156-560: Check Point Certified Cloud Specialist (CCCS) Part 2
Question #: 21
Topic #: 1
Security Management Servers deployed in a cloud environment can manage which of the following gateways?
A. Physical Security Gateways and CloudGuard IaaS Security Gateways
B. Only CloudGuard IaaS Security Gateways
C. On-Prem Security Gateways and CloudGuard IaaS Security Gateways on multiple CSP’s
D. Only Security Gateways with the CloudGuard Controller installed
Selected Answer: C
———————————————————————-
Question #: 22
Topic #: 1
Which function do Load Balancers perform?
A. Trigger capacity on security gateways
B. To secure balance between private and public clouds
C. Direct Internet traffic to spoke networks
D. Restrict traffic loads between servers
Selected Answer: D
———————————————————————-
Question #: 23
Topic #: 1
Adding new Security Gateways as system load increases is an example of:
A. Vertical Scaling
B. Network Scaling
C. Horizontal Scaling
D. System Scaling
Selected Answer: C
———————————————————————-
Question #: 24
Topic #: 1
Automated Security Policy enforcement requires coordinated effort between the Security Management Server, the Security Gateway and:
A. CloudGuard Controller
B. The Cloud Service Provider
C. The Application Server
D. The SmartEvent Server
Selected Answer: A
———————————————————————-
Question #: 25
Topic #: 1
The best practice for CloudGuard Network deployments utilizes the Hub and Spoke model. Which of these statements is the most correct for this model?
A. All the security components including SMS, Northbound and Southbound Security Gateways and East-West VPN Gateways will all be deployed in one Hub
B. A Spoke can ONLY consist of a single virtual machine in a dedicated subnet shared between the VM and the Hub
C. All traffic that enters and exits each spoke must travel through a hub
D. The Hub and Spoke model is applicable ONLY to multi-cloud environments. The Hub includes all the Security Gateways in all cloud environments. Each Spoke includes all resources of a Data-Center in a single Cloud Environment
Selected Answer: C
———————————————————————-
Question #: 26
Topic #: 1
What is an alternative method to double NAT in Azure?
A. Scaling
B. System Routes
C. Peering
D. User Defined Routes
Selected Answer: D
———————————————————————-
Question #: 27
Topic #: 1
Which hub serves as the front end of the Workload that permits inbound web communications such as HTTP traffic from the Internet to reach spoke Workloads?
A. Web Hub
B. Southbound Hub
C. East-West Hub
D. Northbound Hub
Selected Answer: D
———————————————————————-
Question #: 28
Topic #: 1
Which of these Cloud Platforms support User Defined Routes (UDR) to force traffic destined for spoke networks to go through a network virtual appliance?
A. Amazon AWS
B. Google Cloud Platform
C. Amazon AWS and Google Cloud Platform
D. Microsoft Azure
Selected Answer: D
———————————————————————-
Question #: 29
Topic #: 1
To travel between spokes, non-transitive traffic uses ________ to allow IPv4 and IPv6 traffic to reach a spoke network.
A. a VTI
B. the Northbound hub
C. the Southbound hub
D. Peering
Selected Answer: D
———————————————————————-
Question #: 30
Topic #: 1
Check Point’s Public Cloud model is described as the following:
A. A Security Matrix Model
B. A Hub and Spoke Model
C. An Advanced Threat Tunnel Model
D. A Borderless Network Model
Selected Answer: B
———————————————————————-
Question #: 31
Topic #: 1
How many gateways are supported in a High Availability solution?
A. 3
B. 1
C. 2
D. 4
Selected Answer: C
———————————————————————-
Question #: 32
Topic #: 1
Which scripting language is used by CloudGuard to develop templates that automate Security Gateway deployments?
A. Perl
B. C++
C. JSON
D. Python
Selected Answer: C
———————————————————————-
Question #: 33
Topic #: 1
What do Workloads require to automate processes?
A. API
B. CLI
C. CSP Portal
D. Shell
Selected Answer: A
———————————————————————-
Question #: 34
Topic #: 1
What are the Automation tools?
A. API, CLI, Scripts, Shells and Templates
B. Terraform and Ansible
C. AMls
D. CloudFormation
Selected Answer: A
———————————————————————-
Question #: 35
Topic #: 1
Clouds use orchestration platforms to accomplish various deployment tasks. Which of the following is NOT one of those tasks?
A. Deploying environments with complex dependencies.
B. Deploying multiple data centers.
C. Deploying clustered applications.
D. Deploying endpoint security devices.
Selected Answer: D
———————————————————————-
Question #: 36
Topic #: 1
REST is an acronym for the following:
A. Representation of Security Traffic
B. Really Efficient Security Template
C. Representational State Transfer
D. Real Security Threat
Selected Answer: C
———————————————————————-
Question #: 37
Topic #: 1
Logging Implied rules, enabling Hit Count, and defining advanced VPN functions are all settings that are applied as:
A. Inline Layer
B. Global Properties
C. Policy Settings
D. Gateway Properties
Selected Answer: B
———————————————————————-
Question #: 38
Topic #: 1
What is a Security Zone?
A. A Security Zone is the subnet of each of the firewall’s interfaces. All other Spoke networks are peered with the Security Zone network.
B. A Cloud Service Provider (CSP) provides a network zone to deploy virtual security device. CloudGuard Security Gateways and Security Management Servers are deploying in this Security Zone so that they are protected from the rest of the world.
C. A Security Zone is a group of one or more network interfaces from different centrally managed gateways bound together and used directly in the Rulebase. It allows administrators to define the Security Policy based on network interfaces rather than IP addresses.
D. A Security Zone is the network in which the Security Management and SmartConsole are deployed. This can be in one of the Spoke networks on the Cloud or it can be in on-premise network
Selected Answer: C
———————————————————————-
Question #: 39
Topic #: 1
An organization is using an adaptive security policy where a Data Center Object was imported and used in some rules. When the cloud resource represented by this object changes it’s IP address, how will the change be effected on the Security Gateway?
A. If CloudGuard Controller is enabled on the Security Gateway, the gateway will connect with the Cloud account and synchronize all the Data Center Objects used on it.
B. With a properly functioning configuration, the change will automatically be done on the Security Gateway without any action required by the administrator.
C. The Data Center Object needs to be refreshed in the SmartConsole and then a policy install will be required.
D. The change is automatically updated to the Security Management Server and so only a policy install from SmartConsole or with API will be required.
Selected Answer: B
———————————————————————-
Question #: 40
Topic #: 1
Which of these is an example of Control Connections as accepted with implicit rules enabled from Global Properties?
A. Any TCP or UDP communication from the Primary SMS to any managed Security Gateway.
B. Communication with various types of servers, such as RADIUS, CVP, UFP, TACACS, LDAP and logical servers, even if these servers are not specifically defined resources in your Security Policy.
C. Cluster Control Protocol (CCP) communication between members of a Security Gateway Cluster.
D. Communication using any protocol that can be used to control a remote host machine e.g. SSH, Telnet, RDP, etc.
Selected Answer: C
