Checkpoint 156-730 - Check Point Accredited Sandblast Administrator Exam

Page:    1 / 8   
Total 40 questions

Which command do you use to monitor the current status of the emulation queue?

  • A. tecli show emulator queueB. tecli show emulator emulations
  • B. tecli show emulator queue size
  • C. tecli show emulation emu


Answer : B

Select the true statement about Threat Emulation Open Server appliances.

  • A. Supports custom images without any special requirement.
  • B. No requirement to enable VT (Hardware Virtualization).
  • C. Only Cloud emulation service is supported on an open platform.
  • D. Threat Extraction is not supported on an open platform.


Answer : C

What are the given options for remediation?
1. Remediation script
2. Auto remediation
3. Using Threat Emulation to block and remove the infected file
4. Use the locally installed Anti-Virus to perform a complete system scan

  • A. 3 and 4
  • B. 2 and 3
  • C. 1 and 4
  • D. 1 and 2


Answer : D

How can the SandBlast Agent protect against encrypted archives?

  • A. The SandBlast Agent cannot protect from an encrypted malware.
  • B. Since to open the encrypted archive the user must know the password, once opened and the writing to the disk has begun. the SandBlast Agent will immediately scan the file.
  • C. Password protected archive file is opened via brute force and dictionary attack. Once file is open the SandBlast Agent can scan it and send it to emulation.
  • D. Only if the administrator has added a special password file and the password that is used for the archive is part of the password list on the file.


Answer : D

Which phase(s) is(are) NOT part of the Cyber Kill Chain?

  • A. ExploitationB. Command and Control
  • B. Remediation
  • C. Action and Objectives


Answer : C

Page:    1 / 8   
Total 40 questions