Ccse r71 Study

Check Point Security Expert R70 / R71
Study Guide
Check Point Certified Security Administrator

Exam: #156-315.71
Copyright Check Point Software Technologies

Ltd. All rights reserved.
Printed by Check Point Press
A Division of Check Point Software Technologies Ltd.
First Printing December 2010
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at
DFARS 252.227-7013 and FAR 52.227-19.
2003-2010 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No
part of this product or related documentation may be reproduced in any form or by any means
without prior written authorization of Check Point. While every precaution has been taken in
the preparation of this book, Check Point assumes no responsibility for errors or omissions.
This publication and features described herein are subject to change without notice.
TRADEMARKS
2003-2010 Check Point Software Technologies Ltd. All rights reserved. Check
Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security,
Check Point Endpoint Security On Demand, Check Point Express, Check Point
Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding
Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid
Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG,
NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile,
Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home,
Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL,
SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1,
SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advi-
sor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning,

SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView
Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network
Extender, Stateful Clustering, Total Security, the totalsecurity logo, TrueVector,
Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1
Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator
Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1
Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1
SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX,
Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus,
ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro,
ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its
affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All
other product names mentioned herein are trademarks or registered trademarks of
their respective owners. The products described in this document are protected by
U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943,
and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications.
DISCLAIMER OF WARRANTY
Check Point Software Technologies Ltd. makes no representation or warranties,
either express or implied by or with respect to anything in this document, and shall
not be liable for any implied warranties of merchantability or fitness for a particular
purpose or for any indirect special or consequential damages.
International Headquarters:
5 HaSolelim Street
Tel Aviv 67897, Israel
Tel: +972-3-753 4555
U.S. Headquarters:
800 Bridge Parkway

Redwood City, CA 94065
Tel: 650-628-2000
Fax: 650-654-4233
Technical Support, Education & Professional Services:
8333 Ridgepoint Drive, Suite 150

Irving, TX 75063
Tel: 972-444-6612
Fax: 972-506-7913
E-mail any comments or questions about our
courseware to courseware@us.checkpoint.com.
For questions or comments about other Check
Point documentation, e-mail
CP_TechPub_Feedback@checkpoint.com.
Document #:
CCSA R70 Study Guide
Revision:
R71001
Content:
Mark Hoefle
Graphics:
Jeffery Holder
Chapter 1
The Check Point Certified Security Expert Exam
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2
Management Portal
Check Point Management Portal Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 3
Smart Workflow
11
Check Point SmartWorkflow Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 4
SmartProvisioning
17
Check Point SmartProvisioning Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Chapter 5
SSL Portal-Based VPN
25
Check Point SSL Portal-Based VPN Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Chapter 6
Acceleration
31
Check Point Acceleration Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Chapter 7
High Availability
37
Check Point High Availability Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 8
Clustering
43
Check Point Clustering Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Chapter 9
Advanced Networking - Routing
49
Check Point Advanced Networking Routing Topics . . . . . . . . . . . . . . . . . . . . . . . 50

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Chapter 10
Balancing
Advanced Networking Load

55
Check Point Advanced Networking Load Balancing Topics . . . . . . . . . . . . . . . 56

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Chapter 11
Advanced Networking - QoS
61
Check Point Advanced Networking QoS Topics . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Chapter 12
Check Point IPS
67
Introduction to the Check Point IPS Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Sample CCSA R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Chapter 13
Data Loss Prevention
73
Introduction to the Check Point Data Loss Prevention Topics . . . . . . . . . . . . . . . . . 74

Sample CCSA R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Preface
The Check Point Certified Security
Expert Exam
The Check Point Security Expert R70 / R71 course is intended to provide an understanding of upgrading and advanced configuration of Check Point software blades,
installing and managing VPNs (on both internal and external networks), gaining the
maximum security from Security Gateways, and resolving Gateway performance
issues. The Check Point Security Expert R70 / R71 Study Guide supplements
knowledge you have gained from the Check Point Security Expert R70 / R71
course, and is not a sole means of study.
The Check Point Certified Security Expert R71 (CCSE) exam covers the following
topics:
Define how the Management Portal aids in managing and troubleshooting
security configurations.
Describe how to extend access to network policy settings to outside auditors
Identify the advantages of SmartWorkflow in tracking, approving, and auditing
security policy changes.
Assess the benefits of policy life-cycle management and change management.
Determine typical SmartWorkflow administrative and use processes.
Identify the advantages of SmartProvisioning as a centralized management
tool.
1
Preface: The Check Point Certified Security Expert Exam
Determine typical typical SmartProvisioning deployment scenarios.

Describe profile based management as it applies to SmartProvisioning.
Describe the security features of SSL VPN
Identify the role of the SSL VPN in common deployment scenarios.
Identify the advantages of SecureXL security acceleration with intense security
processing requirements.
Assess the benefits of multi-core CPU combined with SecureXL security
acceleration.
Identify the features and limitations of Management High Availability.
Determine typical multiple security gateway cluster configurations using
ClusterXL
Identify the advantages of Advanced Routing protocols for scalability, faulttolerance, security.
Determine typical Load Balancing configurations using Advanced Networking
Determine typical Load Balancing configurations using Advanced Networking
Define the purpose for Reporting.
Given logged data, produce reports that provide an audit of network traffic.
Define the need for intrusion event analysis.
Monitor and analyze alerts to track and identify network intrusions.
Check Point Security Expert R70 / R71 Study Guide
Frequently Asked Questions

The table below provides answers to commonly asked questions about
the CCSE NGX R71 exam:
Question
Answer
What are the Check Point recommendations and prerequisites?
You must pass the CCSA R71 exam, before taking

the CCSE R71 exam. Check Point recommends you
have at least 6 months to 1 year of experience with
the products, before attempting to take the CCSE
R70 exam. In addition, you should also have basic
networking knowledge, knowledge of Windows
Server and/or UNIX, and experience with TCP/IP
and the Internet.
Check Point also recommends you take the Check
Point Security Administrator R70 / R71 class from a
Check Point Authorized Training Center (ATC). We
recommend you take this class before taking the
CCSE R71 exam. To locate an ATC, see:
www.checkpoint.com/services/education/
certification/ngx_atc.html
How do I register?
Check Point exams are offered through Pearson

VUE, a third-party testing vendor with more than
3,500 testing centers worldwide.
Pearson VUE offers a variety of registration options.
Register via the Web or visit a specific test center.
Registrations at a testing center may be made in
advance or on the day you wish to test, subject to
availability. For same-day testing, contact the testing
center directly.
Locate a testing center from the VUE Pearson Web
site:
www.pearsonvue.com
What is the exam structure?
The exams are composed of multiple-choice

and scenario questions. There is no partial
credit for incorrectly marked questions.

Question
How long is the exam?
Do I get extra time, if I am not
a native English speaker?

Answer
The following countries are given 120 minutes

to complete the exam. All other regions get 150
minutes:
Australia
Bermuda
Canada
Japan
New Zealand
Ireland
South Africa
UK
US
For more exam and course information, see:

http://www.checkpoint.com/services/education/
Chapter
Management Portal
The Check Point Management Portal Software Blade allows the extension of
browser-based management access to outside groups, such as technical support
staff or auditors, while still maintaining centralized administrative control of policy
enforcement. Management Portal users can view security policies, check on the status of all Check Point products, and administrator activity, manage firewall logs,
and edit, create and modify internal users.
Objectives:
Configure Administrative access to the Security Management server from
an offsite machine to facilitate remote management of corporate Security
Gateways.
Chapter 1: Management Portal
Check Point Management Portal Topics

The following table outlines the topics covered in the Management
Portal chapter of the Check Point Security Expert R70 / R71 Course. This
table is intended as a supplement to knowledge you have gained from
the Security Expert R70 / R71 Courseware handbook, and is not meant
to be a sole means of study.
Topic
Key Element
Web Based Administration
Page
Number
p. 03
Deploying the Management Portal Dedicated Server
p. 03
Deploying the Management Portal Security Management Server
p. 04
Management Portal Commands and

Configurations
p. 04
Client Side Requirements
p. 05
Table 1-1: Management Portal Topics
Topic
Key Element
Lab 1: Environment Setup
Page
Number
L-p. 1
Build the Management Server
L-p. 2
Build Gateways
L-p. 7
Install and Configure NTP
L-p. 11
Establishing SIC
L-p. 12
Lab 2:Management Portal
L-p. 15
Configure Management Portal on
Corporate Site
L-p. 16
Test Management Portal Access
L-p. 18
Configure Management Portal

Access on Partner Site
L-p. 22
Test Management Portal with Read

Only Access
L-p. 27
Table 1-1: Management Portal Topics
Sample CCSE R71 Exam Question

The Management Portal allows all of the following EXCEPT:
1. View administrator activity.
2. Schedule policy installation.
3. View the status of Check Point products.
4. Manage firewall logs.
Answer
Answer
The Management Portal allows all of the following EXCEPT:
1. View administrator activity.
2. Schedule policy installation.
3. View the status of Check Point products.
4. Manage firewall logs.
Chapter
Smart Workflow
The SmartWorkflow Blade is a security policy change-management solution that

tracks all proposed changes to the Check Point network security environment, and
provides a management review and approval process, before a new policy implementation.
Objectives:
Process a change request based on an organizations existing management
infrastructure.
11
Chapter 2: Smart Workflow
Check Point SmartWorkflow Topics

The following table outlines the topics covered in the SmartWorkflow
chapter of the Check Point Security Expert R70 R71 Course. This table is
intended as a supplement to knowledge you have gained from the
Security Expert R70 / R71 Courseware handbook, and is not meant to
be a sole means of study.
Topic
Key Element
Change Management
Page
Number
p. 11
The SmartWorkflow Environment
p. 12
Task Flow
p. 12
SmartWorkflow Toolbar
p. 15
The SmartWorkflow Session Management Window
p. 17
SmartWorkflow Session Information
p. 20
Working with SmartWorkflow
p. 21
Assigning Permissions
p. 21
Enabling SmartWorkflow
p. 21
Configuring SmartWorkflow
p. 22
Working with Sessions
p. 23
Comparing Policies
p. 26
Approving Sessions
p. 27
Auditing Changes
p. 28
Table 2-2: SmartWorkflowTopics
12
Topic
Key Element
Lab 3: SmartWorkflow
Page
Number
L-p. 29
Create New Administrators
L-p. 30
Configure SmartWorkflow
L-p. 33
Open and Submit a Session for

Approval
L-p. 36
Disapprove the Session and Request

a Modification
L-p. 42
Repair Sessin 1
L-p. 45
Approve the Session and Install

Policy
L-p. 50
Disable SmartWorkflow
L-p. 51
13

Which of the following can NOT approve a change in a SmartWorkflow
Session?
1. Customer Superusers.
2. Provider-1 Superusers.
3. FireWalll Administrators
4. FireWall Managers.
14
Answer
Answer
Which of the following can NOT approve a change in a SmartWorkflow
Session?
1. Customer Superusers.
2. Provider-1 Superusers.
3. FireWalll Administrators
4. FireWall Managers.
15
Chapter
SmartProvisioning
The Check Point SmartProvisioning software blade enables you to manage and
maintain thousands of gateways from a single Security Management server or Provider- 1 CMA, with features to define, manage, and provision large-scale deployments of Check Point gateways.
Objectives:
Determine and implement the appropriate Provisioning deployment
scenario based on corporate requirements.
Modify different properties on remote Gateways (i.e., DNS, Networking)
per corporate requirements.
17
Chapter 3: SmartProvisioning
Check Point SmartProvisioning Topics

The following table outlines the topics covered in the
SmartProvisioning chapter of the Check Point Security Expert R70 / R71
Course. This table is intended as a supplement to knowledge you have
gained from the Security Expert R70 / R71 Courseware handbook, and
is not meant to be a sole means of study.
Topic
Key Element
SmartProvisioning Overview
Page
Number
p. 33
SmartProvisioning Management
p. 33
Enabling SmartProvisioning
p. 34
SmartProvisioning Console
p. 36
Tree Pane
p. 36
Workspace Pane
p. 36
Status View
p. 37
SmartProvisioning Wizard
p. 39
SmartProvisioning Profiles
p. 40
UTM-1 Edge-Only SmartProvision- p. 41
ing
Gateway Management
p. 44
Adding Gateways to SmartProvisioning
p. 44
Gateway Edit Windows
p. 45
Real-Time Gateway
Actions
p. 45
Remotely Controlled Gateways
Editing Gateway Properties
p. 45
p. 47
Table 3-3: SmartProvisioning Topics
18
Topic
Key Element
Executing Commands
Managing SmartLSM Security Gateways
Page
Number
p. 47
p. 48
Applying Dynamic Object Values
p. 48
Getting Updated Security Policy
p. 49
Changing Assigned SmartLSM

Security Profile
p. 50
Tracking
p. 51
Log Servers
p. 52
Configuring SmartLSM Gateway

Topology
p. 53
Managing Security Gateways
p. 55
Scheduling Backups
p. 55
Configuring Hosts
p. 56
Configuring the Domain
p. 57
Configuring Host Name
p. 57
Configuring Routing
p. 58
Managing Software
p. 58
The package Repository
p. 59
Distributing Packages
p. 59
Security Gateway Actions
p. 60
Applying Changes
p. 62
Maintenance Mode
p. 63
UTM-1 Edge Portal
p. 64
UTM-1 Edge Ports
p. 64

19
Topic
Key Element
Provisional Settings
Understanding Dynamic
Objects
Page
Number
p. 65
p. 68
Benefits of Dynamic Objects
p. 68
Dynamic Object Types
p. 68
Dynamic Object Values
p. 69
Command Line
p. 70
20
Topic
Key Element
Lab 4: SmartProvisioning
Page
Number
L-p. 53
Enable SmartProvisioning
L-p. 54
Create New Profile
L-p. 63
Assign Profile to Gateways
L-p. 66
Push Policy to Gateways
L-p. 68
Verify Profile Changes
L-p. 69
21

Which version is the minimum requirement for SmartProvisioning??
1. R70.2
2. R65-HFA 40
3. R70
4. R71
22
Answer
Answer
Which version is the minimum requirement for SmartProvisioning??
1. R70.2
2. R65-HFA 40
3. R70
4. R71
23
Chapter
SSL Portal-Based VPN
Check Point SSL VPN Software Blade is a comprehensive remote access solution
that allows mobile and remote workers to connect easily and securely from any location, with any Internet device to critical resources. This software blade option integrates easily into your existing Check Point gateway, enabling more secure and
operationally efficient remote access for your endpoint users. The data transmitted
by remote access is decrypted and then filtered and inspected in real-time by Check
Points gateway security services such as anti-virus, intrusion prevention and Web
security. The SSL VPN Software Blade also includes secure methods for authentication, and the ability to check the security posture of the remote device.
Objectives:
Configure applications for SSL VPN remote access based on corporate
and user requirements.
25
Chapter 4: SSL Portal-Based VPN
Check Point SSL Portal-Based VPN Topics

The following table outlines the topics covered in the SSL Portal-Based
VPN chapter of the Check Point Security Expert R70 / R71 Course. This
table is intended as a supplement to knowledge you have gained from
the Security Expert R70 / R71 Courseware handbook, and is not meant
to be a sole means of study.
Topic
Key Element
SSL VPN Software Blade

