CheckPoint-IBM Certified Associate Administrator - Security QRadar SIEM V7.2.8

1.

Regarding a proper Threat Emulation sizing for an environment with 1000 users for web and email traffic which assumptions are correct? 1. 2000 unique files per day within SMTP/S 2. 2500 unique files per day within HTTP/S 3. 7000 unique files per day within SMTP/S 4. 5000 unique files per day within HTTP/s

1 and 2 are correct 1 and 3 are correct 1 and 4 are correct 2 and 3 are correct

2.

Which command do you use to monitor the current status of the emulation queue?

tecli show emulator queue tecli show emulator emulations tecli show emulator queue size tecli show emulation emu

3.

Which Blades of the SandBlast Agent are used for remediation?

DLP and Compliance blades Anti-Bot blade and Threat Emulation blades Forensics and Threat Emulation blades Threat Emulation and Threat Extraction Blades

4.

What's the password for the encrypted malicious file available via the Threat Emulation forensics report?

malicious forensics password infected

5.

When running the Threat Emulation first time wizard, which of these is NOT an option for file analysis location?

ThreatCloud Emulation Service tecli advanced remote Locally on this Threat Emulation Appliance Other Threat Emulation Appliance

6.

A Threat Extraction license is always bundled with Threat Emulation.

False True True False

7.

What attack vectors are protected by using the SandBlast Agent?

Mail, Web, Office 365 Outside the office, removable media, lateral movement Office 365, Outside of the office, removable media, lateral movement email, Lateral movement, Removable media, encrypted channels

8.

How can the SandBlast Agent protect against encrypted archives?

The SandBlast Agent cannot protect from an encrypted malware. Since to open the encrypted archive the user must know the password, once opened and the writing to the disk has begun. the SandBlast Agent will immediatelyscan the file. Password protected archive file is opened via brute force and dictionary attack. Once file is open the SandBlast Agent can scan it and send it to emulation. Only if the administrator has added a special password file and the password that is used for the archive is part of the password list on the file.

9.

What Mail Transfer Agent is used with SandBlast?

Exchange Check Point Postfix Sendmail

10.

How can CPU Level Emulation detect ROP?

Locate a CPU flow buffer with mismatch between called and returned addresses. Increased CPU temperature. Wrong order in the ROP Gadgets Dictionary. It is detected as soon as the evasion code runs and injects the malicious code into a legitimate process.

CheckPoint-IBM Certified Associate Administrator - Security QRadar SIEM V7.2.8

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

CheckPoint-IBM Certified Associate Administrator - Security QRadar SIEM V7.2.8

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner