exam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT

Similar documents
SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

New Software Blade and Cloud Service Prevents Zero-day and Targeted Attacks

CounterACT Check Point Threat Prevention Module

For example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Future-ready security for small and mid-size enterprises

Deep instinct For MSSPs

Cisco s Appliance-based Content Security: IronPort and Web Security

Next Generation Endpoint Security Confused?

CHECK POINT NEXT GENERATION SECURITY GATEWAY FOR THE DATACENTER

The Eight Components of a Strong Cyber Security Defense System

Symantec Ransomware Protection

Managing SonicWall Gateway Anti Virus Service

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

How to Get and Configure Barracuda Exchange Antivirus Agent 7.1 and Above

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

Appliance Comparison Chart

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo

Appliance Comparison Chart

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Synchronized Security

Annexure E Technical Bid Format

A Comprehensive CyberSecurity Policy

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

Copyright 2011 Trend Micro Inc.

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

What s New in Version 3.5 Table of Contents

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

SOLUTION MANAGEMENT GROUP

Using Centralized Security Reporting

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Exam : Title : symantec small Business security. Version : DEMO

GFI product comparison: GFI MailEssentials vs. Barracuda Spam Firewall

AT&T Endpoint Security

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

Office 365 Buyers Guide: Best Practices for Securing Office 365

SonicWALL Security Software

Selftestengine q

SentinelOne Technical Brief

Security, Internet Access, and Communication Ports

Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates

Seqrite Endpoint Security

McAfee Advanced Threat Defense

Test-king q

Comodo Dome Antispam Software Version 6.0

Check Point 1100 Appliances Frequently Asked Questions

We Secure The Highways. Safety comes first.with data availability and data security 24x7 Highway Monitoring and Control

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

SentinelOne Technical Brief

GFI product comparison: GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.5

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

McAfee Embedded Control

Symantec ST Symantec Messaging Gateway Download Full Version :

GFI MailSecurity 2011 for Exchange/SMTP. Administration & Configuration Manual

Security Gap Analysis: Aggregrated Results

SECURITY FOR SMALL BUSINESSES

Security, Internet Access, and Communication Ports

SonicWall Security 9.0.6

Real-time, Unified Endpoint Protection

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Security, Internet Access, and Communication Ports

GFI Product Comparison. GFI MailEssentials vs Sophos PureMessage

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Enabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0. Bill Yazji

Administration of Symantec Messaging Gateway 10.5 Study Guide

Tracking Messages. Message Tracking Overview. Enabling Message Tracking. This chapter contains the following sections:

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Tracking Messages

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Sales Training

GFI product comparison: GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

SolarWinds Mail Assure

HUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series

GFI product comparison: GFI MailEssentials vs. McAfee Security for Servers

Corrigendum 3. Tender Number: 10/ dated

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Owner of the content within this article is Written by Marc Grote


DenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect

CIS Top 20 #13 Data Protection. Lisa Niles: CISSP, Director of Solutions Integration

Gladiator Incident Alert

McAfee Endpoint Security

MESSAGING SECURITY GATEWAY. Solution overview

CHECK POINT CLOUDGUARD SAAS SUPERIOR THREAT PREVENTION FOR SAAS APPLICATIONS

Vendor: Cisco. Exam Code: Exam Name: ESFE Cisco Security Field Engineer Specialist. Version: Demo

How to Configure ATP in the HTTP Proxy

Intel Security Advanced Threat Defense Threat Detection Testing

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Security Policy (EN) v1.3

Symantec Endpoint Protection Family Feature Comparison

File Reputation Filtering and File Analysis

Transcription:

156-730.exam Number: 156-730 Passing Score: 800 Time Limit: 120 min File Version: 1.0 CHECKPOINT 156-730 Check Point Accredited Sandblast Administrator Version 1.0

Exam A QUESTION 1 Regarding a proper Threat Emulation sizing for an environment with 1000 users for web and email traffic which assumptions are correct? 1. 2000 unique files per day within SMTP/S 2. 2500 unique files per day within HTTP/S 3. 7000 unique files per day within SMTP/S 4. 5000 unique files per day within HTTP/s A. 1 and 2 are correct B. 1 and 3 are correct C. 1 and 4 are correct D. 2 and 3 are correct Correct Answer: A /Reference: QUESTION 2 Which command do you use to monitor the current status of the emulation queue? A. tecli show emulator queue B. tecli show emulator emulations C.tecli show emulator queue size D.tecli show emulation emu Correct Answer: B /Reference:

QUESTION 3 Which Blades of the SandBlast Agent are used for remediation? A. DLP and Compliance blades B. Anti-Bot blade and Threat Emulation blades C. Forensics and Threat Emulation blades D. Threat Emulation and Threat Extraction Blades /Reference: QUESTION 4 What s the password for the encrypted malicious file available via the Threat Emulation forensics report? A. malicious B. forensics C. password D. infected /Reference: QUESTION 5 When running the Threat Emulation first time wizard, which of these is NOT an option for file analysis location? A. ThreatCloud Emulation Service B. tecli advanced remote C. Locally on this Threat Emulation Appliance D. Other Threat Emulation Appliance

