CCCS EXAM TO PASS

CCCS EXAM TO PASS

CCCS EXAM TO PASS

Imagem de perfil user: F11
F11

Anúncios

1

Adaptive Security Policies allow the deployment of new cloud based resources without

Changing the cloud environment
Installing New Policies
Paying for new resources
Installing New Applications
2

Adding new Security Gateways as system load increases is an example of __________

Horizontal Scaling
Vertical Scaling
Network Scaling
System Scaling
3

Which autoscaling method requires the VM to temporarily shut down while it processes system modification?

Vertical Scaling
Both Vertical and Horizontal Scaling
Neither autoscaling method requires the VM to
Horizontal Scaling
4

Which function do Load Balancers perform?

Restrict traffic loads between servers
Direct internet traffic to spoke networks
Trigger capacity on security gateways
To secure balance between private and public cloud
5

A utility that allows integration between SMS, the CloudGuard Network Solution, and CSPs, allowing the SMS to monitor and control scaling solutions in their associated cloud environments is called

CloudGuard Controller (CC)
CloudGuard Controller and Enforcer (CCE)
CloudGuard Scanner and Enforcer (CSE)
CloudGuard Management Extension (CME)
6

CloudGuard uses several management tools to create and manage Security Policies. Which is NOT one of those tools?

SmartConsole
CloudGuard Controller
CLI
Gaia Portal
7

Which Security Gateway function inspects cloud applications and workload resources for malicious activity?

Identity Awareness
Threat Prevention
Access Control
Application Control
8

Which of these Cloud Platforms support User Defined Route (UDR) to force traffic destined for spoke networks to go through a network virtual appliance?

Microsoft Azure
Amazon AWS
Google Cloud Platform
Amazon AWS and Google Cloud Platform
9

The best practice for CloudGuard Network deployments utilizes the Hub and Spokes Model.Which of these statements is the most correct for this model.

All traffic that enters and exits each spoke must travel through a hub.
All the security components including SMS, Northbound and Southbound Security Gateways and East-West VPN Gateways will be deployed in one Hub.
A Spoke can ONLY consist of a single virtual machine in a dedicated subnet shared between the VM and the Hub.
The Hub and Spoke model is applicable ONLY to multi-cloud environments. The Hub includes all the Security Gateways in all cloud environment. Each Spoke includes all resources of a Data Center in a single Cloud Environment.
10

Check Point's Public Cloud model is described as the following

A Borderless Model
A Hub and Spoke Model
An Advanced Threat Tunnel Model
A Security Matrix Model
11

Which is not a deployment method for CloudGuard solutions using

Terraform
Shell
CLI
CPS Portal
12

What is an alternative method to double NAT in Azure?

User Defined Routes
Scaling
System Routes
Peering
13

To travel between spokes, non-transitive traffic uses ________ to allow IPv4 and IPv6 traffic to reach a spoke network

the Southbound hub
the Northbound hub
a VTI
Peering
14

One of the limitations in deploying Check Point CloudGuard Cluster High Availability is that:

VMAC mode is mandatory for all cluster interfaces
High Availability configurations support only three Security Gateway members
State synchronization is required and must be done ONLY on a dedicated link
High Availability configurations support only two Security Gateway Members
15

Which APIs are used by Public clouds and Hybrid clouds to support the interactions between cloud resources, on-premises equipment, scripts, orchestration playbooks and CloudGuard Network cloud resources, on-premise equipment, scripts.

CloudGuard Management Extension API (CME-API)
CloudGuard Controller API (CG-API)
Representational State Transfer (REST) APIs
Cloud Security Posture Management (CSPM)
16

Which scripting language is used by CloudGuard to develop templates that automate Security Gateway deployments?

JSON
Perl
C++
Python
17

REST is an acronym for the following

Representational State Transfer
Representation of Security Traffic
Real Security Threat
Really Efficient Security Template
18

Which one of the following is part of the Orchestration Playbook process for creating a new spoke and an automated Security Gateway?

Vertical scaling
Communication with the OS
Transfer of resources to a VPN
An event trigger
19

What are the Automation tools?

API, CLI, Scripts, Shells and Templates
Terraform and Ansible
CloudFormation
AMls
20

Which of these is true of the CloudGuard Controller?

CloudGuard Controller maintains visibility of the protected cloud environment
CloudGuard Controller manually updates SmartConsole security tads and API connections
CloudGuard Controller only displays cloud-based Security Gateway objects
CoudGuard Control statically .denies Cloud resources created within a single cloud or a multi-cloud environment.
21

What does the Adaptive Security Policy involve to import the Data Center Objects?

