Checkpoint 156-730 - Check Point Accredited Sandblast Administrator Exam
Page: 1 / 8
Total 40 questions
Question #1 (Topic: )
Which command do you use to monitor the current status of the emulation queue?
A. tecli show emulator queueB. tecli show emulator emulations
B. tecli show emulator queue size
C. tecli show emulation emu
Answer: B
Question #2 (Topic: )
Select the true statement about Threat Emulation Open Server appliances.
A. Supports custom images without any special requirement.
B. No requirement to enable VT (Hardware Virtualization).
C. Only Cloud emulation service is supported on an open platform.
D. Threat Extraction is not supported on an open platform.
Answer: C
Question #3 (Topic: )
What are the given options for remediation?
1. Remediation script
2. Auto remediation
3. Using Threat Emulation to block and remove the infected file
4. Use the locally installed Anti-Virus to perform a complete system scan
1. Remediation script
2. Auto remediation
3. Using Threat Emulation to block and remove the infected file
4. Use the locally installed Anti-Virus to perform a complete system scan
A. 3 and 4
B. 2 and 3
C. 1 and 4
D. 1 and 2
Answer: D
Question #4 (Topic: )
How can the SandBlast Agent protect against encrypted archives?
A. The SandBlast Agent cannot protect from an encrypted malware.
B. Since to open the encrypted archive the user must know the password, once opened and the writing to the disk has begun. the SandBlast Agent will immediately scan the file.
C. Password protected archive file is opened via brute force and dictionary attack. Once file is open the SandBlast Agent can scan it and send it to emulation.
D. Only if the administrator has added a special password file and the password that is used for the archive is part of the password list on the file.
Answer: D
Question #5 (Topic: )
Which phase(s) is(are) NOT part of the Cyber Kill Chain?
A. ExploitationB. Command and Control
B. Remediation
C. Action and Objectives
Answer: C