Overview
Page
Number
p. 75
Key Features
p. 76
Simple Deployment - SSL VPN
p. 77
Deploying SSL VPN - DMZ
p. 78
Cluster Deployment
p. 79
SSL VPN Management
p. 79
SSL Network Extender
p. 80
SSL VPN Security Features
p. 81
Configuration Workflows
p. 83
The SSL VPN Wizard
p. 84
Setting up the SSL VPN Portal
p. 84
User Workflow
p. 84
Managing Access to Applications
p. 84
Protection Levels
p. 86
Introduction to Applications
p. 87
Web Applications
p. 87
File Shares
p. 87
Citrix Services
p. 88
26
Topic
Key Element
Page
Number
Web Mail Services
p. 88
Native Applications
p. 89
27
Topic
Key Element
Lab 5: SSL VPN
Page
Number
L-p. 71
Install SSL VPN
L-p. 72
Manditory Hotfix for R71 SSL

VPN Software Blade
L-p. 73
Enable SSL VPN in SmartDashboardl
L-p. 73
Create a File-Share Application in

SSL VPN Tab
L-p. 73
Create an Internal User
L-p. 78
Assign File-Share Access to User

Group
L-p. 81
Verify File-Share Access Through

the User Portal
L-p. 85
Configure Embedded RDP
L-p. 88
Permit Access to Applications
L-p. 93
Configure Global Properties
L-p. 96
Configure Server and Client
L-p. 98
Test RDP Session
L-p. 98
28

Where is the ideal place to deploy your SSL VPN:
1. SSL VPN enabled on the gateway
2. Anywhere
3. Deployed in DMZ
4. In front of the external interface on the gateway
29
Answer
Answer
Where is the ideal place to deploy your SSL VPN:
1. SSL VPN enabled on the gateway
2. Anywhere
3. Deployed in DMZ
4. In front of the external interface on the gateway
30
Chapter
Acceleration
The Check Point Acceleration and Clustering Software Blade delivers a set of advanced technologies, SecureXL and ClusterXL, that work together to maximize
performance and security in high-performance environments.
Objectives:
Configure and verify that traffic throughput is enhanced using SecureXL
on a SecurePlatform Pro Security Gateway.
31
Chapter 5: Acceleration
Check Point Acceleration Topics

The following table outlines the topics covered in the Acceleration
chapter of the Check Point Security Expert R70 / R71 Course. This table is
Topic
Key Element
Check Point Acceleration

and Clustering
Page
Number
p. 95
SecureXL Security Acceleration
p. 95
What SecureXL Does
p. 96
Throughput Acceleration
p. 96
Connection Rate Acceleration
p. 96
Madking the Source Port
p. 97
Application Layer Protocol
p. 98
HTTP 1.1
p. 99
Other Application Layer Protocols
p. 100
UDP Pseudo-Connections
p. 100
Packet Flow
p. 101
SecureXL API
p. 102
VPN Capabilities
p. 103
CoreXL: Multicore Acceleration
p. 105
Supported Platforms and Features
p. 106
Performance Tuning
p. 107
Processing Core Allocation
p. 107
Packet Flows
p. 108
Table 5-5: SecureXL
32
Topic
Key Element
Page
Number
Adding Processing Cores to the

Hardware
p. 108
Allocating an Additional Core to

the SND
p. 109
Allocating a Core for Heavy Logging
p. 109
Table 5-5: SecureXL
33
Topic
Key Element
Lab 6: SecureXL
Page
Number
L-p. 101
Enable and Configure SecureXL on

the Gateway
L-p. 102
Open Connections and Verify

Acceleration
L-p. 104
Table 5-5: SecureXL
34

What is the maximum number of cores supported by CoreXL?
1. 6
2. 18
3. 04
4. 012
35
Answer
Answer
What is the maximum number of cores supported by CoreXL?
1. 6
2. 8
3. 4
4. 12
36
Chapter
High Availability
Check Point High Availability limits any disruption to network uptime should a security gateway face unforeseen performance issues. High Availability transparently
redistributes workloads to surviving cluster gateways without impacting communication throughout the cluster.
Objectives:
Deploy New Mode HA on a new cluster member.
37
Chapter 6: High Availability
Check Point High Availability Topics

The following table outlines the topics covered in the High
Availability chapter of the Check Point Security Expert R70 / R71 Course.
This table is intended as a supplement to knowledge you have gained
from the Security Expert R70 / R71 Courseware handbook, and is not
meant to be a sole means of study.
Topic
Key Element
Management High Availability
Page
Number
p. 115
The Management High Availability

Environment
p. 116
What Data is Backed Up gy the

Standby Security Servers?
p. 117
Synchronization Modes
p. 117
Synchronization Status
p. 117
Table 6-6: High Availability
38
Check Point Security Expert R70 / R71Study Guide
Topic
Key Element
Lab 7: Deploying New

Mode HA
Page
Number
L-p. 107
Create and Configure a Secondary

Cluster Member
L-p. 109
Cluster and Member IP Addresses
L-p. 110
Reconfigure Routing
L-p. 113
Configure Gateway-Cluster Objects L-p. 114

