Exam 156-215.80 topic 1 question 474 discussion

Correct answer is B! Threat Emulation (Sandboxing) Preventing today’s sophisticated attacks requires innovation. As part of the Check Point SandBlast Zero-Day Protection solution, the Threat Emulation engine picks up malware at the exploit phase, even before hackers can apply evasion techniques attempting to bypass the sandbox. Files are quickly quarantined and inspected, running in a virtual sandbox to discover malicious behavior before it enters your network. This innovative solution combines CPU-level inspection and OS-level sandboxing to prevent infection from the most dangerous exploits, and zero-day and targeted attacks.

ANS: B SandBlast Threat Emulation The Threat Emulation engine is the sandbox component of SandBlast. It protects the network against advanced and zero-day attacks by performing both CPU-level and OS-level inspection of files. Threat Emulation hosts the file in a sandbox environment and examines it on a CPUlevel for any indication of exploit activity. This inspection stops the file from executing any of its routines, particularly those that attempt to evade detection.

Next Generation Threat Extraction ” The new face of malware is fast and stealthy thanks to obfuscation tools that help attacks slip past the most sophisticated anti-malware solutions. The Check Point Next Generation Th reat Extraction (NGTX) Software Blade package combines the NGTP package set with CPU-level and operating system-level sandbox capabilities to detect and block malware. While the file is run in a sandbox, Threat Extraction reconstructs incoming documents to deliver zero malware documents in zero seconds. The package includes all NGTP Software Blades plus the Threat Extraction service. “

It's asking about Software Blade PACKAGES, not just the blade, thats the catch

correct is C

Threat Emulation is OS and CPU level, however it is only offered in the NGTX(Extraction)package not in Prevention package, Answer C in this case

https://www.checkpoint.com/products/threat-emulation-sandboxing/ Identify more malware Check Point SandBlast Zero-Day Protection conducts further investigation with OS-level sandboxing by intercepting and filtering inbound files and inspecting URLs linked to files within emails by running them in a virtual environment. Unlike other solutions, Check Point zero-day threat sandboxing uses a unique technology. Conducting inspection at the CPU-level to stop attacks before they have a chance to launch. There are thousands of vulnerabilities and millions of malware implementations, but very few methods that cybercriminals utilize to exploit vulnerabilities. The Check Point SandBlast Threat Emulation engine monitors CPU-based instruction flow for exploits attempting to bypass OS security controls.

B lookslike the answer

C 100% Page 443

5 Check Point all-inlusive software blade package solutions: - Next generation firewall - Next generation Threat Prevention - Next generation Threat extraction - Next generation data protection - Secure web gateway Next generation threat emulation is not listed there. In fact, you cant find software blade with such name on Check point website. My answer would be A