CloudGuard API
CloudGuard Controller
CloudGuard Gateway
CloudGuard Access Control
22

Logging Implied rules, enabling Hit Count and defining advanced VPN functions are all settings that are applied as

Global Properties
Inline Layer
Policy Settings
Gateway Properties
23

What are two basic rules Check Point recommends for building an effective policy?

Access and Identity Rules
Cleanup and Stealth Rule
VPN and Admin Rules
Implicit and Explicit Rules
24

What is the key component in securing and managing any environment?

Security Management Server
Security Policy
Security Access
Security Gateway
25

What can Data Center Objects represent?

Cloud Data Center. Tags, subnets, or hosts
vNets. VPCs or Network Security Groups
Compute. Regions or Availability Zones
Public IP. Private IP NAT or IAM roles
26

An organization is using an adaptive security policy where a Data Center Object was imported and used in some rules. When the cloud resource represented by this object changes it's IP address, how will the change be effected on the Security Gateway

If CloudGuard Controller is enabled on the Security Gateway, the gateway will connect with the Cloud account and synchronize all the Data Center Objects used on
The Data Center Object needs to be refreshed in the SmartCansoIe and then a policy install will be required
The change is automatically updated to the Security Management Server and so only a policy install from SmartConsole or with API will be required
With a property functioning configuration, the change will automatically be done on the Security Gateway without any action required by the administrator
27

What can a Security Admin do in a situation where collecting additional log file information to examine a CloudGuard Controller issue is required?

Set the operation to TRACE to collect more data.
Verify connectivity between the SMS and the SDDC.
Search for the information in the objects database.
Execute a debug on the SMS
28

Deployment of a Security Gateway was initiated on AWS using a CloudFormation Template available through sk111013. The deployment process, after a while failed and rolled back. What could be the probable cause of this failure and roll back?

The Security Management Server that will be managing the Security Gateway had a lower version
The specific software being deployed was not subscribed to in the AWS Marketplace Subscriptions
The template used was for some cloud platform other than AWS
The web browser used to run the template was not compatible
29

To troubleshoot CloudGuard Controller, administrators can execute the following command:

cloudguard off
cloudguard on
cloudguard security
cloudguard troubleshoot
30

Where are the api logs found on the Security Management Server?

/opt/log/api.elg
/var/log/api.elg
/var/tmp/api.elg
$FWDIR/Iog/api.elg
31

Which command will enable the CloudGuard Controller services on the Security Management Server?

set cgcontroller on
controller on
cloudguard on
set cgcontroller state on
32

The Security Administrator needs to reconfigure the API server, which command would need to

api restart
api reboot
api reconf
api reconfig
33

How does the Cloud Security Posture Management (CSPM) service deliver intelligence threat feeds, enforce compliance policies, and apply security enhancement to the environment.

The Cloud Security Posture Management (CSPM) does this by using REST APIs
The Cloud Security Posture Management (CSPM) does this by using SIC connections on the cloud
The Cloud Security Posture Management (CSPM) does this by .usingSSH and microagents
The Cloud Security Posture Management (CSPM) does this by using the SOAP protocol and XML
34

Cloud Security Posture Management uses CloudBots to assist with________________.

automatic compliance remediation
cloud account configurations and data flows
securing IAM account credentials.
identifying where the organization's security posture need:
35

Which CloudGuard security platform enables organizations to view and access their security posture, find cloud misconfigurations, and enforce best practices?

CloudGuard Security Posture Management
CloudGuard laaS Public Cloud Solution
CloudGuard SaaS
CloudGuard laaS Private Cloud Solution
36

When Cloud Security Posture Management discovers non-compliant cloud resources, CloudBot applications perform automated remediation's to correct any violations. How true is this statement?

This is not true, Cloud Security Posture Management (CSPIU) can only report non-compliance and cannot remediate by itself
This is true, however it requires Full Protection access to the Cloud Account to perform automated remediation
This is not true because CloudBot applications are used to provide chat service to respond to non-compliance alerts
This is partially true, however the automated remediation is not done by CloudBot applications but it is done by the Security Management Server
37

Once the Deployment finishes, Cloud Security Posture Management applies default network security posture that does what?

Minimizes the risks of external threats by blocking access to services and ports
Minimizes the risk of external threats by blocking access to high risk sites and external users
Minimizes the risk of external threats by blocking accessed to the internet
Minimizes the risk of external threats by blocking access to all internal resources
38

Introduction to Cloud Security Posture Management uses which of the following to connect, communicate, and collect information from cloud accounts and third party tools?

APIs
SmartConsole
HTML
CLI
39

Cloud Security Posture Management (CSPM) operates as which type of service based platform?

