CCPP-Protection Exam Format | CCPP-Protection Course Contents | CCPP-Protection Course Outline | CCPP-Protection Exam Syllabus | CCPP-Protection Exam Objectives

Exam Code: CCPP Protection
Exam Name: Cohesity Certified Protection Professional
Duration: 105 minutes
Languages: English
Passing Score: 65%

Cohesity Certified Protection Associate - DataProtect (Exam: COH100)
Cohesity Certified Protection Associate - Multicloud (Exam: COH150)
Cohesity Certified Implementation Professional - SmartFiles (Exam: COH125)

1. Cohesity Certified Protection Associate - DataProtect
This exam focuses on foundational data protection concepts- administration- recovery- and monitoring using Cohesity DataProtect. It covers products like Cohesity Data Cloud- DataProtect- SmartFiles- CloudArchive- and Replication. Target roles include data protection administrators- system admins- and support staff.
Domain 1: Fundamentals of the Cohesity Data Cloud Platform Concepts (13.33%)

Identify source and object concepts.
Describe the Cohesity platform characteristics.
Describe storage domain concepts and configuration options.
Identify Cohesity SmartFiles use cases.

Key Terminologies: Source (e.g.- data origins like VMs or databases)- object (e.g.- protected entities like files or VMs)- storage domain (logical storage units for data isolation and performance)- Cohesity SmartFiles (file and object services for secondary data storage).
Domain 2: Data Protection Fundamentals (18.33%)

Identify source registration requirements and procedures.
Working with Cohesity Agents (installation- configuration for backups).
Configuring backups that meet established recovery point objectives (RPOs) and recovery time objectives (RTOs).
Describe the components of a Cohesity protection policy.
Describe the differences between application and crash consistent backups.

Key Terminologies: Cohesity Agents (software for agent-based backups on physical servers or apps)- recovery point objectives (RPOs- maximum acceptable data loss)- recovery time objectives (RTOs- maximum downtime)- protection policy (rules for backup frequency- retention- replication)- application consistent backups (ensures app data integrity via quiescing)- crash consistent backups (point-in-time snapshots without app quiescing).
Domain 3: Protection Concepts (18.33%)

Identify the types of objects that can be protected by Cohesity DataProtect (e.g.- VMs- databases- NAS- physical servers).
Identify protection policy concepts (e.g.- scheduling- retention).
Describe how to configure protection policies that meet specific RPOs.
Describe how to configure Protection Groups to ensure a consistent backup.
Describe the purpose of a backup service-level agreement (SLA).
Describe the purpose of a backup window.
Describe the Cohesity workflow for protecting virtual machines (VMs).

Key Terminologies: Cohesity DataProtect (core backup and recovery service)- protection policy (as above)- Protection Groups (collections of objects with shared policies)- backup service-level agreement (SLA- contractual guarantees on backup success and recovery)- backup window (scheduled time for backups to minimize impact)- virtual machines (VMs- e.g.- VMware or Hyper-V instances).
Domain 4: Recovery Concepts (21.67%)

Identify recovery concepts (e.g.- full vs. granular recovery).
Describe the different options for recovering objects (e.g.- overwrite- alternate location).
Describe how to perform a recovery.
Describe how to perform a recovery that does not impact the availability of existing systems (e.g.- detach network- power off).
Describe Cohesity dev/test workflows (e.g.- cloning for development/testing).

Key Terminologies: Recovery concepts (processes for restoring data)- recovering objects (e.g.- file-level or VM-level restore)- dev/test workflows (using clones for non-production environments without affecting originals).
Domain 5: Data Management Components (16.67%)

Identify native Cohesity file services capabilities (e.g.- NFS- SMB support).
Identify the cloud services that Cohesity Data Cloud platform natively supports (e.g.- AWS- Azure).
Describe Cohesity replication concepts (e.g.- snapshot copying to remote sites).
Describe Cohesity archival concepts (e.g.- long-term storage to external targets).

Key Terminologies: Native Cohesity file services (built-in protocols for file access)- cloud services (integration with public clouds)- Cohesity replication (data copying for DR)- Cohesity archival (offloading data to tape/cloud for retention).
Domain 6: Monitoring and Reporting (11.67%)

Identify the different task state status types for a Protection Group (e.g.- running- failed- completed).
Describe how to determine if Protection Groups have met their SLAs.
Describe how to check the status of a backup.
Describe the available performance monitoring metrics (e.g.- throughput- latency).
Identify the critical performance measurements shown on the Cohesity performance dashboard.
Describe how to use Cohesity Data Cloud platform reporting to verify compliance with backup SLAs.
Describe how to create reports that demonstrate the health or status of data protection tasks.

