EMT Practice Test

1. Question Content...


Question List

Question1: With regard to SandBlast licensing options, which is INCORRECT?

Question2: Which Blades of the SandBlast Agent are used for remediation?

Question3: What are the 3 stages of securing the network with the SandBlast Agent?

Question4: What are the deployment methods available with the SandBlast Agent? Choose the BEST answer.

Question5: What are the SandBlast deployment options?
1. Cloud emulation
2. Emulation on the Endpoint itself
3. Local Emulation
4. Remote emulation

Question6: What's the password for the encrypted malicious file available via the Threat Emulation forensics report?

Question7: How can CPU Level Emulation detect ROP?

Question8: A Threat Extraction license is always bundled with Threat Emulation.

Question9: Can several gateways send files to one SandBlast appliance?

Question10: What Mail Transfer Agent is used with SandBlast?

Question11: Regarding a proper Threat Emulation sizing for an environment with 1000 users for web and email traffic which assumptions are correct?
1. 2000 unique files per day within SMTP/S
2. 2500 unique files per day within HTTP/S
3. 7000 unique files per day within SMTP/S
4. 5000 unique files per day within HTTP/s

Question12: When running the Threat Emulation first time wizard, which of these is NOT an option for file analysis location?

Question13: Anti-Bot uses the following detection/prevention features:
1. Reputation lookup of DNS/IP/URL access
2. Dynamic analysis for Bots
3. Outbound SPAM
4. Bot behavior signatures

Question14: You analyze your Threat Prevention events in SmartEvent and there is one specific event with a PDF- document you suspect being malicious. What is a typical behavior Threat Emulation would detect as malicious? When the PDF is opened in VM:

Question15: What is TRUE for SandBlast local emulation deployment?
1. Any Check Point gateway can perform local emulation.
2. SandBlast Appliance is required.
3. Existing gateway can collect files and forward to emulation.

Question16: Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?
1. You can assign multiple profiles per gateway.
2. A profile can be assigned to one or more rules.
3. Only one profile per gateway is allowed.
4. A profile can be assigned to only one rule.

Question17: Which deployment modes support Prevent?
1. Inline
2. SPAN port
3. MTA

Question18: How can the SandBlast Agent protect against encrypted archives?

Question19: Which phase(s) is(are) NOT part of the Cyber Kill Chain?

Question20: What attack vectors are protected by using the SandBlast Agent?

Question21: Which feature do you enable to allow the gateway to participate in email flow and therefore hold mails and strip malicious attachment if found?

Question22: Which command do you use to monitor the current status of the emulation queue?