Explanation: SandBlast Mobile Protect is an application that provides comprehensive protection for mobile devices against cyber threats. SandBlast Mobile Protect is a lightweight app that does not affect the device performance or battery life. It monitors network traffic, device behavior, and installed apps to detect and prevent attacks such as phishing, malware, ransomware, botnets, and man-in-the-middle5. SandBlast Mobile Protect also integrates with Check Point’s ThreatCloud intelligence network to provide real-time threat information and updates6. Therefore, the correct answer is B.

Explanation: From SecureXL perspective, the three paths of traffic flow are Firewall Path, Accelerated Path, and Medium Path. Firewall Path is the path that handles packets that are not processed by SecureXL and are sent to the Firewall kernel for inspection. Accelerated Path is the path that handles packets that are processed by SecureXL and bypass the Firewall kernel. Medium Path is the path that handles packets that are partially processed by SecureXL and partially by the Firewall kernel1. References: Check Point R81 Performance Tuning Administration Guide

Explanation: Capsule Connect is a full layer 3 VPN client that provides secure and seamless remote access to corporate networks from iOS and Android devices. It supports all VPN authentication methods, such as certificates, passwords, tokens, and challenge-response. It also supports split tunneling and seamless roaming. References: Capsule Connect Datasheet, Capsule Connect Administration Guide

Explanation: By default, the R81 web API uses JSON as the content-type in its response. JSON stands for JavaScript Object Notation and is a lightweight data-interchange format that is easy to read and write. XML, Java Script, and Text are not the default content-types for the R81 web API. References: : Check Point Software, Getting Started, Web API; : JSON.org, Introducing JSON.

Explanation: The “sim affinity -I” command is a command that displays the affinity distribution of the Security Gateway’s interfaces. Affinity distribution is the assignment of CPU cores to handle the traffic from different interfaces. The “sim affinity -I” command shows the following information for each interface:

The interface name, such as eth0, eth1, etc.
The interface index, such as 0, 1, 2, etc.
The interface type, such as physical, bond, VLAN, etc.
The interface state, such as up or down
The interface speed, such as 1000 Mbps, 10000 Mbps, etc.
The interface MTU, such as 1500, 9000, etc.
The interface MAC address, such as 00:11:22:33:44:55
The interface IP address, such as 192.168.1.1, 10.0.0.1, etc.
The interface affinity mask, such as 0x00000001, 0x00000002, etc. The affinity mask is a hexadecimal value that represents the CPU cores that are assigned to handle the traffic from the interface. For example, 0x00000001 means that only CPU core 0 is assigned, 0x00000003 means that CPU cores 0 and 1 are assigned, and so on.
The “sim affinity -I” command can help you to monitor and optimize the performance of your Security Gateway by showing you how the traffic load is distributed among the CPU cores. You can also use the “sim affinity” command with other options to change the affinity settings of the interfaces or the firewall instances. For more information, you can refer to the Check Point R81.20 (Titan) Resolved Issues and Enhancements1 or the Solved: Sim Affinity - Check Point CheckMates2.

Explanation: Threat Emulation downloads packages by default once per day. The packages contain updates for the Threat Emulation engine, signatures, and images. The download frequency can be changed in the Threat Prevention policy settings. References: Threat Emulation Administration Guide, Threat Prevention R81 Release Notes