Check Point Certified Threat Prevention Expert (CCTPE) — Question 42

The best practice for CloudGuard Network deployments utilizes the Hub and Spoke model. Which of these statements is the most correct for this model?

Answer options

• A. All the security components including SMS, Northbound and Southbound Security Gateways and East-West VPN Gateways will all be deployed in one Hub
• B. A Spoke can ONLY consist of a single virtual machine in a dedicated subnet shared between the VM and the Hub
• C. All traffic that enters and exits each spoke must travel through a hub
• D. The Hub and Spoke model is applicable ONLY to multi-cloud environments. The Hub includes all the Security Gateways in all cloud environments. Each Spoke includes all resources of a Data-Center in a single Cloud Environment

Correct answer: C

Explanation

Answer C is correct because, in the Hub and Spoke model, all traffic is routed through the hub for security and management purposes. Option A is incorrect as it implies a misconfiguration of security components, while B limits a Spoke's capabilities incorrectly. Option D incorrectly states the model's applicability, as it can be used in both single and multi-cloud environments.