Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

156-560 by Checkpoint - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Select the answer that best describes the purpose of Cloud Management Extension (CME)

A CME is a Check Point Management software bundle that supports API calls to AWS
B CME is AWS utility used to deploy Check Point CloudGuard Gateways in AWS cloud
C CME is a Check Point utility that enables automated provisioning and autoscaling with AWS
D CME is required to run and manage Check Point CloudGuard Gateways in AWS

Question 4

When using system routes and user defined routes in Azure, which takes precedent?

A The user defined route takes precedent
B The system route always takes precedent
C The most specific route takes precedent
D The newest route takes precedent

Question 5

When it comes to the autoscaling method, which statement is true?

A It is configured easily without rules.
B It works best with small-scale deployments.
C It helps with CloudGuard IaaS deployments.
D It functions with pre-provisioning.

Question 6

What is true about Terraform?

A It utilizes Playbooks written in JSON
B It uses ACL Hiyashi scripting system
C It utilizes Playbooks written in YAML
D It was created by Red Hat

Question 7

The integration of cloud resources into the Security Policy requires establishing a secure connection between:

A The SDDC, CloudGuard Security Gateways, and the Security Management Server.
B The SDDC and CloudGuard Security Gateways.
C The SDDC and the Security Management Server.
D CloudGuard Security Gateways and the Security Management Server.

Question 8

Which module/blade on a Security Gateway is used by CloudGuard Controller to dynamically update the changes to objects and attributes in the Cloud environment?

A Gateway Controller
B Cloud Sync
C Content Awareness
D Identity Awareness

Question 9

How many interfaces are supported by CloudGuard gateways on Azure?

A As many interfaces as supported by the chosen compute resource size
B Two Interfaces
C 128 Interfaces
D One Interface

Question 10

How is the South Hub Traffic Flow defined?

A The traffic flow is handled by the Southbound Hub and manages the South-North traffic and outbound traffic
B The traffic flow is handled by the Southbound Hub and manages the South-North traffic and inbound traffic
C The traffic flow is handled by the Southbound Hub and manages the South-North traffic and inbound/outbound traffic
D The traffic flow is handled by the Southbound Hub and manages the East-West and outbound traffic

Question 11

Which of the following statements is true?

A Using Azure, it is possible to protect multiple subnets with a single NIC gateway.
B Using Azure, it is not possible to protect multiple subnets with a single NIC gateway.
C Using Azure, you can only protect one subnet with a single NIC gateway.
D Using Azure, you can only protect up to two subnets with a single NIC gateway.

Question 12

In CloudGuard, clusters perform failovers by using this technique

A Datalink Abstraction Protocol (DAP)
B Gratuitous ARPs (GARP)
C MAC spoofing
D API Calls

Question 13

Which daemon is used by a CloudGuard cluster to communicate with Azure?

A FWK_0
B AZURE_CPD
C AZURE_HAD
D CPWD_ADMIN

Question 14

What is the command to retrieve the status of the Management API?

A CLISH> show api status
B api status
C $FWDIR/scripts/cpm_status.sh -t mapi -s DEBUG
D $FWDIR/scripts/api_status.sh

Question 15

What mechanism is used in the Cloud during a ClusterXL fail-over scenario?

A The Router Discovery protocol will be used to propagate the new route after a failover scenario.
B Cloud clusters perform failovers by making API calls to the CSP.
C The Neighbor Discovery protocol will be used to propagate the new cluster node to be forwarded the packets to.
D The Gratuitous ARP mechanism will be used to change the MAC address entry in the ARP cache of the router.

Question 16

What CLI command can you use to test your autoprovision configuration template, as well as connectivity to AWS using IAM role and permissions?

A autoprov-cfg -v
B cat /var/log/CPcme/cme.log
C $FWDIR/conf/autoprovision.json
D service cme test

Question 17

Phase 1 of the CloudGuard Controller workflow consists of ___________________ .

A Connect to the Cloud, Retrieve Cloud Resources
B Retrieve Cloud Resources, Manual Security Policy Installation
C Connect to the Cloud, Import Data Center Object
D Import Data Center Object, Retrieve Cloud Resources

Question 18

What is the main benefit to customers when running Check Point CloudGuard Gateways in Azure Virtual Machine Scale Set?

A Best of cloud to only pay for what you need when you need it
B The ability to provide hot standby capability
C Ability to mix and match Azure VM sizes and billing methods
D Operational model for manually adding new CloudGuard Gateways when needed

Question 19

How is CloudGuard for Azure licensed in BYOL (Bring your own license) mode?

A Per Gateway
B Per usage
C Per Socket
D Per vCore

Question 20

Which is the command to launch the Azure configuration test script?

A $CPDIR/bin/azure_test.sh
B $FWDIR/scripts/azure_ha_test.py
C /usr/bin/azure_ha_perfmon.py
D /var/sbin/azure_test.sh

Question 21

What do CloudGuard cluster members use to perform a failover?

A GARP
B API calls to the Cloud Service Provider
C Private IP
D Custom routes

Question 22

What is CloudGuard Controller used for?

A Managing autoscaling gateways
B Automatic creation of NAT and security policy rules
C Controlling access to the cloud
D Creating an adaptive policy by importing objects from the cloud

Question 23

What is the key component in securing and managing any environment?

A Security Management Server
B Security Gateway
C Security Policy
D Security Access

Question 24

Which of these is an example of Control Connections as accepted with implicit rules enabled from Global Properties?

A Any TCP or UDP communication from the Primary SMS to any managed Security Gateway.
B Communication with various types of servers, such as RADIUS, CVP, UFP, TACACS, LDAP and logical servers, even if these servers are not specifically defined resources in your Security Policy.
C Cluster Control Protocol (CCP) communication between members of a Security Gateway Cluster.
D Communication using any protocol that can be used to control a remote host machine e.g. SSH, Telnet, RDP, etc.

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 5 • Questions 1-25 of 118

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

The Azure compute resource used to deploy and manage sets of identical Virtual Machines (VMs) is called

A AutoScaling Groups
B Azure Resource Scaling Manager (ARSM)
C Cloud Management Extensions (CME)
D Virtual Machine Scale Sets (VMSS)

What utility runs on the SMS and handles provisioning tasks involved in the expansion and contraction that is common in Scaling Solutions?

A CPCloudScale Extension
B CloudGuard Controller
C Auto-Scaler Module
D Cloud Management Extension (CME)