Configure ClusterXL Properties
L-p. 123
Modify the Rule Base
L-p. 125
Pass Traffic Through Cluster
L-p. 125
Observe Cluster Status in SmartView Monitor
L-p. 126
Test Failover
L-p. 128
Method 1
L-p. 128
Method 2
L-p. 129
Method 3
L-p. 129
Table 6-6: High Availability
39

What could be a reason why synchronization between primary and
secondary Security Management Servers does not occur?
1. You have installed both Security Management Servers on different
server systems (e.g. one machine on HP hardware and the other one
on Dell).
2. You did not activate synchronization within the Global Properties.
3. You are using different time zones.
4. If the set of installed products differ from each other, the Security
Management Servers do not synchronize the database to each other.
40
Check Point Security Expert R70 / R71Study Guide
Answer
Answer
What could be a reason why synchronization between primary and
secondary Security Management Servers does not occur?
1. You have installed both Security Management Servers on different
server systems (e.g. one machine on HP hardware and the other one
on Dell).
2. You did not activate synchronization within the Global Properties.
3. You are using different time zones.
4. If the set of installed products differ from each other, the
Security Management Servers do not synchronize the database
to each other..
41
Chapter
Clustering
The Check Point Acceleration and Clustering Software Blade delivers a set of advanced technologies, SecureXL and ClusterXL, that work together to maximize
performance and security in high-performance environments.
Objectives:
Learn the standard configurations for ClusterXL
Learn how packets travel through a cluster
Learn the basics of how VRRP works on the IP appliance
43
Chapter 7: Clustering
Check Point Clustering Topics

The following table outlines the topics covered in the Clustering
chapter of the Check Point Security Expert R70 / R71 Course. This table is
Topic
Key Element
ClusterXL: Smart Load

Balancing
Page
Number
p. 125
Installing ClusterXL
p. 126
Clusteing terms
p. 126
Unicast Load Sharing
p. 128
How Pivot Mode Works
p. 129
How Packets Travel Through a

Custer
p. 130
Cluster Control Protocol
p. 131
Cluster Synchronization
p. 131
Check Point State Synchronization
p. 131
Sticky Connections
p. 133
The Sticky Decision Function
ClusterXL Configuration
Issues
p. 133
p. 134
Modes of ClusterXL Supporting

SecureXL
p. 134
Crossover-Cable Support
p. 134
VRRP Overview
p. 135
How VRRP Works
p. 136
Table 7-7: Clustering
44
Topic
Key Element
Page
Number
VRRP with Internal and External

VRIDs
p. 137
VRRP with Simultaneous Backup
p. 138
45
Topic
Key Element
Lab 8: Load Sharing Unicast (Pivot) and Multicast

Modes
Page
Number
L-p. 131
Configure Load Sharing Unicast

Mode
L-p. 132
Test Load Sharing Unicast Mode
L-p. 133
Configure Load Sharing Multicast

Mode
L-p. 137
Test Load Sharing Multicast Mode
L-p. 139
Lab 9: VPN with Sticky

Decision Function
L-p. 141
Configure VPN in a Cluster
L-p. 142
Define the VPN Domain
L-p. 142
Create the VPN Community
L-p. 145
Create the VPN Rule and Modify

the Rule Base
L-p. 147
Test VPN Connection
L-p. 148
View a Packet Capture of FT Connections without Sticky Decision

Function
L-p. 149
View a Packet Capture of FT Con- L-p. 152

nections with Sticky Decision Function
46

By default, a standby Security Management Server is automatically
synchronized by an active Security Management Server, when:.
1. The Security Policy is saved.
2. The Security Policy is installed.
3. The user database is installed.
4. The standby Security Management Server starts for the first time.
47
Answer
Answer
By default, a standby Security Management Server is automatically
synchronized by an active Security Management Server, when:.
1. The Security Policy is saved.
2. The Security Policy is installed.
3. The user database is installed.
4. The standby Security Management Server starts for the first time.
48
Chapter
Advanced Networking - Routing
The Check Point Advanced Networking Software Blade makes it easier for administrators to deploy security within complex and highly utilized network environments making this ideal for high-end enterprise and datacenter environments where
performance and availability are critical.
Objectives:
Configure VPN in a clustered environment, and demonstrate VPN
failover.
Configure and test VPN Tunnel Interfaces (VTIs) for a clustered
environment.
49
Chapter 8: Advanced Networking - Routing Check Point Advanced Networking Routing Topics
Check Point Advanced Networking

Routing Topics
The following table outlines the topics covered in the Advanced
Networking - Routing chapter of the Check Point Security Expert R70 /
R71 Course. This table is intended as a supplement to knowledge you
have gained from the Security Expert R70 / R71 Courseware handbook,
and is not meant to be a sole means of study.
Topic
Key Element
Advanced Networking
Blade
Page
Number
p. 143
Check Point Dynamic Routing

The Command Line Interface
p. 145
p. 147
User Execution Mode
p. 147
Privileged Execution Mode
p. 147
Global Configuration Mode
p. 147
Router Configuration Mode
p. 148
Interfaces
p. 149
Kernel Interfaces
p. 149
Martian Addresses
p. 150
Border Gateway Protocol

(BGP)
p. 151
BGP Decision Process
p. 152
Dynamic Capabilities
p. 153
Internet Control Message

