What is considered Hybrid Emulation Mode?
A. Manual configuration of file types on emulation location.
B. Load sharing of emulation between an on premise appliance and the cloud.
C. Load sharing between OS behavior and CPU Level emulation.
D. High availability between the local SandBlast appliance and the cloud.
In Hybrid mode (e.g EXE files configured for Public Cloud emulation and
other files for local emulation) on a existing gateway where TE blade is
enabled and forwarding traffic is configured for another dedicated local
emulation GW and ThreatCloud
so answer is A
I think it’s A
CCSE book:
In a hybrid solution, OS-level sandboxing and CPU-level detection work together in both private and public cloud infrastructures. Administrators can choose which files to emulate locally in the SandBlast appliance or in the public SandBlast Cloud.
…
In a hybrid solution, the Threat Prevention tasks are distributed as follows:
• Check Point Security Gateways perform traditional Next Generation Threat Prevention duties (Anti-Bot, Antivirus, and Anti-Spam) and also act as an MTA to hold emails.
• Threat Extraction can happen either at the Security Gateway or SandBlast appliance.
• Threat Emulation with OS-level sandboxing and CPU-level detection happens either with SandBlast appliance or SandBlast Cloud.
Well,
as written in the Sandblast PoC Guide 10.3
“7.4.3 Hybrid mode
Enabling all images for Threat Emulation on a Sandblast appliance for higher detection rate may have high
performance impact. You can consider emulating specific (non-personal) files like EXE in Threat Cloud.
Therefore the gateway or Sandblast appliance needs an additional TE Cloud license/subscription.”
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/taiwan/422/1/Check%20Point%20Sandblast%20PoC%20Guide%20v91.pdf
Answer “B” is most likely correct