Key Terminologies: Task state status types (e.g.- queued- in progress)- Protection Groups (as above)- SLAs (as above)- performance monitoring metrics (e.g.- IOPS- CPU usage)- Cohesity performance dashboard (UI for cluster health)- backup SLAs (compliance checks)- data protection tasks (backup/restore operations).
2. Cohesity Certified Protection Associate - Multicloud
This exam emphasizes deploying and managing Cohesity in multicloud setups- including archiving- tiering- and cloud-native operations. It covers products like Cohesity Data Cloud- DataProtect- CloudArchive- CloudTier- and Replication. Target roles mirror the DataProtect exam.
Domain 1: Cohesity Cloud Concepts (21.67%)

Describe the supported delivery models for the Cohesity platform (e.g.- on-premises- cloud-native).
Identify Cohesity cloud solutions (e.g.- CloudArchive- CloudTier- CloudSpin).
Describe the use cases for Cohesity cloud solutions (e.g.- DR- cost optimization).
Identify native Cohesity cloud features (e.g.- integration with AWS- Azure- GCP).
Identify the difference between archiving and tiering with Cohesity.
Describe cloning and moving VMs to the public cloud using CloudSpin.
Identify cloud-based disaster recovery features.
Describe the use cases for CloudArchive.

Key Terminologies: Delivery models (e.g.- Virtual Edition- Cloud Edition)- cloud solutions (e.g.- CloudArchive for long-term retention- CloudTier for cold data offload)- archiving (permanent offload for compliance)- tiering (temporary offload for performance/cost)- CloudSpin (VM migration/cloning to cloud)- disaster recovery (DR- failover to cloud).
Domain 2: Archiving with Cohesity (20%)

Describe how Cohesity’s archive function can support disaster recovery.
Identify the workflows used when working with CloudArchive (e.g.- policy setup- target selection).
Describe the options for CloudArchive External Targets (e.g.- AWS S3- Azure Blob).
Describe the recovery options available for organizations that use CloudArchive (e.g.- full/granular restore).
Describe the disaster recovery process using CloudRetrieve.
Identify CloudArchive Direct configuration options (e.g.- direct-to-cloud archiving).

Key Terminologies: CloudArchive (archiving service to external targets)- workflows (step-by-step processes)- External Targets (storage destinations like public clouds)- CloudRetrieve (search/recovery from archived data)- CloudArchive Direct (bypassing local storage).
Domain 3: Tiering with Cohesity (10%)

Describe the benefits of tiering to the cloud using CloudTier (e.g.- cost savings- scalability).
Describe CloudTier configuration options (e.g.- thresholds for data movement).
Describe how to configure an external target for CloudTier.
Identify the workflows used when working with CloudTier.
Describe the options available for CloudTier (e.g.- encryption- compression).

Key Terminologies: CloudTier (automated data movement to cloud)- configuration options (e.g.- age-based policies)- external target (cloud storage for tiered data).
Domain 4: Cloud-native Backups with Cohesity (15%)

Describe how to configure Cohesity for native operation in AWS- Azure- or GCP (e.g.- instance setup).
Describe how networking with Cohesity running native in the cloud is different than on-premises (e.g.- VPCs- security groups).
Identify supported cloud-native backup operations (e.g.- snapshot management- app protection).

Key Terminologies: Native operation (running Cohesity directly in cloud)- networking (cloud-specific configs like subnets)- cloud-native backup (protecting cloud workloads).
Domain 5: Cloud Migration with Cohesity (8.33%)

Identify the use cases for moving VMs to and from the public cloud using CloudSpin (e.g.- DR testing- migration).
Describe CloudSpin configuration operations (e.g.- policy setup).
Describe how to perform a CloudSpin operation.
Describe how to use the dev/test clone feature using CloudSpin.

Key Terminologies: CloudSpin (as above)- configuration operations (setup steps)- dev/test clone (non-prod VM copies in cloud).
Domain 6: Deployment Considerations (25%)

Describe different types of cloud storage supported by CloudArchive (e.g.- standard- glacier).
Deployment prerequisites for configuring CloudArchive with public cloud providers (e.g.- IAM roles).
Identify requirements for deploying and running Cohesity natively in public cloud providers such as AWS- Azure- and GCP (e.g.- instance types).
Identify the additional features that are available when you have deployed the Cohesity platform both on-premises and in the cloud (e.g.- hybrid replication).
Identify the registration requirements for cloud sources (e.g.- API keys).
Identify the SaaS applications that can be protected using the Cohesity platform (e.g.- Microsoft 365- Salesforce).