Protocol (ICMP)
p. 154
Open Shortest Path First

Protocol
p. 155
Table 8-8: Advanced Networking - Routing
50
Check Point Advanced Networking Routing TopicsChapter 8: Advanced Networking - Routing
Topic
Key Element
Page
Number
Router Discovery Protocol
p. 157
SNMP Multiplexing
(SMUX)
p. 159
Distance Vector Multicast

Routing Protocol
(DVMRP)
p. 160
Internet Group Management Protocol (IGMP)
p. 161
Protocol Independent Multicast
Access Lists
p. 160
p. 163
AS Paths and AS Path Lists
p. 163
BGP Communities and Community

Lists
p. 165
Prefix Lists and Prefix Trees
p. 165
Route Aggregation and

Generation
p. 166
Route Flap Damping
p. 167
Route Maps
p. 167
Multicast Access Control
p. 168
Multicast Routing Protocols
p. 169
Dynamic Registration Using IGMP
p. 169
IP Multicast Group Addressing
p. 169
Reserved Local Addresses
p. 169
Per-Interface Multicast Restrictions
p. 171
VPN Connections
p. 171
Table 8-8: Advanced Networking - Routing
51
Chapter 8: Advanced Networking - Routing

Which statement is TRUE for route-based VPNs?
1. Route-based VPNs replace domain-based VPNs.
2. IP Pool NAT must be configured on each gateway.
3. Route-based VPNs are a form of partial overlap VPN Domain.
4. Dynamic-routing protocols are not required.
52
Answer
Answer
Which statement is TRUE for route-based VPNs?
1. Route-based VPNs replace domain-based VPNs.
2. IP Pool NAT must be configured on each gateway.
3. Route-based VPNs are a form of partial overlap VPN Domain.
4. Dynamic-routing protocols are not required.
53
Answer
54
Chapter
Advanced Networking Load
Balancing
The Check Point Advanced Networking Software Blade provides for flexible server
load balancing. Each connection request is directed to a specific server based on one
of the Advanced Networking Software Blades pre-defined load balancing algorithms.
Objectives:
Configure Load Sharing Unicast (Pivot) and Multicast Mode on a cluster
member.
55
Chapter 9: Advanced Networking Load Balancing Check Point Advanced Networking Load
Check Point Advanced Networking Load

Balancing Topics
Networking - Load Balancing chapter of the Check Point Security Expert
R70 / R71 Course. This table is intended as a supplement to knowledge
you have gained from the Security Expert R70 / R71 Courseware
handbook, and is not meant to be a sole means of study.
Topic
Key Element
Why Load Balancing?
Page
Number
p. 175
ConnectControl
p. 175
Methods of Load-Balancing
p. 176
ConnectControl Packet Flow
p. 177
Logical Server Types
p. 177
Packet Flow in an HTTP Logical

Server
p. 178
Packet Flow in Other Logical

Server Types
p. 179
Persistent Server Mode
p. 181
Server Availability
p. 182
Load Measuring
p. 183
Table 9-9: Advanced Networking - Load Balancing
56
Chapter 9: Advanced Networking Load Balancing

In which ClusterXL Load Sharing mode, does the pivot machne get
chosen automatically by ClusterXL
1. Hot Standby Load Sharing
2. CCP Load Sharing
3. Unicast Load Sharing
4. Multicast Load Sharing
57
Answer
Answer
In which ClusterXL Load Sharing mode, does the pivot machne get
chosen automatically by ClusterXL
1. Hot Standby Load Sharing
2. CCP Load Sharing
3. Unicast Load Sharing
4. Multicast Load Sharing
58
Answer
59
Chapter
Advanced Networking - QoS
10
The Advanced Networking blade lets you to prioritize business-critical traffic such
as ERP, database, and Web services traffic over less time-critical traffic. It also allows you to guarantee bandwidth and control latency for streaming applications
such as Voice over Internet Protocol (VoIP) and video conferencing. In addition,
with highly granular controls, the Advanced Networking blade enables guaranteed
or priority access to specific employeeseven if they are remotely accessing network resources through a VPN tunnel.
Objectives:
Setup and verify the best QoS configuration, using the Advanced
Networking Software Blade, for your corporate environment, and test
and confirm a bandwidth control Policy.
61
Chapter 10: Advanced Networking - QoS
Check Point Advanced Networking QoS Topics
Check Point Advanced Networking QoS

Topics
Networking - QoS chapter of the Check Point Security Expert R70 / R71
gained from the Security Expert R70 / R71 Courseware handbook, and
Topic
Key Element
Quality of Service
Page
Number
p. 189
QoS Technology - Stateful Inspection

QoS Architecture
p. 190
p. 192
QoS Gateway
p. 193
QoS Security Management Server
p. 193
QoS SmartConsole
p. 194
QoS Configuration
p. 195
Client/Server Interaction
p. 196
QoS Policy Management
p. 197
Bandwidth Allocation and Rules
p. 199
Default Rule
p. 200
QoS Action Type
p. 200
Example of a Rule Matching VPN

