How does micro-segmentation create boundaries and provide network segmentation for CloudGuard?
- A . It creates borders within the cloud’s perimeter to protect the major inbound and outbound traffic intersections.
- B . Micro-segmentation does not create boundaries.
- C . It applies a Security Gateway that enforces firewall policies to accept legitimate network traffic flows and deny unauthorized traffic
- D . It places inspection points between different applications, services, and single hosts within the same network segment.
Which of the following is a common limitation of cloud platforms?
- A . Network address translations
- B . Custom Route Tables
- C . Identity and Access Management
- D . Packet Forwarding
Cloud Security Posture Management operational modes for cloud accounts are:
- A . Read Only, Full Protection. Region Lock
- B . Read Only, Read/Write. Region Lock
- C . Read Only, Read/Write. Full Protection
- D . Read/Write, Partial Protection, Full Protection
A
Explanation:
Text, letter
Description automatically generated
To troubleshoot CloudGuard Controller, administrators can execute the following command:
- A . cloudguard troubleshoot
- B . cloudguard security
- C . cloudguard off
- D . cloudguard on
Which software blade provides forensic analysis tools?
- A . Logging Blade
- B . Identity Awareness Blade
- C . Monitoring Blade
- D . SmartEvent Blade
How is CloudGuard for Azure licensed in PAYG (Pay As You Go) mode?
- A . Per hour based on resources consumed
- B . Per Gateway
- C . Per Socket
- D . Per vCore
A
Explanation:
Graphical user
interface, text, application, email
Description automatically generated
The framework for cloud security consists of five basic components, or pillars Making small, reversible changes is a design principle of which of these five pillars
- A . Reliability
- B . Performance Efficiency
- C . Cost Optimization
- D . Operational Excellence
D
Explanation:
There are five design principles for operational excellence in the cloud:
✑ Perform operations as code
✑ Make frequent, small, reversible changes ✑ Refine operations procedures frequently ✑ Anticipate failure
✑ Learn from all operational failures
How is CloudGuard for Azure licensed in BYOL (Bring your own license) mode?
- A . Per usage
- B . Per Socket
- C . Per vCore
- D . Per Gateway
Once the Deployment finishes, Cloud Security Posture Management applies default network security posture that does what?
- A . Minimizes the risk of external threats by blocking access to high risk sites and external users
- B . Minimizes the risk of external threats by blocking accessed to the internet
- C . Minimizes the risk of external threats by blocking access to all internal resources
- D . Minimizes the risks of external threats by blocking access to services and ports
Which of these is true of the CloudGuard Controller?
- A . CloudGuard Controller manually updates SmartConsole security tads and API connections
- B . CloudGuard Controller only displays cloud-based Security Gateway objects
- C . CloudGuard Controller maintains visibility of the protected cloud environment
- D . CoudGuard Control statically .denies Cloud resources created within a single cloud or a multi-cloud environment.
Which is not a Pillar of the Framework for the Cloud?
- A . Performance Efficiency
- B . Cost Optimization
- C . Scalability
- D . Reliability
C
Explanation:
https://emergencetek.com/aws-five-pillars-of-a-well-architected-framework/#:~:text=AWS%20and%20their%20partners%20use,performance%20efficiency %2C%20and%20cost%20optimization.
Can you configure Micro segmentation (control traffic inside a subnet) on Azure?
- A . No. Micro segmentation is not supported on Azure
- B . Yes. via UDR
- C . Yes, via System Routes
- D . Yes, via routes on vNet
Check Point’s Public Cloud model is described as the following
- A . A Security Matrix Model
- B . A Hub and Spoke Model
- C . An Advanced Threat Tunnel Model
- D . A Borderless Model
B
Explanation:
https://www.checkpoint.com/downloads/products/check-point-secure-cloud-blueprint-azure-whitepaper.pdf (p. 5)
Which Pillar includes the following principals
• Experiment more often
• Go Global in minutes-
• Use serverless architectures
- A . Reliability
- B . Cost Optimization
- C . Performance Efficiency
- D . Operational Excellence
The Security Administrator needs to reconfigure the API server, which command would need to be ran?
- A . api reboot
- B . api reconf
- C . api restart
- D . api reconfig
The integration of cloud resources into the Security Policy requires establishing a secure connection between_________________
- A . The SDDC, CloudGuard Security Gateways, and the Security Management Server
- B . The SDDC and CloudGuard Security Gateways.
- C . The SDDC and the Security Management Server
- D . CloudGuard Security Gateways and the Security Management Server
Which log file should an administrator gather to expedite the diagnosis of a CloudGuard Controller issue?
