156-730 Check Point Accredited Sandblast Administrator

Page 1   
Question 1

When running the Threat Emulation first time wizard, which of these is NOT an option for
file analysis location?

  • A. ThreatCloud Emulation ServiceB. tecli advanced remote
  • B. Locally on this Threat Emulation Appliance
  • C. Other Threat Emulation Appliance


Answer : B

Question 2

You can restrict a user from downloading an original file if it is getting a malicious verdict
from Threat Emulation?

  • A. True – This is possible through the SmartDashboard Threat extraction settings.
  • B. False Due to security concerns, a user will never be able to download a file found to be malicious.
  • C. True – Under Threat emulation settings you can configure this option.
  • D. False Threat Emulation provides a recommendation verdict. The user can download the file even if it is found to be malicious.


Answer : C

Question 3

The file reclassifier is a Threat Emulation component used to perform which function on
files in the stream?

  • A. Count the hits of each file extension, used as part of the reporting mechanism.
  • B. Used to measure Threat Emulation usage and reporting back to Check Point.
  • C. Used to rename files extension so they are processed using the correct application based on the file magic.
  • D. Used to rename files extension so they are processed using the correct application based on the current file extension.


Answer : D

Question 4

A Threat Extraction license is always bundled with Threat Emulation.

  • A. False – they can be purchased separately.
  • B. True – it is part of the NGTX license.
  • C. True – it is part of the NGTP and EBP license.
  • D. False – Threat extraction is part of the basic NGFW license.


Answer : A

Question 5

Which protocols are supported by the THREAT EMULATION blade?

  • A. CIFS, FTP, and optional HTTP and SMTP support
  • B. HTTP(S), SMTP/TLS only
  • C. HTTP and SMTP only, there is no SSL/TLS security support
  • D. HTTP(S), SMTP/TLS with optional CIFS


Answer : D

Question 6

With regard to SandBlast licensing options, which is INCORRECT?

  • A. The NGTP package offers the most complete Threat Prevention offeringsB. The TETX package can be added on top of NGTP package to create the NGTX package
  • B. The TETX package includes both Threat Emulation and Threat Extraction
  • C. The NGTX package offers the most complete Threat Prevention offerings


Answer : A

Question 7

You have enabled Antivirus to scan all traffic passing through your Check Point gateway.
With the default settings your Antivirus will scan all traffic in streaming mode. For certain
file types you would like to enable a mode that will collect the entire file before scanning.
This enables you to inspect archives. What is this functionality called?

  • A. Deep scanB. Inspect
  • B. Threatspect
  • C. CPU Level scan


Answer : A

Question 8

Which feature do you enable to allow the gateway to participate in email flow and therefore
hold mails and strip malicious attachment if found?

  • A. MTAB. EMT
  • B. SME
  • C. MIV


Answer : A

Question 9

What are the deployment methods available with the SandBlast Agent? Choose the BEST
answer.

  • A. Using GPO or SCCM to deploy the deployment agent.
  • B. Using Configure SandBlast Agent to collaborate with Emulation and Ant-Virus solutions update to upgrade and install the SandBlast Agent.
  • C. Using both GPO or SCCM for deployment agent and End Point management to push the Agent.
  • D. Manually installing on every station.


Answer : C

Question 10

What kind of approach or approaches will Check Point SandBlast apply to prevent
MALICIOUS DOCUMENTS?

  • A. Whitelist and Exploit
  • B. Blacklist/machine learning
  • C. Signature
  • D. Exploit


Answer : D

Question 11

What are the SandBlast deployment options?1. Cloud emulation
2. Emulation on the Endpoint itself
3. Local Emulation
4. Remote emulation

  • A. 1 and 2 are correctB. 1 and 3 are correct
  • B. 1, 3, and 4 are correct
  • C. 2 and 3 are correct


Answer : C

Question 12

What are the 3 stages of securing the network with the SandBlast Agent?

  • A. Prevent, Identify and Contain, Effective response and remediationB. Asses, Detect, Prevent
  • B. Prevent, Contain, Block
  • C. Detect, Prevent, remediate


Answer : A

Question 13

Regarding a proper Threat Emulation sizing for an environment with 1000 users for web
and email traffic which assumptions are correct?
1. 2000 unique files per day within SMTP/S
2. 2500 unique files per day within HTTP/S
3. 7000 unique files per day within SMTP/S
4. 5000 unique files per day within HTTP/s

  • A. 1 and 2 are correctB. 1 and 3 are correct
  • B. 1 and 4 are correct
  • C. 2 and 3 are correct


Answer : A

Question 14

What attack vectors are protected by using the SandBlast Agent?

  • A. Mail, Web, Office 365B. Outside the office, removable media, lateral movement
  • B. Office 365, Outside of the office, removable media, lateral movement
  • C. email, Lateral movement, Removable media, encrypted channels


Answer : B

Question 15

With regard to SandBlast Cloud emulation, which statement is INCORRECT?

  • A. SandBlast Cloud licensing offers fair usage caps which customers should never reach.
  • B. SandBlast Cloud licensing requires a license SKU per gateway.
  • C. Only new files not seen before are emulated on the cloud and count against fair usage cap.
  • D. For simplicity, SandBlast Cloud offers a single license SKU per User Center, covering all files sent from all gateways in that User Center.


Answer : D

Page 1