156-727.77 Online Practice Questions and Answers

Which of these statements describes the Check Point ThreatCloud?

A. A worldwide collaborative security network

B. Prevents vulnerability exploits

C. Controls access to web sites based on category

D. Blocks or limits usage of web applications

What is the name of Check Point collaborative network that delivers real-time dynamic security intelligence to Check Point threat prevention blades?

A. ThreatSpect

B. ThreatWiki

C. ThreatCloud

D. ThreatEmulator

Which of the following is information shared via ThreatCloud?

A. Sensitive Corporate Data

B. Bot and virus signatures

C. Anticipated Attack Methods

D. Compromised Machine IP Addresses

Which of the following is information shared via ThreatCloud?

A. Compromised Machine IP Addresses

B. Anticipated Attack Methods

C. Sensitive Corporate Data

D. Address of command and control servers

What is the name of the Check Point cloud-driven Knowledgebase?

A. ThreatSpect

B. ThreatCloud

C. ThreatWiki

D. ThreatEmulator

Check Point's IPS blade provides two pre-defined profiles. Which of the following definitions are correct?

A. Default_Protection: Provides excellent performance with a sufficient level of protection. Recommended_Protection: Provides the best security with a sufficient level of performance

B. Default_Protection: Provides tracking only for troubleshooting purposes and evaluation prior to full implementation. Recommended_Protection: Provides excellent performance with a sufficient level of protection.

C. Default_Protection: Provides the best security with a sufficient level of performance. Recommended_Protection: Provides excellent performance with a sufficient level of protection.

D. Default_Protection: Is an uneditable profile that prevents all IPS related traffic. Recommended_Protection: Provides excellent performance, flexibility to customize protections and actions, with a sufficient level of protection.

When adding IPS to a gateway, which profile will be set?

A. Default_Protection, but with all actions set to "Detect only"

B. Default_Protection, but with all actions set to "Prevent"

C. Default_Protection

D. Recommended_Protection

Check Point Signature teams are constantly monitoring the threat space.

A. True, twenty four hours a day, everyday

B. True, except for major holidays

C. True, from Sunday through Thursday

D. False

IPS can assist in the discovery of unknown buffer overflow attacks without any pre-defined signatures.

A. False, only the Threat Emulator blade can discover unknown attacks.

B. True, if Zero-Day vulnerability is enabled.

C. False, IPS needs predefined signatures for all functions.

D. True, if Malicious Code Protector is enabled in IPS.

John is troubleshooting a dropped traffic issue. Looking in SmartViewTracker, he cannot find anything related to it. What CLI command might help him in this situation where he suspects a possible problem with IPS?

A. All of the information is visible in SmartViewTracker without additional commands.

B. fw ctl pstat

C. fw logexport ¦ grep drop

D. fw ctl zdebug drop

Order the steps to bypass the IPS for specific protection:

a.

Open the SmartDashboard

b.

Find the protection you want to bypass

c.

Add the exception for this specific protection

d.

Go to Network Exception tab

e.

Click New.

f.

Go to Protections view

g.

Install Security policy

h.

Go to IPS tab

A.

a, g, h, f, e, c, b, d

B.

a, d, f, h, e, c, b, g

C.

a, h, f, b, d, e, c, g

D.

a, f, h, c, e, d, b, g

The Threat Prevention software blade:

A. Is configured in one unified policy for Anti-Bot and Anti-virus functions and uses the same threat repository.

B. Can only be deployed as part of SensorNET.

C. Is a free function that does not require additional licensing.

D. Can only be deployed on a Security Gateway running GAiA.

Which of the following statements regarding the threat prevention database is NOT correct?

A. The Security management server connects to the internet to get Malware Database updates.

B. By default, updates run on the security gateway every two hours.

C. The malware database only updates if you have a valid Anti-Bot/ or Anti-Virus contract.

D. The security gateway contains a local cache of the malware requests.

What is the most common way a computer can become infected with a bot?

A. Malvertising

B. Users accessing malicious web sites

C. Adobe file vulnerabilities

D. Microsoft file vulnerabilities

Which of the following are valid Boolean search terms that can be used in custom SmartLog queries?

A. And, or, with

B. And, or, not

C. None, Boolean search terms cannot be used in SmartLog.

D. And, or, not, with