Free 156-560 Sample Questions — Check Point Certified Cloud Specialist (CCCS)

Cloud Security Posture Management uses which one of the following to integrate with cloud accounts?

• A. IAM account credentials
• B. Security Objects
• C. SDDC
• D. CloudGuard Controller

CloudGuard uses several management tools to create and manage Security Policies. Which is NOT one of those tools?

• A. Gaia Portal
• B. CloudGuard Controller
• C. SmartConsole
• D. CLI

Which is not a responsibility of the CSP (Cloud Service Provider)?

• A. Infrastructure Patching and Configuration
• B. Physical and Environment Controls
• C. Data
• D. CSP Employee Training

Which of the following is a common limitation of cloud platforms?

• A. Network address translations
• B. Custom Route Tables
• C. Identity and Access Management
• D. Packet Forwarding

Which is not a deployment method for CloudGuard solutions using CSP resources?

• A. Terraform
• B. Shell
• C. CLI
• D. CPS Portal

What are two basic rules Check Point recommends for building an effective policy?

• A. Cleanup and Stealth Rule
• B. VPN and Admin Rules
• C. Implicit and Explicit Rules
• D. Access and Identity Rules

How does the Cloud Security Posture Management (CSPM) service deliver intelligence threat feeds, enforce compliance policies, and apply security enhancements to the environment?

• A. The Cloud Security Posture Management (CSPM) does this by using the SOAP protocol and XML
• B. The Cloud Security Posture Management (CSPM) does this by using SSH and microagents
• C. The Cloud Security Posture Management (CSPM) does this by using REST APIs
• D. The Cloud Security Posture Management (CSPM) does this by using SIC connections on the cloud

Cloud Security Posture Management operational modes for cloud accounts are:

• A. Read Only, Full Protection, Region Lock
• B. Read Only, Read/Write, Region Lock
• C. Read Only, Read/Write, Full Protection
• D. Read/Write, Partial Protection, Full Protection

What can Data Center Objects represent?

• A. vNets, VPCs or Network Security Groups
• B. Compute, Regions or Availability Zones
• C. Public IP, Private IP, NAT or IAM roles
• D. Cloud Data Center, Tags, subnets, or hosts

Which of these Cloud Platforms support User Defined Routes (UDR) to force traffic destined for spoke networks to go through a network virtual appliance?

• A. Amazon AWS
• B. Google Cloud Platform
• C. Amazon AWS and Google Cloud Platform
• D. Microsoft Azure

Which software blades (Check Point features) are not supported in AWS?

• A. IPS
• B. VPN blade
• C. All Check Point blades are supported
• D. Mobile Access (SSLVPN)

On Public Cloud, what is included in the BYOL (Bring your own license) package?

• A. 1 year subscription includes: Software, Services & Support
• B. 1 year subscription for Services & Support
• C. Perpetual licenses for Software only
• D. Perpetual licenses for Software & Services

Which is not an advantage of the Hub and Spoke Architecture Model?

• A. Automation
• B. Network Segmentation
• C. Complexity
• D. Borderless

Which module/blade on a Security Gateway is used by CloudGuard Controller to dynamically update the changes to objects and attributes in the Cloud environment?

• A. Gateway Controller
• B. Cloud Sync
• C. Content Awareness
• D. Identity Awareness

What mechanism is used in the Cloud during a ClusterXL fail-over scenario?

• A. The Router Discovery protocol will be used to propagate the new route after a failover scenario
• B. Cloud clusters perform failovers by making API calls to the CSP
• C. The Neighbor Discovery protocol will be used to propagate the new cluster node to be forwarded the packets to
• D. The Gratuitous ARP mechanism will be used to change the MAC address entry in the ARP cache of the router

Introduction to Cloud Security Posture Management uses which of the following to connect, communicate, and collect information from cloud accounts and third party tools?

• A. SmartConsole
• B. HTML
• C. CLI
• D. APIs

Which function do Load Balancers perform?

• A. Trigger capacity on security gateways
• B. To secure balance between private and public clouds
• C. Direct Internet traffic to spoke networks
• D. Restrict traffic loads between servers

One of the limitations in deploying Check Point CloudGuard Cluster High Availability is that

• A. State synchronization is required and must be done ONLY on a dedicated link
• B. High Availability configurations support only two Security Gateway members
• C. High Availability configurations support only three Security Gateway members
• D. VMAC mode is mandatory for all cluster interfaces

Which is not a responsibility of the Customer?

• A. Infrastructure Patching and Configuration
• B. Service, Communication, and Data Security
• C. Guest OS and Application Patching and Configuration
• D. Customer Employee Training

Logging Implied rules, enabling Hit Count, and defining advanced VPN functions are all settings that are applied as:

• A. Inline Layer
• B. Global Properties
• C. Policy Settings
• D. Gateway Properties