PaaS
SaaS
laaS
CaaS
40

What platform provides continuous compliance and governance assessments that evaluate public infrastructure according to industry standards and best practices?

CloudGuard laaS Private Cloud
Cloud Security Posture Management
CloudGuard laaS Public Cloud
CloudGuard SaaS
41

After the cloud acquisition process finishes. Cloud Security Posture Security module secures access to cloud environments by performing controls access to cloud environments by performing the following tasks: Visualizes Security Policies in cloud environments, control access to protected cloud assets with short-term dynamic access leases, and______________.

Deploys new internal cloud resources
Deploys new management resources
Automatically Installs Policies
Manages Network Security Groups
42

Cloud Security Posture Management uses which one of the following to integrate with cloud accounts?

IAM account credentials
Security Objects
SDDC
CloudGuard Controller
43

Cloud Security Posture Management operational modes for cloud accounts are:

Read Only, Full Protection, Region Lock
Read Only, Read/Write, Region Lock
Read Only, Read/Write, Full Protection
Read/Write, Partial Protection, Full Protection
44

Where can I find solution templates for Azure?

In a special Azure page
On the market place
In a search on the Internet
At the relevant SK
45

How is CloudGuard for Azure licensed in PAYG (Pay As You Go) mode?

Per Socket
Per Gateway
Per hour based on resources consumed
Per vCore
46

Can you configure Micro segmentation (control traffic inside a subnet) on Azure?

Yes, via UDR
No. Micro segmentation is not supported on Azure
Yes, via System Routes
Yes, via routes on vNet
47

According to best practices what would be the best way to install a Check Point cluster on AWS?

From AWS Market Place
Following the instruction from the relevant Check Point SK
With PowerShell
From AWS Console
48

What is public cloud?

Computing environment dedicated to one company
Computing environment with limited resources
Computing environment located over the internet
A shared computing environment
49

Which software blades (Check Point features) are not are not supported in AWS?

Mobile Access (SSLVPN)
All Check Point blades are supported
IPS
VPN blade
50

How does micro-segmentation create boundaries and provide network segmentation for CloudGuard?

It creates borders within the cloud's perimeter to protect the major inbound and outbound traffic intersections.
It applies a Security Gateway that enforces firewall policies to accept legitimate network traffic flows and deny unauthorized traffic
It places inspection points between different applications, services, and single hosts within the same network segment.
Micro-segmentation does not create boundaries.
51

On Azure, can you deploy a Check Point Standalone installation (Management + GW)?

Yes, via solution template / PowerShell / Marketplace
No. it is not supported
Yes, via GitHub only
Yes. via PowerShell only
52

How many AWS Internet gateways can you define in AWS?

One per VPC
One per Region
Two per VPC
Unlimited
53

How is CloudGuard for Azure licensed in BYOL (Bring your own license) mode?

Per usage
Per Gateway
Per vCore
Per Socket
54

Can you configure NAT for internal VM's on the Check Point Gateway in AWS?

No, the public IPs are defined directly on the in
Yes, you can add public IP's to the Check Point
No. ail the NAT is being done by the ELB
Yes, the NAT is only defined for internal LB
55

What is the CloudGuard solution?

Check Point solution for public cloud
Check Point solution for private and public cloud
Check Point virtual gateway
Check Point solution for private cloud
56

When using system routes and user defined routes in Azure, which takes precedent?

The newest route takes precedent
The system route always takes precedent
The user defined route takes precedent
The most specific route takes precedent
57

Which is not a responsibility of the Customer?

Infrastructure Patching and Configuration
Service, Communication, and Data Security
Guest OS and Application Patching and Configuration
Customer Employee Training
58

What is the primary difference between Vertical and Horizontal autoscaling?

Vertical scaling is linear and horizontal scaling goes across.
Vertical scaling requires a virtual machine to completely shut down as opposed to horizontal scaling transferring resources without having to power down the VM.
Vertical scaling doesn't require moving resources but horizontal scaling does.
Vertical scaling is automatic and horizontal scaling is manual.
59

What part of the Secure Public Cloud Blueprint may be housed in on-premises equipment?

Security Gateway
Security Management Server
Peering Connection
Application Server
60

Which utility allows integration between the Check Point Security Management Server, the CloudGuard Network solution, and the CSPs?

CloudGuard Controller
Elastic Licensing
CloudGuard Management Extension
Maestro
61

Security Management Servers deployed in a cloud environment can manage which of the following gateways?

