Which protocols are supported by the THREAT EMULATION blade?
- A . CIFS, FTP, and optional HTTP and SMTP support
- B . HTTP(S), SMTP/TLS only
- C . HTTP and SMTP only, there is no SSL/TLS security support
- D . HTTP(S), SMTP/TLS with optional CIFS
Which SmartConsole can you use to view Threat Emulation forensics reports?
- A . SmartView Monitor
- B . SmartView Reporter
- C . SmartLog
- D . SmartDashboard
How does Threat Extraction work?
- A . Scan and extract files for Command and Control activity.
- B . It emulates a document and, if malicious, converts it into a PDF.
- C . It extracts active content from a document.
- D . It scans the document for malicious code and removes it.
What kind of approach or approaches will Check Point SandBlast apply to prevent malicious EXE-files?
- A . Machine learning algorithm
- B . Signature
- C . Exploit
- D . Whitelist and Exploit
You have installed the SandBlast Agent with forensics. An attack has occurred, which triggered the Forensics Blade to collect information. You clicked to open the forensics report but for some reason it is not showing the report as it should.
What could be the issue?
- A . The attack was based on a macro and the Forensics Blade only supports executables.
- B . There is a Microsoft update missing which causes the report not to show as it should.
- C . There was no real attack and this is a false positive.
- D . Threat Emulation is disabled.
The file reclassifier is a Threat Emulation component used to perform which function on files in the stream?
- A . Count the hits of each file extension, used as part of the reporting mechanism.
- B . Used to measure Threat Emulation usage and reporting back to Check Point.
- C . Used to rename files extension so they are processed using the correct application based on the file magic.
- D . Used to rename files extension so they are processed using the correct application based on the current file extension.
Which of the following is FALSE about the SandBlast Agent capabilities?
- A . Stop data exfiltration to prevent disclosure of sensitive information, and quarantine infected systems to limit spread of malware.
- B . Detect and block command and control communications, even when working remotely.
- C . Connect to remote offices via virtual private networking in order to gain secure access to local resources.
- D . Get unparalleled visibility into specific endpoint and processes to enable faster recovery post-infection.
With regard to SandBlast Cloud emulation, which statement is INCORRECT?
- A . SandBlast Cloud licensing offers fair usage caps which customers should never reach.
- B . SandBlast Cloud licensing requires a license SKU per gateway.
- C . Only new files not seen before are emulated on the cloud and count against fair usage cap.
- D . For simplicity, SandBlast Cloud offers a single license SKU per User Center, covering all files sent from all gateways in that User Center.
Threat Emulation Cloud offers pods to perform emulation, in which geographies are these pods located
- A . USA and Germany only
- B . Germany, Israel, USA
- C . UK, USA, South America
- D . Israel, Germany, Russia
You can restrict a user from downloading an original file if it is getting a malicious verdict from Threat Emulation?
- A . True C This is possible through the SmartDashboard Threat extraction settings.
- B . False C Due to security concerns, a user will never be able to download a file found to be malicious.
- C . True C Under Threat emulation settings you can configure this option.
- D . False C Threat Emulation provides a recommendation verdict. The user can download the file even if it is found to be malicious.
You can restrict a user from downloading an original file if it is getting a malicious verdict from Threat Emulation?
- A . True C This is possible through the SmartDashboard Threat extraction settings.
- B . False C Due to security concerns, a user will never be able to download a file found to be malicious.
- C . True C Under Threat emulation settings you can configure this option.
- D . False C Threat Emulation provides a recommendation verdict. The user can download the file even if it is found to be malicious.
You can restrict a user from downloading an original file if it is getting a malicious verdict from Threat Emulation?
- A . True C This is possible through the SmartDashboard Threat extraction settings.
- B . False C Due to security concerns, a user will never be able to download a file found to be malicious.
- C . True C Under Threat emulation settings you can configure this option.
- D . False C Threat Emulation provides a recommendation verdict. The user can download the file even if it is found to be malicious.
You can restrict a user from downloading an original file if it is getting a malicious verdict from Threat Emulation?
- A . True C This is possible through the SmartDashboard Threat extraction settings.
- B . False C Due to security concerns, a user will never be able to download a file found to be malicious.
- C . True C Under Threat emulation settings you can configure this option.
- D . False C Threat Emulation provides a recommendation verdict. The user can download the file even if it is found to be malicious.
MTA
- A . 1 and 3 are correct
- B . 1, 2, and 3 are correct
- C . 1 and 2 are correct
- D . 2 and 3 are correct
MTA
- A . 1 and 3 are correct
- B . 1, 2, and 3 are correct
- C . 1 and 2 are correct
- D . 2 and 3 are correct
MTA
- A . 1 and 3 are correct
- B . 1, 2, and 3 are correct
- C . 1 and 2 are correct
- D . 2 and 3 are correct
MTA
- A . 1 and 3 are correct
- B . 1, 2, and 3 are correct
- C . 1 and 2 are correct
- D . 2 and 3 are correct
MTA
- A . 1 and 3 are correct
- B . 1, 2, and 3 are correct
- C . 1 and 2 are correct
- D . 2 and 3 are correct
Remote emulation
- A . 1 and 2 are correct
- B . 1 and 3 are correct
- C . 1, 3, and 4 are correct
- D . 2 and 3 are correct
Remote emulation
- A . 1 and 2 are correct
- B . 1 and 3 are correct
- C . 1, 3, and 4 are correct
- D . 2 and 3 are correct
Remote emulation
- A . 1 and 2 are correct
- B . 1 and 3 are correct
- C . 1, 3, and 4 are correct
- D . 2 and 3 are correct
Remote emulation
- A . 1 and 2 are correct
- B . 1 and 3 are correct
- C . 1, 3, and 4 are correct
- D . 2 and 3 are correct
Remote emulation
- A . 1 and 2 are correct
- B . 1 and 3 are correct
- C . 1, 3, and 4 are correct
- D . 2 and 3 are correct
5000 unique files per day within HTTP/s
- A . 1 and 2 are correct
- B . 1 and 3 are correct
- C . 1 and 4 are correct
- D . 2 and 3 are correct
Which command do you use to monitor the current status of the emulation queue?
- A . tecli show emulator queue
- B . tecli show emulator emulations
- C . tecli show emulator queue size
- D . tecli show emulation emu
Which Blades of the SandBlast Agent are used for remediation?
- A . DLP and Compliance blades
- B . Anti-Bot blade and Threat Emulation blades
- C . Forensics and Threat Emulation blades
- D . Threat Emulation and Threat Extraction Blades
What’s the password for the encrypted malicious file available via the Threat Emulation forensics report?
- A . malicious
- B . forensics
- C . password
- D . infected