Checkpoint 156-730 - Check Point Accredited Sandblast Administrator Exam
Page: 2 / 8
Total 40 questions
Question #6 (Topic: )
You analyze your Threat Prevention events in SmartEvent and there is one specific event
with a PDF-document you suspect being malicious. What is a typical behavior Threat
Emulation would detect as malicious? When the PDF is opened in VM:
with a PDF-document you suspect being malicious. What is a typical behavior Threat
Emulation would detect as malicious? When the PDF is opened in VM:
A. it tries to open in Acrobat Reader.
B. there are no changes to the registry.
C. it opens with Administrator privileges.
D. there is an outgoing network connection.
Answer: D
Question #7 (Topic: )
How can CPU Level Emulation detect ROP?
A. Locate a CPU flow buffer with mismatch between called and returned addresses.
B. Increased CPU temperature.
C. Wrong order in the ROP Gadgets Dictionary.
D. It is detected as soon as the evasion code runs and injects the malicious code into a legitimate process.
Answer: A
Question #8 (Topic: )
Which statements below are CORRECT regarding Threat Prevention profiles in
SmartDashboard?
1. You can assign multiple profiles per gateway.
2. A profile can be assigned to one or more rules.
3. Only one profile per gateway is allowed.
4. A profile can be assigned to only one rule.
SmartDashboard?
1. You can assign multiple profiles per gateway.
2. A profile can be assigned to one or more rules.
3. Only one profile per gateway is allowed.
4. A profile can be assigned to only one rule.
A. 1 and 2 are correctB. 1 and 4 are correct
B. 2 and 3 are correct
C. 1, 2, 3 and 4 are correct
Answer: C
Question #9 (Topic: )
At which layer in the Attack Infection Flow can CPU Level Emulation detect a malicious
file?
file?
A. The malware binaryB. The Exploit stage
B. The shell code
C. The vulnerability
Answer: B
Question #10 (Topic: )
Which of the following is FALSE about the SandBlast Agent capabilities?
A. Stop data exfiltration to prevent disclosure of sensitive information, and quarantine infected systems to limit spread of malware.
B. Detect and block command and control communications, even when working remotely.
C. Connect to remote offices via virtual private networking in order to gain secure access to local resources.
D. Get unparalleled visibility into specific endpoint and processes to enable faster recovery post-infection.
Answer: C
