Which software blades are characteristic to a Threat Prevention Appliance?
A. Anti-Virus, Anti-Bot, IPS, Identity Awareness
B. Anti-Virus, Anti-Bot, IPS, URL Filtering, Identity Awareness
C. Anti-Virus, Anti-Bot, IPS, Application Control, URL Filtering, Identity Awareness
D. Anti-Virus, Anti-Bot, IPS, URL Filtering, Identity Awareness, SmartEvent
Check Point's IPS blade provides two pre-defined profiles. Which of the following definitions are correct?
A. Default_Protection: Provides excellent performance with a sufficient level of protection. Recommended_Protection: Provides the best security with a sufficient level of performance
B. Default_Protection: Provides tracking only for troubleshooting purposes and evaluation prior to full implementation. Recommended_Protection: Provides excellent performance with a sufficient level of protection.
C. Default_Protection: Provides the best security with a sufficient level of performance. Recommended_Protection: Provides excellent performance with a sufficient level of protection.
D. Default_Protection: Is an uneditable profile that prevents all IPS related traffic. Recommended_Protection: Provides excellent performance, flexibility to customize protections and actions, with a sufficient level of protection.
SmartEvent has several components that work together to help track down security threats. What is the function of the Correlation Unit as one of those components in the architecture? The Correlation Unit:
A. connects with the SmartEvent Client when generating reports.
B. analyzes each log entry as it enters a log server, according to the Event Policy; when a threat pattern is identified, an event is forwarded to the SmartEvent Server.
C. collects syslog data from third party devices and saves them to the database.
D. correlates all the identified threats with the consolidation policy.
An end-user calls the helpdesk, complaining that he cannot access a web site. You check the log and see that an IPS signature is dropping his connections. What can you do? Change the signature action to:
A. Bypass
B. Detect
C. Inactive
D. Prevent
Looking at these logs, what happened at 10:55?

A. An IPS rule was installed, causing IPS to temporarily stop working
B. The Gateway was rebooted, causing IPS to temporarily stop working
C. A new IPS policy was installed, causing IPS to temporarily stop working
D. IPD Inspections were temporarily suspended, due to high load on the gateway
_______________ enforces or monitors traffic, based on the source or destination IP address of the country.
A. IPS Recommended_Protections Profile
B. Geo-protection
C. Secure Web Gateway
D. ThreatCloud
If a bot is detected on your network, which of the following statements is correct regarding anti- bot blade.
A. outbound connections from the infected client are blocked to prevent further infection.
B. outbound connections from the infected client are blocked;, expect the connection to the Check Point ThreatCloud.
C. outbound connections from the infected client to the command and control center, are blocked.
D. outbound connections from every client are blocked, to prevent further data breaches.
Put these HTTPS traffic inspections steps in the correct order.
a.
Validates the web site's server certificate
b.
Intercepts HTTPS requests
c.
Decrypts data from client and inspects clear text content
d.
Decrypts response from server and inspects clear text content
e.
Creates a certificate for use between gateway and client
f.
Encrypts data and sends data to web server
g.
Encrypts data and sends data to client
h.
Establishes a secure connection to the requested web site
A.
a, e, b, h, c, f, d, g
B.
a, b, f, d, c, g, h, e
C.
b, h, a, e, c, f, d, g
D.
a, b, e, f, d, c, g, h
When pushing the Threat Prevention policy, which of the following blades will NOT get updated?
A. IPS
B. Threat Emulation
C. Anti-Bot
D. Anti-Virus
SmartLog can be used to identify which of the following:
A. Security Policy version control information
B. A list of currently connected users
C. The country of origin of specific traffic displayed on a map
D. The top destination IP addresses of a specific source