Download 156-590 Exam Dumps Questions to get 100% Success in CheckPoint
100% Accurate Answers! 156-590 Actual Real Exam Questions
NEW QUESTION # 34
Task: Test Anti-Bot enforcement using a known malicious test domain.
Answer:
Explanation:
See the Explanation.Explanation:
1- Configure DNS to query a known test domain (e.g., simulating botnet activity).
2- Monitor Logs & Monitor for blade:"Anti-Bot".
3- Confirm "Prevented" action.
4- Review domain reputation in log entry.
5- Ensure the profile has high-confidence blocking enabled.
NEW QUESTION # 35
Task: Validate policy enforcement of a specific IPS profile.
Answer:
Explanation:
See the Explanation.Explanation:
1- Trigger test traffic that matches a rule using the profile.
2- SmartConsole > Logs > Filter by Profile name.
3- Confirm protections are applied with expected action.
4- Use fw stat on gateway to view loaded policy.
5- Ensure profile assignment is correct in the policy rule.
NEW QUESTION # 36
Task: Simulate false positive and create a detection-only override.
Answer:
Explanation:
See the Explanation.Explanation:
1- Generate test traffic causing a prevent log in SmartConsole.
2- Identify the IPS protection name.
3- Add an exception for that IP or subnet with action "Detect."
4- Re-test traffic and verify logs reflect "Detect."
5- Document the false positive and report to Check Point if needed.
NEW QUESTION # 37
Task: View IPS protections causing performance overhead.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open SmartConsole > IPS Protections.
2- Sort by "Performance Impact."
3- Filter for "Critical" or "High."
4- Review actions-consider disabling or setting to "Detect."
5- Monitor gateway CPU usage post-modification.
NEW QUESTION # 38
Task: Enable automatic email alerts for critical IPS events.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open SmartEvent or SmartConsole > Logs & Monitor.
2- Go to Automatic Reactions > New Reaction.
3- Set condition: blade=IPS AND severity=Critical.
4- Choose Action: Send Email > Configure recipient.
5- Save and test by generating a trigger.
NEW QUESTION # 39
Task: Test action taken for suspected bot-infected host.
Answer:
Explanation:
See the Explanation.Explanation:
1- Generate outbound suspicious DNS request (e.g., using simulated botnet domain).
2- Review logs in SmartConsole > blade:"Anti-Bot".
3- Confirm whether the connection was blocked or allowed.
4- Validate host quarantine action, if configured.
5- Check endpoint if agent alerts were triggered.
NEW QUESTION # 40
Task: Check if IPS blade is inspecting encrypted traffic.
Answer:
Explanation:
See the Explanation.Explanation:
1- Confirm HTTPS Inspection is enabled on the gateway.
2- Navigate to Threat Prevention > Protections.
3- Check protections related to SSL/TLS.
4- Confirm visibility of SSL payloads in logs.
5- Use HTTPS test traffic and review detection.
NEW QUESTION # 41
Task: Manually trigger an IPS update from SmartConsole.
Answer:
Explanation:
See the Explanation.Explanation:
1- Go to Threat Prevention > Updates.
2- Click "Check Now" under IPS section.
3- Wait for update to complete and view the status log.
4- On the gateway, check $FWDIR/log/ips_update.elg for details.
5- Confirm the update applied with ips stat.
NEW QUESTION # 42
Task: Enable Threat Prevention debug mode for troubleshooting.
Answer:
Explanation:
See the Explanation.Explanation:
1- SSH into the Gateway.
2- Run: tecli debug on or pdp debug on.
3- Reproduce the issue.
4- View logs in $FWDIR/log/.
5- Disable debug mode: tecli debug off.
NEW QUESTION # 43
Task: Monitor if Anti-Bot is detecting lateral movement inside the network.
Answer:
Explanation:
See the Explanation.Explanation:
1- Use simulated internal bot communication in test lab.
2- Logs & Monitor > Filter blade:"Anti-Bot" and internal source/destination IPs.
3- Check behavior pattern logs, not just single IP detection.
4- Review communication timeline and triggered protections.
5- Use this to tune bot detection rules in the profile.
NEW QUESTION # 44
Task: Assign the custom profile to a Threat Prevention policy rule.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open Threat Prevention > Policy.
2- Add a new rule or edit an existing one.
3- In the Profile column, select Corporate_TP_Strict.
4- Set Track to Log and Action to Accept.
5- Publish and install the Threat Prevention policy.
NEW QUESTION # 45
Task: Enable DNS reputation protection under Anti-Bot in a custom profile.
Answer:
Explanation:
See the Explanation.Explanation:
1- Edit your custom Threat Prevention profile.
2- Under the Anti-Bot section, enable DNS Reputation.
3- Set to Prevent on High Confidence queries.