Traffic
p. 201
Bandwidth Allocation and SubRules
p. 202
Implementing the Rule Base
p. 203
Deploying QoS
p. 204
Table 10-10: Advanced Networking - QoS
62
Topic
Key Element
Sample Bandwidth Allocations
Page
Number
p. 205
63
Topic
Key Element
Lab 10: Configuring Check

Point QoS Policy
Page
Number
L-p. 155
Enable and Configure Check Point

QoS
L-p. 156
Enable Check Point QoS on Security Gateway
L-p. 156
Configure Check Point QoS Global

Properties
L-p. 157
Configure QoS on the Gateway
L-p. 157
Create Check Point QoS Rules and

Adjust rule Weights
L-p. 159
Add Outbound Rule
L-p. 159
Add Inbound Rule
L-p. 161
Verify and Install Policy
L-p. 163
Test QoS Policy
L-p. 164
Inbound Transfer Rate
L-p. 164
Outbound Transfer Rate
L-p. 165
64

Shich Check Point QoS feature is used to dynamically allocat relative
portions of available bandwidth?
1. Guarantees
2. Weighted Fair Queing
3. Low Latency Queuing
4. Differentiated Services
65
Answer
Answer
Shich Check Point QoS feature is used to dynamically allocat relative
portions of available bandwidth?
1. Guarantees
2. Weighted Fair Queing
3. Low Latency Queuing
4. Differentiated Services
66
Chapter
Check Point IPS
11
This chapter presents basic information on Check Points Intrusion Prevention Software Blade, how intrusion prevention systems work, and prevent network attacks
that the intrusion prevention system can detect.
Objectives:
Implement default or customized profiles to designated Gateways in the
corporate network.
Manage profiles by tracking changes to the network, including
performance degradation, and troubleshoot issues with the network
related to specific IPS policy rules.
67
Chapter 11: Check Point IPS
Introduction to the Check Point IPS Topics

The following table outlines the topics covered in the Check Point
IPS chapter of the Check Point Security Administrator R70 / R71 Course.
This table is intended as a supplement to knowledge you have gained
from the Security Administrator R70 / R71 Courseware handbook, and
Topic
Key Element
IPS Overview
Page
Number
p. 211
New IPS Engine/Architecture
p. 213
Flexible IPS Policy Management
p. 215
IPS Event Manager
p. 216
Configuring and Managing IPS
p. 217
IPS Protection
p. 219
IPS Profiles
p. 220
Assigning Profiles
p. 220
Protection Browser
p. 221
Exporting the Protections List
p. 223
Protection Parameters
p. 223
Activating Protections
p. 226
Automatically Activating Protections
p. 226
Manually Activating Protections
p. 228
Monitoring Traffic
p. 229
Network Exceptions
p. 231
Viewing Packet Information
p. 232
Optimizing IPS
p. 233
Table 11-11: Check Point IPS Topics
68
Check Point Security Administrator R70 / R71 Study Guide
Topic
Key Element
Page
Number
Performance Management
p. 234
Bypass Under Load
p. 235
Troubleshooting
p. 236
Tuning Protections
p. 237
IPS Policy Settings
p. 237
Enhancing System Performance
p. 238
Updating Protections - IPS

Subscription
p. 239
Managing IPS Protections
p. 240
Updating IPS Protections
p. 240
IPS Software Blade Contracts (R71) p. 242

Lab 11: Implementing IPS
L-p. 167
Modify the Gateway Properties
L-p. 168
Modify DMZ Server Object
L-p. 169
Configure IPS for Preliminary

Detection
L-p. 172
Create a New IPS Profile
L-p. 173
Assign to Gateway
L-p. 179
Generate an Attack
L-p. 181
Analyze the Attack
L-p. 184
Reconfigure IPS to Block Attacks
L-p. 187
Review Logs
L-p. 190
Check Point Security Administrator R70 / R71Study Guide
69
Sample CCSA R71 Exam Question

You just upgraded to R71 and are using the IPS Software Blade. You
want to enable all critical protections while keeping the rate of false
positive very low. How can you achieve this?
1. The new IPS system is based on policies and gives you the ability to
activate all checks with critical severity and a high confidence level.
2. This can't be achieved; activating any IPS system always causes a high
rate of false positives.
3. As in SmartDefense, this can be achieved by activating all the critical
checks manually.
4. The new IPS system is based on policies, but it has no ability to
calculate or change the confidence level, so it always has a high rate
of false positives.
70
Answer
Answer
You just upgraded to R71 and are using the IPS Software Blade. You
want to enable all critical protections while keeping the rate of false
positive very low. How can you achieve this?
1. The new IPS system is based on policies and gives you the
ability to activate all checks with critical severity and a high
confidence level.
2. This can't be achieved; activating any IPS system always causes a high
rate of false positives.
3. As in SmartDefense, this can be achieved by activating all the critical
checks manually.
4. The new IPS system is based on policies, but it has no ability to
calculate or change the confidence level, so it always has a high rate
of false positives.
71
72
Answer
Chapter
12
The need to secure our data goes beyond access to network resources. It isnt
enough to permit or deny access into and out of internal networks where confidential company data is located. Research has shown that one of the greatest threats to
data loss is unintentional and from the inside. The Check Point Data Loss Prevention (DLP) Appliances and Software Blade address the need to protect sensitive
data from leaving secure corporate sites.
Objectives:
Configure DLP Data Types in a rule.
Monitor and adjust DLP Policies
73
Chapter 12: Data Loss Prevention
Introduction to the Check Point Data Loss Prevention Topics
Introduction to the Check Point Data Loss

