Check Point Certified Cloud Specialist (CCCS) v1.0

Page:    1 / 9   
Exam contains 121 questions
Expand All

How many gateways are supported in a High Availability solution?

  • A. 3
  • B. 1
  • C. 2
  • D. 4


Answer : C

Which scripting language is used by CloudGuard to develop templates that automate Security Gateway deployments?

  • A. Perl
  • B. C++
  • C. JSON
  • D. Python


Answer : D

What do Workloads require to automate processes?

  • A. API
  • B. CLI
  • C. CSP Portal
  • D. Shell


Answer : A

What are the Automation tools?

  • A. API, CLI, Scripts, Shells and Templates
  • B. Terraform and Ansible
  • C. AMls
  • D. CloudFormation


Answer : B

Clouds use orchestration platforms to accomplish various deployment tasks. Which of the following is NOT one of those tasks?

  • A. Deploying environments with complex dependencies.
  • B. Deploying multiple data centers.
  • C. Deploying clustered applications.
  • D. Deploying endpoint security devices.


Answer : D

REST is an acronym for the following:

  • A. Representation of Security Traffic
  • B. Really Efficient Security Template
  • C. Representational State Transfer
  • D. Real Security Threat


Answer : C

Logging Implied rules, enabling Hit Count, and defining advanced VPN functions are all settings that are applied as:

  • A. Inline Layer
  • B. Global Properties
  • C. Policy Settings
  • D. Gateway Properties


Answer : B

What is a Security Zone?

  • A. A Security Zone is the subnet of each of the firewall’s interfaces. All other Spoke networks are peered with the Security Zone network.
  • B. A Cloud Service Provider (CSP) provides a network zone to deploy virtual security device. CloudGuard Security Gateways and Security Management Servers are deploying in this Security Zone so that they are protected from the rest of the world.
  • C. A Security Zone is a group of one or more network interfaces from different centrally managed gateways bound together and used directly in the Rulebase. It allows administrators to define the Security Policy based on network interfaces rather than IP addresses.
  • D. A Security Zone is the network in which the Security Management and SmartConsole are deployed. This can be in one of the Spoke networks on the Cloud or it can be in on-premise network


Answer : C

An organization is using an adaptive security policy where a Data Center Object was imported and used in some rules. When the cloud resource represented by this object changes it’s IP address, how will the change be effected on the Security Gateway?

  • A. If CloudGuard Controller is enabled on the Security Gateway, the gateway will connect with the Cloud account and synchronize all the Data Center Objects used on it.
  • B. With a properly functioning configuration, the change will automatically be done on the Security Gateway without any action required by the administrator.
  • C. The Data Center Object needs to be refreshed in the SmartConsole and then a policy install will be required.
  • D. The change is automatically updated to the Security Management Server and so only a policy install from SmartConsole or with API will be required.


Answer : C

Which of these is an example of Control Connections as accepted with implicit rules enabled from Global Properties?

  • A. Any TCP or UDP communication from the Primary SMS to any managed Security Gateway.
  • B. Communication with various types of servers, such as RADIUS, CVP, UFP, TACACS, LDAP and logical servers, even if these servers are not specifically defined resources in your Security Policy.
  • C. Cluster Control Protocol (CCP) communication between members of a Security Gateway Cluster.
  • D. Communication using any protocol that can be used to control a remote host machine e.g. SSH, Telnet, RDP, etc.


Answer : C

What does the Adaptive Security Policy involve to import the Data Center Objects?

  • A. CloudGuard API
  • B. CloudGuard Controller
  • C. CloudGuard Access Control
  • D. CloudGuard Gateway


Answer : B

What are two basic rules Check Point recommends for building an effective policy?

  • A. Cleanup and Stealth Rule
  • B. VPN and Admin Rules
  • C. Implicit and Explicit Rules
  • D. Access and Identity Rules


Answer : C

What tool can prevent intruders from using altered packet IP Addresses to gain access to internal network resources?

  • A. Anti-Spoofing
  • B. Security Zones
  • C. Default Rules
  • D. Scavenging


Answer : A

Which log file should an administrator gather to expedite the diagnosis of a CloudGuard Controller issue?

  • A. $CPDIR/logs/cloud.elg
  • B. $DADIR/logs/controller_proxy.elg
  • C. $FWDIR/logs/cloud_controller.elg
  • D. $FWDIR/logs/cloud_proxy.elg


Answer : C

When using Data Center Objects in a policy and the objects are not updating, what are two steps we can check?

  • A. 1. Verify process is running with ‘cloudguard on’ and 2. restart the api process with ‘api restart’
  • B. 1. Verify process is running with ‘cloudguard on’ and 2. ‘test communication’ button the Data Center Server object
  • C. 1. Reboot the Security Management Server and 2. restart the cloudguard process with ‘cloudguard on’
  • D. 1. Reboot the Security Management Server and 2. restart the api process with ‘api restart’


Answer : C

Page:    1 / 9   
Exam contains 121 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy