The TE250X is a Sandblast appliance itself so it can't be C. According to the datasheet there are 2 deployment options; Private Cloud i.e. connected to a GW or Inline as Degenhardt said, this means it cant be D.
A SPAN port would mean copies of packets are sent to the TE250X, but the appliance just listens and it cannot prevent the clients from receiving the packets, so it can't be A.
It has to be B.
Threat Emulation Deployments:
You can use inline or monitor deployments for file emulation.
Inline - Use Prevent and Ask actions to block traffic before it goes to the internal computer. You can configure how Threat Emulation handles connections while it finishes the emulation of a file:
Background - The traffic is allowed to enter the internal network
Hold - The traffic is blocked and does not enter the internal network until after emulation is finished
Monitor - Use a SPAN or TAP configuration to duplicate network traffic. The files are then sent directly to Threat Emulation and the computer in the internal network. If Threat Emulation discovers that a file contains malware, the applicable log action is done. Monitor deployments support only the Detect action.
https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/101646.htm
DEPLOYMENT OPTIONS
Emulate threats in one of two deployment options:
1. Private cloud: Check Point security gateways send
files to a SandBlast appliance for emulation
2. Inline: This is a stand-alone option that deploys a
SandBlast Appliance inline as MTA or as an ICAP
server or on a SPAN port, utilizing all NGTX
Software Blades including IPS, Antivirus, Anti-Bot,
Threat Emulation, Threat Extraction, URL Filtering
and Application Control.
I'll choose D!
Base on ATRG Documentation there is three (3) deployment mode Inline, SPAN and Remote only.
Option C you still need Security Gateway to forward files. <-- Not a possible answer, though you can use the cloud service while inspecting all the traffic not only email traffic.
Option B is not the possible answer based on the 3 deployment modes.
Option A Span can't prevent. It can do detect only. <-- Not possible answer
So D is the best option for me. Let me know your thoughts. You need a Checkpoint account to access the support center.
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114806#Deployment%20options%20-%20Inline
This is not true, it is not mentioned in the deployment options, but Sales Engineers promoted these appliances as "completely independant" solutions, not needing any existing Check Point products in place by installing as "standalone"
B is correct.
SandBlast appliances can be deployed in two modes:
1. Inline or Prevent - As a Mail Transfer Agent (MTA) and as part of the web traffic flow.
2. Detect Only - A SPAN port to receive a copy of traffic.
From CCSE R80.10 Handbook, Page 628.
No. It's A:
"Inline: This is a stand-alone option that deploys a
SandBlast Appliance inline as MTA or as an ICAP
server or on a SPAN port, utilizing all NGTX
Software Blades including IPS, Antivirus, Anti-Bot,
Threat Emulation, Threat Extraction, URL Filtering
and Application Control"
https://www.checkpoint.com/downloads/products/sandblast-appliances-datasheet.pdf
upvoted 5 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ToadRobertson2
Highly Voted 2 years, 3 months agocaz21
Highly Voted 2 years, 2 months agoVasko777
Most Recent 4 months, 3 weeks agolromeroq
10 months, 2 weeks agolordlich
12 months agoAl789789
1 year, 5 months agoNLT
1 year, 8 months agoNLT
1 year, 8 months agojm31
1 year, 11 months agoGabsf
2 years, 1 month agoseralvarCR
1 year, 5 months agoKarrol
2 years, 2 months agomar_san
2 years, 6 months agoDegenhardt
3 years, 3 months ago