The CrowdStrike CCCS exam preparation guide is designed to provide candidates with necessary information about the Cloud Specialist exam. It includes exam summary, sample questions, practice test, objectives and ways to interpret the exam objectives to enable candidates to assess the types of questions-answers that may be asked during the CrowdStrike Certified Cloud Specialist (CCCS) exam.
It is recommended for all the candidates to refer the CCCS objectives and sample questions provided in this preparation guide. The CrowdStrike Cloud Specialist certification is mainly targeted to the candidates who want to build their career in Falcon Specialist domain and demonstrate their expertise. We suggest you to use practice exam listed in this cert guide to get used to with exam environment and identify the knowledge areas where you need more work prior to taking the actual CrowdStrike Cloud Specialist exam.
CrowdStrike CCCS Exam Summary:
| Exam Name | CrowdStrike Cloud Specialist |
| Exam Code | CCCS |
| Exam Price | $250 USD |
| Duration | 90 minutes |
| Number of Questions | 60 |
| Passing Score | 80% |
| Recommended Training / Books | CCCS Training |
| Schedule Exam | PEARSON VUE |
| Sample Questions | CrowdStrike CCCS Sample Questions |
| Recommended Practice | CrowdStrike Certified Cloud Specialist (CCCS) Practice Test |
CrowdStrike Cloud Specialist Syllabus:
| Section | Objectives |
|---|---|
| Falcon Cloud Security Features and Services |
- Explain the benefits of CrowdStrike's cloud security products and services — including cloud security posture management (CSPM), cloud workload protection (CWP), application security posture management (ASPM), data security posture management (DSPM), and infrastructure as code (laC) security — and how they work together - Describe the purpose and use requirements of one-click sensor deployment - Describe the purpose and use requirements of the Kubernetes admission controller |
| Cloud Account Registration |
- Given a specific use case, determine the most efficient and secure registration method to use for your cloud environment - Determine which roles are required to perform actions with CrowdStrike Falcon® Cloud Security - Organize cloud resources into cloud groups to reduce noise and assign responsibility - Configure cloud security scan exclusion settings - Troubleshoot issues related to cloud account registrations |
| Cloud Security Policies and Rules |
- Given a use case, configure CSPM policies - Given a use case, recommend an image assessment policy and exclusions - Given a use case, recommend a Kubernetes admission controller policy configuration - Given a use case, recommend a runtime sensor policy configuration |
| Pre-Runtime Protection |
- Add, edit and delete registry connection details and settings - Given a use case, recommend an appropriate image assessment method for your environment - Identify potential security issues — such as malware presence, high-severity Common Vulnerabilities and Exposures (CVEs), detected leaked secrets and Docker file misconfigurations — from the image assessment report - Identify vulnerabilities and installed packages |
| Runtime Protection |
- Determine the best CrowdStrike Falcon® sensor to use when given a specific Kubernetes and container environment configuration - Troubleshoot issues related to Kubernetes and container sensor deployment - Identify deployment misconfigurations - Identify unassessed images used in production - Identify indicators of attack (IOAs), rogue containers and drift - Identify network connections |
| Findings and Detection Analysis |
- Evaluate cloud security controls and configurations to identify indicators of misconfiguration (IOMs), vulnerabilities and/or high-risk practices - Identify suspicious/malicious activity (IOAs) and associated persistence mechanisms - Audit user account activity and permissions to identify risks - Compare cloud, Docker and Kubernetes configurations to the latest industry benchmarks to determine compliance - Find unmanaged, public-facing cloud and container assets |
| Remediating and Reporting Issues |
- Identify recommended remediation steps for findings and detections - Describe the purpose and use requirements of scheduled reports for cloud security - Describe the purpose and use requirements of CrowdStrike Falcon® Fusion SOAR workflows to notify individuals about cloud-related policies, detections, incidents, infrastructure as code and image assessments |