The SandBlast Agent is designed to  prevent malware from spreading within the network  if it enters an end user’s system. SandBlast Agent is a lightweight endpoint security solution that protects devices from advanced threats such as ransomware, phishing, zero-day attacks, and data exfiltration. SandBlast Agent uses various technologies such as behavioral analysis, anti-exploitation, anti-ransomware, threat emulation, threat extraction, and forensics to detect and block malware before it can harm the device or the network.  The other options are either not the main purpose or not the functionality of SandBlast Agent. 

The way SSL VPN and IPSec VPN are different is that IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only. SSL VPN and IPSec VPN are two types of VPN technologies that provide secure remote access to network resources over the internet. SSL VPN uses SSL/TLS protocol to establish an encrypted tunnel between the client and the server, and does not require any additional software or hardware on the client side. IPSec VPN uses IPSec protocol to establish an encrypted tunnel between the client and the server, and requires a dedicated virtual adapter on the client side to handle the IPSec traffic. The other options are either incorrect or not relevant to SSL VPN and IPSec VPN.

The Event List within the Event tab contains  events generated by a query . The Event List shows the events that match the query criteria, such as time range, filter, and aggregation.  The events can be sorted by different columns, such as severity, time, action, and source 3 . The other options are either not part of the Event tab or not related to the Event List. References:  Check Point R81 Logging and Monitoring Administration Guide

To fully enable Dynamic Dispatcher on a Security Gateway, you need to run the following command in Expert mode then reboot:

This command sets the multi-core mode to 9, which means that Dynamic Dispatcher is enabled without Firewall Priority Queues. Dynamic Dispatcher is a feature that optimizes the performance of Security Gateways with multiple CPU cores by dynamically allocating traffic to different cores based on their load and priority. Dynamic Dispatcher can improve the throughput and scalability of the Security Gateway, especially for traffic that is not accelerated by SecureXL. The other commands are not valid or do not enable Dynamic Dispatcher. References:  R81 Performance Tuning Administration Guide

The CPM process is the core process of the Security Management Server that handles all management operations. It listens to TCP-port 19009 by default.   References:  CPM process

Check Point Protect is a lightweight app that can be used to gather and analyze threats to your mobile device.  It provides real-time threat intelligence, device posture assessment, and secure browsing protection 3 . The other applications are either not designed for mobile devices, or do not offer threat analysis features. References:  R81 CCSA & CCSE exams released featuring Promo for… - Check Point … , Check Point Protect - Apps on Google Play

The valid range for VRID value in VRRP configuration is  1 - 255 . VRID stands for Virtual Router ID, and it is a number that identifies a virtual router in a VRRP cluster. A VRRP cluster consists of one or more routers that share a virtual IP address and provide redundancy and load balancing for network traffic. Each router in the cluster must have a unique VRID value, and the VRID value must match the VRID value configured on the interface that connects to the VRRP cluster.  The VRID value can be any number from 1 to 255, inclusive. 

The default commands that appear when right-clicking the IP address, source or destination, in an event in SmartEvent are ping, whois, nslookup, and Telnet. SmartEvent is a unified security event management solution that provides visibility, analysis, and reporting of security events across multiple Check Point products. SmartEvent has a feature that allows administrators to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands that can be executed on the IP address of the active cell. The default commands are ping, whois, nslookup, and Telnet. Ping is a command that tests the connectivity and latency between two hosts by sending packets and measuring the response time. Whois is a command that queries a database for information about the owner and registrar of a domain name or an IP address. Nslookup is a command that queries a DNS server for information about a domain name or an IP address, such as its IP address, name server, mail server, etc. Telnet is a command that establishes a remote connection to another host using the Telnet protocol. 

The CPD daemon is a Firewall Kernel Process that does not pull application monitoring status. The CPD daemon is responsible for Secure Internal Communication (SIC), restarting daemons if they fail, transferring messages between Firewall processes, and managing policy installation.   References:  CPD process

The command  cphaprob igmp  can be used to display the Multicast MAC address of a cluster.  This command shows the IGMP (Internet Group Management Protocol) information for each cluster interface, including the VRID (Virtual Router ID), the Multicast IP address, and the Multicast MAC address 3 . The other commands do not show the Multicast MAC address information. References:  Check Point R81 ClusterXL Administration Guide

 CPM process stores objects, policies, users, administrators, licenses and management data in a Postgres SQL database.  This database is located in  $FWDIR/conf  and can be accessed using the  pg_client  command 2 . The other options are not the correct database type for CPM. References:  Check Point R81 Security Management Administration Guide

 Check Point Management (cpm) is the main management process that provides the architecture for a consolidated management console. CPM allows the GUI client and management server to communicate via web services using TCP port 19009 by default.   References:  CPM process

SecureXL Templating is a feature that accelerates the processing of packets that belong to the same connection or session by creating a template for the first packet and applying it to the subsequent packets. SecureXL Templating is precluded by factors that prevent the creation of a template, such as source port ranges, encrypted connections, NAT, QoS, etc.   References:  SecureXL Mechanism