156-590 Leak Questions

The correct answer is B. Update Now, Schedule Update, Follow Protections . Check Point IPS protection maintenance includes manual updating, scheduled updating, and a follow-up workflow for newly updated protections. The official IPS Protections documentation explains that administrators can immediately update IPS from Custom Policy Tools > Updates > IPS > Update Now , and that IPS protections can also be updated by configuring a schedule for automatic downloads. It also notes that IPS updates require Threat Prevention Policy installation for enforcement.

The same IPS Protections section describes Follow Up behavior for protections: administrators can mark protections for follow-up, filter on them later, and updated protections can be automatically marked for follow-up so they can be reviewed after update. In the course-question wording, this maps to “Follow Protections.” The purpose is operational control: update now provides immediate package retrieval, scheduled update automates routine maintenance, and follow protections gives administrators a practical workflow to review newly added or changed IPS protections. The other options either use non-standard names or omit the protection-review workflow. Reference topics: IPS Protections, Update Now, Scheduling IPS Updates, Follow Up Protections, Threat Prevention Policy installation.

The correct answer is A. Block List files - Configure disallowed files . Custom Policy Tools are used to manage Threat Prevention objects and enforcement helpers under the Threat Prevention policy view. A Block List file is used to define files that should be treated as disallowed, blocked, or explicitly malicious/undesired according to the policy objective. This is the opposite of the Allow List, which Check Point documents as a list of trusted files that the Threat Prevention engine does not inspect for malware, viruses, and bots, helping reduce gateway resource utilization. The official guide shows Allow List Files under Threat Prevention > Custom Policy Tools > Allow List Files .

Option A is therefore the correct true statement because it accurately describes the role of block-list file handling. Option B sounds plausible but is not the tested correct statement in this question’s answer key; the course item is specifically validating the Block List definition. Option C is incorrect because indicators are not “benign activity”; indicators usually represent observables such as IPs, domains, URLs, or hashes used for threat intelligence or enforcement. Option D is incorrect because profiles are not only available for Autonomous Threat Prevention; Custom Threat Prevention also uses profiles such as Basic, Optimized, and Strict. Reference topics: Custom Policy Tools, Block List Files, Allow List Files, Indicators, Threat Prevention Profiles.

The correct answer is C. CIFS . Check Point Anti-Virus scans file-transfer and content-bearing protocols, not arbitrary management or terminal protocols. The official Anti-Virus settings documentation lists the protocols Anti-Virus can scan as Web HTTP/HTTPS , FTP , SMB , and Mail SMTP or POP3 , with additional support for IMAP and POP3.

CIFS is closely associated with Microsoft file sharing and the SMB protocol family. In the exam context, CIFS maps to the file-sharing traffic class that Anti-Virus can inspect through SMB scanning. This is why CIFS is the correct option. Remote Desktop is an interactive remote-control protocol, not a file-inspection protocol for Anti-Virus scanning in this question. SNMP is a monitoring and management protocol and does not normally carry files for malware inspection. Telnet is an interactive terminal protocol and is not an Anti-Virus file-scanning protocol. The certification distinction is that Anti-Virus inspection focuses on files and content objects crossing supported protocols, especially web downloads, FTP transfers, SMB/CIFS file access, and mail attachments. Reference topics: Anti-Virus Settings, protocol scanning, SMB/CIFS inspection, file-transfer inspection, Threat Prevention protected scope.

The correct answer is B. Intrusion Prevention System . In Check Point terminology, IPS is the Software Blade responsible for inspecting and analyzing packets and data for numerous risk types. The official Check Point Threat Prevention documentation identifies IPS as Intrusion Prevention System and describes IPS protections as part of the Threat Prevention Software Blade framework.

IPS is more than a simple signature engine. It provides vulnerability-oriented and exploit-oriented protections, including protections mapped to CVEs, protocol anomalies, command injection patterns, server-side attacks, client-side attacks, and other known or unknown exploitation behaviors. Check Point also describes IPS as delivering proactive intrusion prevention with thousands of signatures, behavioral protections, and preemptive protections, adding another layer of security above firewall enforcement.

The incorrect options misuse the term “Invasion” or replace “System” with “Software.” Although IPS is implemented as a Check Point Software Blade, the acronym itself expands to Intrusion Prevention System . In policy design, IPS is treated as a pre-infection prevention capability that stops exploitation before compromise, rather than as a post-infection malware-detection control. Reference topics: IPS Software Blade, Intrusion Prevention System definition, IPS protections, CVE-based protections, proactive intrusion prevention.