On-Prem Security Gateways and CloudGuard IaaS Security Gateways on multiple CSP's
Physical Security Gateways and CloudGuard IaaS Security Gateways
Only CloudGuard IaaS Security Gateways
Only Security Gateways with the CloudGuard Controller installed
62

Automated Security Policy enforcement requires coordinated effort between the Security Management Server, the Security Gateway and:

CloudGuard Controller
The Cloud Service Provider
The SmartEvent Server
The Application Server
63

How many gateways are supported in a High Availability solution?

2
4
3
1
64

What do Workloads require to automate processes?

API
CLI
CSP Portal
Shell
65

Clouds use orchestration platforms to accomplish various deployment tasks. Which of the following is NOT one of those tasks?

Deploying clustered applications.
Deploying multiple data centers.
Deploying environments with complex dependencies.
Deploying endpoint security devices.
66

What is a Security Zone?

A Security Zone is the network in which the Security Management and SmartConsole are deployed. This can be in one of the Spoke networks on the Cloud or it can be in on-premise network
A Security Zone is a group of one or more network interfaces from different centrally managed gateways bound together and used directly in the Rulebase. It allows administrators to define the Security Policy based on network interfaces rather than IP addresses.
A Security Zone is the subnet of each of the firewall's interfaces. All other Spoke networks are peered with the Security Zone network.
A Cloud Service Provider (CSP) provides a network zone to deploy virtual security device. CloudGuard Security Gateways and Security Management Servers are deploying in this Security Zone so that they are protected from the rest of the world.
67

In Amazon Web Services, what is the level of segmentation you can achieve?

VM to VM (micro segmentation) and Internet to VPC
VPC to VPC and VM to VM (micro segmentation)
VPC to VPC only
Internet to VPC, VPC to VPC and Subnet to Subnet
68

Can you change the Check Point prepared solution templates for Azure to fit your needs?

Yes you can
Yes but only the number vNics
No, Check Point policy forbids the change of the templates
No, altering the solution template is forbidden by Azure
69

On Azure, can you deploy a Check Point Standalone installation (Management + GW)?

Yes, via solution template / PowerShell / Marketplace
No, it is not supported
Yes, via GitHub only
Yes, via PowerShell only
70

Which of the following is the Customer's Responsibility in the shared responsibility model used in the cloud?

Customer Employee Training
Infrastructure Configuration
Infrastructure Patching
Physical and Environment Controls
71

Which of the following is a common limitation of cloud platforms?

Identity and Access Management
Packet Forwarding
Network address translations
Custom Route Tables
72

Which Pillar includes the following principals? - Experiment more often - Go Global in minutes - Use serverless architectures

Performance Efficiency
Reliability
Operational Excellence
Cost Optimization
73

The ability to support development and run workloads effectively is commonly called:

Operational Excellence
Performance Efficiency
Cost Optimization
Reliability
74

The framework for cloud security consists of five basic components, or pillars Making small, reversible changes is a design principle of which of these five pillars?

Performance Efficiency
Reliability
Operational Excellence
Cost Optimization
75

The Administrators ability to protect data, systems, and assets While taking advantage of cloud technologies is commonly called

Performance Efficiency
Operational Excellence
Cost Optimization
Security
76

What is Operational Excellence?

The ability to support development and run workloads effectively
The ability of a Workload to function correctly and consistently in all expected
In terms of the cloud, security is about architecting every workload to prevent
The ability to use cloud resources efficiently for meeting system requirements, and maintaining that efficiency as demand changes and technologies evolve
77

What is Reliability according to the Five Pillars?

In terms of the cloud, security is about architecting every workload to prevent.
The ability to support development and run workload effectively
The ability to use cloud resources efficiently for meeting system requirements, and maintaining that efficiency as demand changes and technologies evolve
The ability of a Workload to function correctly and consistently in all expected.
78

Which is not a Pillar of the Framework for the Cloud?

Cost Optimization
Scalability
Reliability
Performance Efficiency
79

When choosing PAYG (Pay As You Go) licensing in AWS, it is provided:

Directly with Check Point
Via specific dedicated channels
Through the regular Check Point channels
At the marketplace
80

Which solution delivers a software platform for public cloud security and compliance orchestration?

CloudGuard Network Private
CloudGuard SaaS
CloudGuard Network Public
Cloud Security Posture Management
81

Which language can be used by users of Cloud Security Posture Management to create custom Security Policies?

JavaScript Object Notation (JSON)
Posture Management Language (PML)
eXtensible Markup Language (XML)
Governance Specific Language (GSL)
82

When using Data Center Objects in a policy and the objects are not updating, what are two steps we can check?

