gateway and client
f. Encrypts data and sends data to web server
g. Encrypts data and sends data to client
h. Establishes a secure connection to the requested web site

  • A. a, e, b, h, c, f, d, g
  • B. a, b, f, d, c, g, h, e
  • C. b, h, a, e, c, f, d, g
  • D. a, b, e, f, d, c, g, h

Answer : C

Question 14

A customer does not own Check Point Gateways, but he wants to use Threat Emulation
Service to detect SMTP Zero-Day vulnerabilities. What is his option?

  • A. Use MTA plug-in on his exchange server.
  • B. Needs to buy a Check Point security gateway.
  • C. Needs to install Mail Transfer Agent on his firewall.
  • D. Purchase SMTE cloud service.

Answer : A

Question 15

What advantage does the Recommended_Profile provide over the Default_Protection

  • A. Reduced server load
  • B. Accelerated throughput
  • C. Advanced reporting options
  • D. Higher security posture

Answer : D

Page 1