A financial institution is deploying a CloudGuard Security Gateway cluster in Azure for high availability. To comply with internal policies, the cluster must be able to withstand the failure of an entire Azure data center. Which deployment configuration meets this requirement?
A security architect is using CloudGuard Dome9 to create a custom compliance ruleset using Governance Specification Language (GSL). The goal is to identify all AWS S3 buckets that do not have server-side encryption enabled by default. Which GSL syntax correctly expresses this rule?
A DevOps team is automating the deployment of CloudGuard Security Gateways in AWS using a Terraform template. After deployment, the gateways must be automatically onboarded to a central Smart-1 Cloud instance for management. Which mechanism should be used in the Terraform configuration to achieve this?
A security administrator needs to create a security policy rule that allows traffic from a dynamically scaling group of web servers in GCP to a database server. The web servers are identified by a specific network tag, 'app-frontend'. Which component is responsible for resolving the GCP network tag into a list of IP addresses that the Security Gateway can use in a policy?
Which of the following are core capabilities of CloudGuard's Cloud Native Application Protection Platform (CNAPP)? (Select THREE)
True or False: When deploying a CloudGuard Auto Scaling group for AWS, the Security Management Server (SMS) must be deployed in the same AWS region as the auto-scaling gateways to ensure proper functionality.
An e-commerce company uses AWS with an Auto Scaling group of CloudGuard gateways behind a Gateway Load Balancer (GWLB) to inspect traffic. During a sales event, traffic spikes, but the number of active gateways in the Auto Scaling group does not increase, leading to performance degradation. A review of CloudWatch metrics for the Auto Scaling group shows that CPU utilization is consistently below the scaling threshold. What is the MOST likely cause of this issue?
A security team is implementing CloudGuard Kubernetes runtime protection. They want to prevent a specific malicious behavior: a process inside a container attempting to load a kernel module. Which CloudGuard feature is designed to detect and block this type of activity in real-time?
A cloud administrator is configuring a CloudGuard Security Gateway in a 'Standalone' deployment mode. What does this deployment mode signify?
An organization is using CloudGuard to secure its multi-cloud environment, which includes AWS and Azure. The security policy needs to allow SSH access to all Linux servers for the IT administration team. The Linux servers in AWS are tagged with `OS:Linux` and in Azure are tagged with `OS:Linux`. To avoid creating separate rules for each cloud, the administrator wants to use a single dynamic object. What is the correct procedure to create a single policy object that represents all Linux servers across both clouds?