1. Reboot the Security Management Server and 2. restart the api process with 'api restart'
1. Verify process is running with 'cloudguard on' and 2. 'test communication' button the Data Center Server object
1. Verify process is running with 'cloudguard on' and 2. restart the api process with 'api restart'
1. Reboot the Security Management Server and 2. restart the cloudguard process with 'cloudguard on'
83

Which log file should an administrator gather to expedite the diagnosis of a CloudGuard Controller issue?

$DADIR/logs/controller_proxy.elg
$CPDIR/logs/cloud.elg
$FWDIR/logs/cloud_controller.elg
$FWDIR/logs/cloud_proxy.elg
84

Which hub serves as the front end of the Workload that permits inbound web communications such as HTTP traffic from the Internet to reach spoke Workloads?

East-West Hub
Southbound Hub
Web Hub
Northbound Hub
85

What are the languages supported for Cloud Templates?

JSON and YAML
JSON and Python
YAML and Python
Python and PERL
86

One of the five pillars of the framework for cloud security is 'Performance Efficiency'. The design principles of Performance Efficiency include:

Go Global in minutes / Use serverless architectures
Automatically recover from failure / Test recovery procedures
Apply security at all layers / Automate security best practices
Adopt a consumption model / Measure overall efficiency
87

What is Cost Optimization?

The ability to support development and run workloads effectively
The ability of a Workload to function correctly and consistently in all expected
The ability of the system to deliver business value at the lowest cost point
In terms of the cloud, security is about architecting every workload to prevent
88

Which is not a cloud component?

VLAN
Marketplace
Identity and Access Management
Compute
89

What is Performance Efficiency?

The ability to support development and run workloads effectively
The ability to use cloud resources efficiently for meeting system requirements, and maintaining that efficiency as demand changes and technologies evolve
In terms of the cloud, security is about architecting every workload to prevent
The ability of a Workload to function correctly and consistently in all expected
90

What is Cloud Security according to the Five Pillars?

In terms of tie cloud, security is about architecting every workload to prevent
The ability to use cloud resources efficiently for meeting system requirements, and maintaining that efficiency as demands changes and technologies evolve
The ability to support development and run workloads effectively
The ability of a Workload to function correctly and consistently in all expected
91

In a CloudGuard deployment, what does the acronym IAM stand for?

Identity and Access Management
Information and Adaptability Measures
IP Address Management
Instant Access Management
92

Which cloud components specify the Workloads associated with traffic and tell load balancers which Workloads are members of the same group?

Health Checks
Target Groups
Listening Rules
Dynamic assignment
93

Which pricing model gives administrators the ability to deploy devices as needed without the need to purchase blocks of vCore licenses?

Central licensing
Bring Your Own License
Pay As You Go
Local licensing
94

The integration of cloud resources into the Security Policy requires establishing a secure connection between_________________

The SDDC and CloudGuard Security Gateways.
The SDDC, CloudGuard Security Gateways, and the Security Management Server
The SDDC and the Security Management Server
CloudGuard Security Gateways and the Security Management Server
95

What is vertical scaling?

Tunes the environment up and down according to the resource capacity needs
Tunes the environment by automatically adding or removing resource to the SDN
Tunes the environment by manually adding or removing resource to an SDDC
Scaling method that does not require a system shutdown to add or remove resources
96

Which software blade provides forensic analysis tools?

SmartEvent Blade
Logging Blade
Identity Awareness Blade
Monitoring Blade
97

Which of these is an example of Control Connections as accepted with implicit rules enabled from Global Properties?

Communication using any protocol that can be used to control a remote host machine e.g. SSH, Telnet, RDP, etc.
Communication with various types of servers, such as RADIUS, CVP, UFP, TACACS, LDAP and logical servers, even if these servers are not specifically defined resources in your Security Policy.
Any TCP or UDP communication from the Primary SMS to any managed Security Gateway.
Cluster Control Protocol (CCP) communication between members of a Security Gateway Cluster.
98

What tool can prevent intruders from using altered packet IP Addresses to gain access to internal network resources?

Scavenging
Default Rules
Security Zones
Anti-Spoofing
99

The Cloud Security Posture Management platform uses REST API calls to carry out the following procedures EXCEPT:

Run the compliance engine and Security Policy groups
Manage locking and unlocking cloud-based Security Groups and regions
Remediate non-compliant cloud resources with Cloudbots
Deploy agents to each resource in each region
100

On Public Cloud, what is included in the BYOL (Bring your own license) package?

Perpetual licenses for Software only
1 year subscription includes: Software, Services & Support
1 year subscription for Services & Support
Perpetual licenses for Software & Services
Quizur Logo

Siga nossas redes sociais:

Incorporar

Para incorporar este quiz ao seu site copie e cole o código abaixo.