Key Terminologies: Cloud storage types (e.g.- S3 Standard- Azure Cool)- deployment prerequisites (e.g.- permissions)- hybrid deployment (on-prem + cloud)- registration requirements (e.g.- credentials)- SaaS applications (cloud-based apps for protection).
3. Cohesity Certified Implementation Professional - SmartFiles
This exam covers implementation and administration of Cohesity SmartFiles for file and object services- including security- migration- and DR. It includes products like Cohesity Data Cloud- SmartFiles- DataProtect- CloudArchive- Replication- and CloudTier. Target roles include file/object admins and professional services staff.
Domain 1: SmartFiles Administration Concepts (28.33%)

Identify the protocols supported by Cohesity Views (e.g.- NFS- SMB- S3).
Describe the workflow used to create a Cohesity View.
Describe the Storage Domains settings for Views.
Describe how to encrypt data on Cohesity Views.
Describe the default behavior for Cohesity View quotas.
Identify the configuration features of Cohesity Views (e.g.- QoS- access controls).
Describe the different Cohesity View QoS policies.
Describe how to administer Cohesity Views (e.g.- monitoring- editing).
Describe how to protect Cohesity Views (e.g.- via DataProtect).
Identify Cohesity SmartFiles use cases (e.g.- secondary storage- archiving).

Key Terminologies: Cohesity Views (logical file shares/objects)- protocols (NFS for Unix- SMB for Windows- S3 for objects)- Storage Domains (as above)- encryption (data-at-rest protection)- quotas (storage limits)- QoS policies (quality of service for performance control).
Domain 2: Marketplace Application Integration (16.67%)

Identify what is needed to enable Cohesity Marketplace application support (e.g.- licensing).
Describe the Cohesity Marketplace applications that can be integrated with Cohesity Views (e.g.- Spotlight for search- Insight for analytics).
Describe how to search for data on Cohesity Views.
Describe how and why the Cohesity Marketplace applications Spotlight and Insight can be implemented with Cohesity Views.
Describe the steps needed to enable file services audit logs.
Describe how to troubleshoot file services audit logs.
Identify the procedures used to enable antivirus protection on a Cohesity View.

Key Terminologies: Cohesity Marketplace (app ecosystem)- Spotlight (search app)- Insight (threat detection app)- file services audit logs (access tracking)- antivirus protection (integration with scanners).
Domain 3: NAS Migration and Tiering Concepts (16.67%)

Identify the purpose of external NAS tiering jobs (e.g.- offloading data).
Identify the use cases for the external NAS tiering feature (e.g.- capacity management).
Describe the process used to migrate NAS data to a Cohesity View (e.g.- symbolic links).
Describe how to administer data that has been tiered from a NAS to a Cohesity View.

Key Terminologies: External NAS tiering jobs (automated data movement from legacy NAS)- NAS migration (data transfer processes)- symbolic links (pointers to migrated data).
Domain 4: Disaster Recovery Concepts (18.33%)

Describe Cohesity File Services archival options (e.g.- to cloud/tape).
Identify Cohesity File Services disaster recovery options (e.g.- replication).
Describe Cohesity File Services failover options (e.g.- site switchover).

Key Terminologies: Archival options (long-term storage)- disaster recovery options (recovery strategies)- failover options (switching to secondary sites).
Domain 5: Security and Compliance (20%)

Demonstrate the ability to limit access to a share using allowlists or granular permissions.
Identify the allowlist requirements for access to SMB shares.
Identify the features of Cohesity Views that can be used to secure client data (e.g.- encryption- access controls).
Describe Cohesity View protocol security options (e.g.- authentication).
Identify which Cohesity View protocols are read-only versus read/write by default.
Identify the three different types of security parameters that can be configured on a Cohesity View (e.g.- access- encryption- auditing).
Describe Cohesity View WORM compliance options (Write Once Read Many for immutability).
Describe Cohesity View file auditing capabilities.

Key Terminologies: Allowlists (IP-based access control)- granular permissions (user/group level)- SMB shares (Windows file sharing)- protocol security options (e.g.- Kerberos)- read-only/read-write protocols- security parameters (configs for protection)- WORM compliance (immutable storage for regulations)- file auditing (logging access events).