Prevention Topics
The following table outlines the topics covered in the Data Loss
Prevention chapter of the Check Point Security Administrator R70 / R71
gained from the Security Administrator R70 / R71 Courseware
handbook, and is not meant to be a sole means of study.
Topic
Key Element
The Need for Data Loss

Prevention
Page
Number
p. 249
DLP Gateway in a Network
p. 251
What Happens on Rule Match
p. 252
Deployment Options
p. 253
DLP Platforms and Performance
p. 253
DLP User Check
p. 254
Installing, Connecting, Verifying

Clients
p. 255
Data Loss Prevention Portal
p. 255

Views
p. 257
My Organization
DLP Policies
p. 259
p. 260
The Default Policy
p. 260
DLP Policy vs, Security Policy
p. 261

Actions
p. 263
Data Types
P. 264
74
Introduction to the Check Point Data Loss Prevention Topics
Topic
Key Element
Page
Number
Protecting Data by Keyword
p. 265
Dictionary Data Types
p. 266
Protecting Documents by Template
p. 266
Protecting Files
p. 267
Protecting Data by Pattern
p. 267
Protecting Data by CPcode
p. 267
Defining Compound Data

Types
p. 268
Data Type Groups
Lab 12: Data Loss Prevention
p. 269
L-p. 191
Topology Setup
L-p. 192
Configure the DLP Gateway
L-p. 196
Configure the DLP Object in Smart- L-p. 202

Dashboard
Modify the Rule Base
L-p. 209
Test the Default Policy
L-p. 210
Employee Name
L-p. 212
Keyword Search
L-p. 218
Template Exercise
L-p. 231
75

Mark the configuratin options that are available for Data Loss
Prevention in R71
1. A Dedicated DLP Gateway running only the DLP Software Blade.
2. The DLP Gateway running only the Firewall Software Blade.
3. The DLP Gateway running only the Management Server on the same
machine.
4. The DLP as an integrated software blade, which can be enabled on a
Check Point Security Gateway running other software blades such as
Firewall, IPS and Management.
76
Answer
Answer
Mark the configuratin options that are available for Data Loss
Prevention in R71
1. A Dedicated DLP Gateway running only the DLP Software
Blade.
2. The DLP Gateway running only the Firewall Software Blade.
3. The DLP Gateway running only the Management Server on the same
machine.
4. The DLP as an integrated software blade, which can be enabled on a
Check Point Security Gateway running other software blades such as
Firewall, IPS and Management.
77
78
Answer

Ccse r71 Study

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Ccse r71 Study

Enviado por

Direitos autorais:

Formatos disponíveis

Check Point Security Expert R70 / R71

Check Point Certified Security Administrator

Copyright Check Point Software Technologies

sor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning,

800 Bridge Parkway

Technical Support, Education & Professional Services:

8333 Ridgepoint Drive, Suite 150

CCSA R70 Study Guide

The Check Point Certified Security Expert Exam

Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Check Point Management Portal Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Check Point SmartWorkflow Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Check Point SmartProvisioning Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

SSL Portal-Based VPN

Check Point SSL Portal-Based VPN Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Check Point Acceleration Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Check Point High Availability Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Check Point Clustering Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Advanced Networking - Routing

Check Point Advanced Networking Routing Topics . . . . . . . . . . . . . . . . . . . . . . . 50

Advanced Networking Load

Check Point Advanced Networking Load Balancing Topics . . . . . . . . . . . . . . . 56

Advanced Networking - QoS

Check Point Advanced Networking QoS Topics . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Check Point IPS

Introduction to the Check Point IPS Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Sample CCSA R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Data Loss Prevention

Introduction to the Check Point Data Loss Prevention Topics . . . . . . . . . . . . . . . . . 74

Preface: The Check Point Certified Security Expert Exam

Determine typical typical SmartProvisioning deployment scenarios.

Check Point Security Expert R70 / R71 Study Guide

Frequently Asked Questions

Preface: The Check Point Certified Security Expert Exam

Frequently Asked Questions

What are the Check Point recommendations and prerequisites?

You must pass the CCSA R71 exam, before taking

Check Point exams are offered through Pearson

What is the exam structure?

The exams are composed of multiple-choice

Check Point Security Expert R70 / R71 Study Guide

Preface: The Check Point Certified Security Expert Exam

Frequently Asked Questions

The following countries are given 120 minutes

For more exam and course information, see:

Check Point Security Expert R70 / R71 Study Guide

Chapter 1: Management Portal

Check Point Management Portal Topics

Check Point Management Portal Topics

Web Based Administration

Deploying the Management Portal Dedicated Server

Deploying the Management Portal Security Management Server

Management Portal Commands and

Client Side Requirements

Table 1-1: Management Portal Topics

Check Point Security Expert R70 / R71 Study Guide

Check Point Management Portal Topics

Chapter 1: Management Portal

Lab 1: Environment Setup

Build the Management Server

Install and Configure NTP

Lab 2:Management Portal

Test Management Portal Access

Configure Management Portal