- A . $CPDIR/logs/cloud.elg
- B . $DADIR/logs/controller_proxy.elg
- C . $FWDIR/logs/cloud_controller.elg
- D . $FWDIR/logs/cloud_proxy.elg
What are two basic rules Check Point recommends for building an effective policy?
- A . Cleanup and Stealth Rule
- B . VPN and Admin Rules
- C . Implicit and Explicit Rules
- D . Access and Identity Rules
A
Explanation:
Text
Description automatically generated
What is Operational Excellence?
- A . The ability of a Workload to function correctly and consistently in all expected
- B . In terms of the cloud, security is about architecting every workload to prevent
- C . The ability to use cloud resources efficiently for meeting system requirements, and
maintaining that efficiency as demand changes and technologies evolve - D . The ability to support development and run workloads effectively
D
Explanation:
The Operational Excellence pillar includes the ability to support development and run workloads effectively, gain insight into their operation, and continuously improve supporting processes and procedures to delivery business value.
A utility that allows integration between SMS, the CloudGuard Network Solution, and CSPs, allowing the SMS to monitor and control scaling solutions in their associated cloud environments is called
- A . CloudGuard Management Extension (CME)
- B . CloudGuard Controller and Enforcer (CCE)
- C . CloudGuard Scanner and Enforcer (CSE)
- D . CloudGuard Controller (CC)
In a CloudGuard deployment, what does the acronym IAM stand for?
- A . Information and Adaptability Measures
- B . IP Address Management
- C . Identity and Access Management
- D . Instant Access Management
Which security principles are indicative of the CloudGuard Secure Public Cloud Blueprint architecture?
- A . Security with Advanced Threat Prevention; Network Division; Agility, Automation, Efficiency, and Elasticity; with Cloud Borders
- B . Security with Advanced Threat Prevention Network Unification Agility Automation, Efficiency, and Elasticity; Borderless
- C . Security with Advanced Threat Prevention: Network Segmentation: Agility, Automation Efficiency, and Elasticity; Borderless
- D . Security with Advanced Threat Protocol; Network Distribution; Agility, Automation, Efficiency, and Cloud Rigidity Borderless
Why is an IAM role created when installing a cluster on AWS?
- A . In order to perform cluster related changes
- B . It is created for the installation process only, it gets deleted
- C . IAM role is created for auditing purposes
- D . IAM role is not created
What is Performance Efficiency?
- A . The ability to use cloud resources efficiently for meeting system requirements, and maintaining that efficiency as demand changes and technologies evolve
- B . The ability to support development and run workloads effectively
- C . In terms of the cloud, security is about architecting every workload to prevent
- D . The ability of a Workload to function correctly and consistently in all expected
A
Explanation:
The Performance Efficiency pillar includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as
demand changes and technologies evolve. You can find prescriptive guidance on implementation in the Performance Efficiency Pillar whitepaper.
Which language can be used by users of Cloud Security Posture Management to create custom Security Policies?
- A . eXtensible Markup Language (XML)
- B . Posture Management Language (PML)
- C . Governance Specific Language (GSL)
- D . JavaScript Object Notation (JSON)
What is vertical scaling?
- A . Tunes the environment up and down according to the resource capacity needs
- B . Tunes the environment by automatically adding or removing resource to the SDN
- C . Tunes the environment by manually adding or removing resource to an SDDC
- D . Scaling method that does not require a system shutdown to add or remove resources.
What is Reliability according to the Five Pillars?
- A . The ability to use cloud resources efficiently for meeting system requirements, and maintaining that efficiency as demand changes and technologies evolve
- B . The ability of a Workload to function correctly and consistently in all expected.
- C . The ability to support development and run workload effectively
- D . In terms of the cloud, security is about architecting every workload to prevent.
B
Explanation:
The Reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle. You can find prescriptive guidance on implementation in the Reliability Pillar whitepaper.
Which solution delivers a software platform for public cloud security and compliance orchestration?
- A . CloudGuard Network Public
- B . CloudGuard Network Private
- C . CloudGuard SaaS
- D . Cloud Security Posture Management
Which autoscaling method requires the VM to temporarily shut down while it processes system modification?
- A . Both Vertical and Horizontal Scaling
- B . Vertical Scaling
- C . Horizontal Scaling
- D . Neither autoscaling method requires the VM to}
Logging Implied rules, enabling Hit Count and defining advanced VPN functions are all settings that are applied as
- A . Inline Layer
- B . Global Properties
- C . Policy Settings
- D . Gateway Properties