4- Ensure "Inspect DNS traffic" is enabled.
5- Save and apply the profile.
NEW QUESTION # 46
Task: Modify Anti-Bot to monitor C&C traffic only without blocking it.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open the custom profile in SmartConsole.
2- Under Anti-Bot, change all threat confidence levels to Detect.
3- Disable "Prevent" settings temporarily for testing.
4- Save the profile and apply to a staging policy rule.
5- Verify logs show detections without blocks.
NEW QUESTION # 47
Task: Enable Core Protections in an IPS profile.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open Threat Prevention > Profiles > Edit the desired profile.
2- Scroll to Core Protections and ensure it's enabled.
3- Set action for High and Medium confidence to "Prevent."
4- Choose performance impact level allowed (e.g., Basic or Extensive).
5- Save changes and publish.
NEW QUESTION # 48
Task: Clone an existing profile to use for mobile endpoints and modify AV scanning.
Answer:
Explanation:
See the Explanation.Explanation:
1- Go to Threat Prevention > Profiles.
2- Select the base profile (e.g., Optimized), right-click > Clone.
3- Name it Mobile_Profile.
4- Edit Anti-Virus settings to use Detect instead of Prevent for medium threats.
5- Save and assign to mobile VPN policy rule.
NEW QUESTION # 49
Task: Verify Anti-Virus scan mode is set to "Stream-Based" on the gateway.
Answer:
Explanation:
See the Explanation.Explanation:
1- In SmartConsole, go to Gateway > Threat Prevention tab.
2- Locate Anti-Virus scan mode settings.
3- Ensure "Stream-Based" is selected (not Hold-Mode).
4- If needed, change the scan mode and reinstall policy.
5- Verify with cpview under Threat Prevention section.
NEW QUESTION # 50
Task: Clone a built-in IPS profile and tailor it to internal services.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open Threat Prevention > Profiles.
2- Select "Optimized" > Right-click > Clone.
3- Rename it (e.g., "Internal_Services_Profile").
4- Disable protections unnecessary for internal traffic (e.g., HTTP-related).
5- Save, apply to Threat Prevention policy layer.
NEW QUESTION # 51
Task: Check the current IPS protection version on the Security Gateway.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open SmartConsole > Gateways & Servers.
2- Select the gateway and go to the "Threat Prevention" tab.
3- Note the IPS database version and timestamp.
4- On CLI: run ips stat to cross-verify.
5- Ensure version matches the latest published by Check Point.
NEW QUESTION # 52
Task: Tune a Threat Prevention profile by converting medium-confidence threats from Detect to Prevent.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open the profile in SmartConsole.
2- Under each blade (AV, AB, IPS), change Medium confidence action from "Detect" to "Prevent."
3- Save, publish, and install the policy.
4- Monitor post-deployment logs for increased blocks.
5- Revert individual settings if false positives increase.
NEW QUESTION # 53
Task: Validate the Threat Prevention policy is applied correctly to a Security Gateway.
Answer:
Explanation:
See the Explanation.Explanation:
1- Open SmartConsole > Threat Prevention > Policy.
2- Ensure the policy is assigned to the correct Gateway.
3- Publish and Install the policy.
4- SSH into the Gateway and run: fw stat to confirm active policy name.
5- Cross-verify that Threat Prevention blades are enforcing the loaded policy.
NEW QUESTION # 54
Task: Exclude IP ranges in custom profile by associating a Threat Prevention exception rule.
Answer:
Explanation:
See the Explanation.Explanation:
1- Go to Threat Prevention > Policy.
2- Add top rule: Source = IP Range to be excluded.
3- Assign a profile with minimal protections or disabled blades.
4- Place before general rules.
5- Confirm policy flow and matching logs.
NEW QUESTION # 55
Task: Simulate a malicious file download and validate AV detection.
Answer:
Explanation:
See the Explanation.Explanation:
1- In test environment, download EICAR test file.
2- Monitor logs: blade:"Anti-Virus" AND action:"Prevented".
3- Confirm file type, source IP, and destination file path.
4- Check associated protection name.
5- Ensure AV blade action is set to "Prevent."
NEW QUESTION # 56
Task: Enable HTTPS inspection for Threat Prevention profile to scan encrypted content.
Answer:
Explanation:
See the Explanation.Explanation:
1- Ensure HTTPS Inspection is enabled on gateway.
2- In the custom profile, enable Inspect HTTPS traffic under Anti-Virus and Anti-Bot.
3- Set CA certificate deployment for clients.
4- Save changes and install both TP and HTTPS inspection policies.
5- Validate detection using test HTTPS malware download.
NEW QUESTION # 57
......
Best Value Available! Realistic Verified Free 156-590 Exam Questions: https://torrentvce.pdfdumps.com/156-590-valid-exam.html