Correct Answer: B /Reference: QUESTION 6 A Threat Extraction license is always bundled with Threat Emulation. A. False they can be purchased separately. B. True it is part of the NGTX license. C. True it is part of the NGTP and EBP license. D. False Threat extraction is part of the basic NGFW license. Correct Answer: A /Reference: QUESTION 7 What attack vectors are protected by using the SandBlast Agent? A. Mail, Web, Office 365 B. Outside the office, removable media, lateral movement C. Office 365, Outside of the office, removable media, lateral movement D. email, Lateral movement, Removable media, encrypted channels Correct Answer: B

/Reference: QUESTION 8 How can the SandBlast Agent protect against encrypted archives? A. The SandBlast Agent cannot protect from an encrypted malware. B. Since to open the encrypted archive the user must know the password, once opened and the writing to the disk has begun. the SandBlast Agent will immediately scan the file. C. Password protected archive file is opened via brute force and dictionary attack. Once file is open the SandBlast Agent can scan it and send it to emulation. D. Only if the administrator has added a special password file and the password that is used for the archive is part of the password list on the file. Correct Answer: D /Reference: QUESTION 9 What Mail Transfer Agent is used with SandBlast? A. Exchange B. Check Point C. Postfix D. Sendmail /Reference: QUESTION 10 How can CPU Level Emulation detect ROP? A. Locate a CPU flow buffer with mismatch between called and returned addresses. B. Increased CPU temperature.

C. Wrong order in the ROP Gadgets Dictionary. D. It is detected as soon as the evasion code runs and injects the malicious code into a legitimate process. Correct Answer: A /Reference: QUESTION 11 What are the deployment methods available with the SandBlast Agent? Choose the BEST answer. A. Using GPO or SCCM to deploy the deployment agent. B. Using Configure SandBlast Agent to collaborate with Emulation and Ant-Virus solutions update to upgrade and install the SandBlast Agent. C. Using both GPO or SCCM for deployment agent and End Point management to push the Agent. D. Manually installing on every station. /Reference: QUESTION 12 Which feature do you enable to allow the gateway to participate in email flow and therefore hold mails and strip malicious attachment if found? A. MTA B. EMT C. SME D. MIV

Correct Answer: A /Reference: QUESTION 13 Can several gateways send files to one SandBlast appliance? A. Yes, if they are managed by the same SmartCenter/Domain. B. Yes, from R77.30. C. No, only one GW can send files to a SandBlast appliance. D. No, SandBlast appliance does not support HA or LB. Correct Answer: B /Reference: QUESTION 14 You have enabled Antivirus to scan all traffic passing through your Check Point gateway. With the default settings your Antivirus will scan all traffic in streaming mode. For certain file types you would like to enable a mode that will collect the entire file before scanning. This enables you to inspect archives. What is this functionality called? A. Deep scan B. Inspect C. Threatspect D. CPU Level scan Correct Answer: A /Reference: QUESTION 15

Why should you use a Mail Transfer Agent when configuring Prevent/Hold-mode? 1. TE inspection in streaming mode can cause the sending mail server not to send any additional emails until the emulation of the prior email is completed. 2. TE inspection in Mail Transfer Agent mode will accept all valid incoming emails before inspection. 3. It will allow the email to reach the user while at the same time be sent for Dynamic Analysis. 4. There is no Mail Transfer Agent mode for Threat Emulation, only for Anti-Spam. A. 2 and 4 are correct B. 2 and 3 are correct C. 1 and 2 are correct D. All are correct /Reference: QUESTION 16 What is a ROP Gadgets Dictionary? A. Lookup table used by CPU Level Emulation to detect malware B. A generated stack of return addresses C. Feature sets which can be used to discover the true meaning of the code D. List of commonly used passwords Correct Answer: B /Reference: QUESTION 17 What kind of approach or approaches will Check Point SandBlast apply to prevent MALICIOUS DOCUMENTS?

A. Whitelist and Exploit B. Blacklist/machine learning C. Signature D. Exploit Correct Answer: D /Reference: QUESTION 18 What are the given options for remediation? 1. Remediation script 2. Auto remediation 3. Using Threat Emulation to block and remove the infected file 4. Use the locally installed Anti-Virus to perform a complete system scan A. 3 and 4 B. 2 and 3 C. 1 and 4 D. 1 and 2 Correct Answer: D /Reference: QUESTION 19 Select the true statement about Threat Emulation Open Server appliances. A. Supports custom images without any special requirement. B. No requirement to enable VT (Hardware Virtualization). C. Only Cloud emulation service is supported on an open platform.

D. Threat Extraction is not supported on an open platform. /Reference: QUESTION 20 Anti-Bot uses the following detection/prevention features: 1. Reputation lookup of DNS/IP/URL access 2. Dynamic analysis for Bots 3. Outbound SPAM 4. Bot behavior signatures A. 1, 2, and 3 B. 1, 3 and 4 C. 1 and 3 D. 2 and 3 Correct Answer: B /Reference:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback