CCSA R70 Study Guide

Check Point Security Administrator R70
Study Guide
Check Point Certified Security Administrator

Exam: #156-215.70
Copyright © Check Point Software Technologies
Ltd. All rights reserved.
Printed by Check Point Press
A Division of Check Point Software Technologies Ltd.
First Printing December 2009
RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at
DFARS 252.227-7013 and FAR 52.227-19.
© 2003-2010 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No
part of this product or related documentation may be reproduced in any form or by any means
without prior written authorization of Check Point. While every precaution has been taken in
the preparation of this book, Check Point assumes no responsibility for errors or omissions.
This publication and features described herein are subject to change without notice.
TRADEMARKS
©2003-2010 Check Point Software Technologies Ltd. All rights reserved. Check
Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security,
Check Point Endpoint Security On Demand, Check Point Express, Check Point
Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectCon-
trol, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Coopera-
tive Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding
Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-
1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid
Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Client-
less Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG,
NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile,
Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider-
1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home,
Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlat-
form, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL,
SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1,
SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, Smart-
Center UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advi-
sor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning,
SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView
Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network
Extender, Stateful Clustering, Total Security, the totalsecurity logo, TrueVector,
Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1
Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator
Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1
Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1
SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX,
Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus,
ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro,
ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trade-
marks or registered trademarks of Check Point Software Technologies Ltd. or its
affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All
other product names mentioned herein are trademarks or registered trademarks of
their respective owners. The products described in this document are protected by
U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943,
and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pend-
ing applications.
DISCLAIMER OF WARRANTY
Check Point Software Technologies Ltd. makes no representation or warranties,
either express or implied by or with respect to anything in this document, and shall
not be liable for any implied warranties of merchantability or fitness for a particular
purpose or for any indirect special or consequential damages.
International Headquarters: 5 Ha’Solelim Street
Tel Aviv 67897, Israel
Tel: +972-3-753 4555
U.S. Headquarters: 800 Bridge Parkway
Redwood City, CA 94065
Tel: 650-628-2000
Fax: 650-654-4233
Technical Support, Education & Profes- 8333 Ridgepoint Drive, Suite 150
sional Services: Irving, TX 75063
Tel: 972-444-6612
Fax: 972-506-7913
E-mail any comments or questions about our
courseware to courseware@us.checkpoint.com.
For questions or comments about other Check
Point documentation, e-mail
CP_TechPub_Feedback@checkpoint.com.
Document #: CCSA R70 Study Guide
Revision: R70001
Content: Mark Hoefle
Graphics: Jeffery Holder

Preface The Check Point Certified Security Administrator Exam 1
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Chapter 1 Check Point Technology Overview 7
Check Point Technology Overview Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Sample CCSA R70 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2 Check Point Software Blades 13
Check Point Software Blades Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Chapter 3 Deployment Platforms 17
Deployment Platforms Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Chapter 4 Introduction to the Security Policy 23
Introduction to the Security Policy Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 5 Monitoring Traffic and

Connections 29
Introduction to the Monitoring Traffic and Connections Topics . . . . . . . . . . . . . . . 30

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 6 Using SmartUpdate 35
Introduction to the SmartUpdate Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Chapter 7 Upgrading to R70 39
Introduction to the Upgrading to R70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 8 User Management and

Authentication 43
Introduction to the User Management and Authentication Topics . . . . . . . . . . . . . . 45

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Chapter 9 Encryption and VPNs 49
Introduction to the Encryption and VPNs Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Chapter 10 User Management and

Authentication 55
Introduction to the Introduction to VPNs Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Chapter 11 Messaging and Content Security 61
Introduction to the Messaging and Content Security Topics . . . . . . . . . . . . . . . . . . . 62

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Chapter 12 Check Point IPS 67
Introduction to the Check Point IPS Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Preface
The Check Point Certified Security
Administrator Exam
The Check Point Security Administrator R70 course provides an understanding of

basic concepts and skills necessary to configure the Check Point Security Gateway,
configure Security Policies, and learn about managing and monitoring secure net-
works. The Check Point Security Administrator R70 Study Guide supplements
knowledge you have gained from the Security Administrator R70 course, and is not
a sole means of study.
The Check Point Certified Security Administrator R70 exam covers the following
topics:
Describe Check Point’s unified approach to network management, and the key
elements of this architecture
Design a distributed environment using the network detailed in the course
topology
Install the Security Gateway version R70 in a distributed environment using
the network detailed in the course topology
Given Check Point’s latest integration of CoreXL technology, select the best
security solution for your corporate environment
Given network specifications, perform a backup and restore the current
Gateway installation from the command line
1
Preface: The Check Point Certified Security Administrator Exam
Identify critical files needed to purge or backup, import and export users and
groups and add or delete administrators from the command line
Deploy Gateways using sysconfig and cpconfig from the Gateway command
line
Use the Command Line to assist support in troubleshooting common problems
on the Security Gateway
Given the network topology, create and configure network, host and gateway
objects
Verify SIC establishment between the SmartCenter Server and the Gateway
using SmartDashboard
Create a basic Rule Base in SmartDashboard that includes permissions for
administrative users, external services, and LAN outbound use
Configure NAT rules on Web and Gateway servers
Evaluate existing policies and optimize the rules based on current corporate
requirements
Maintain the Security Management Server with scheduled backups and policy
versions to ensure seamless upgrades and minimal downtime
Use queries in SmartView Tracker to monitor IPS and common network traffic
and troubleshoot events using packet data
Using packet data on a given corporate network, generate reports, troubleshoot
system and security issues, and ensure network functionality
Using SmartView Monitor, configure alerts and traffic counters, view a
Gateway's status, monitor suspicious activity rules, analyze tunnel activity and
monitor remote user access based on corporate requirements
Monitor remote Gateways using SmartUpdate to evaluate the need for
upgrades, new installations, and license modifications
Use SmartUpdate to apply upgrade packages to single or multiple VPN-1
Gateways
Upgrade and attach product licenses using SmartUpdate
2 Check Point Security Administrator R70 Study Guide

Preface: The Check Point Certified Security Administrator Exam
Centrally manage users to ensure only authenticated users securely access the
corporate network either locally or remotely
Manage users to access to the corporate LAN by using external databases
Select the most appropriate encryption algorithm when securing
communication over a VPN, based on corporate requirements
Establish VPN connections to partner sites in order to establish access to a
central database by configuring Advanced IKE properties
Configure a pre-shared secret site-to-site VPN with partner sites
Configure a certificate based site-to-site VPN using one partner's internal
Configure a certificate based site-to-site VPN using a third-party CA
Configure permanent tunnels for remote access to corporate resources
Configure VPN tunnel sharing, given the difference between host-based,
subnet-based and gateway-based tunnels
Configure Check Point Messaging Security to test IP Reputation, content based
anti-spam, and zero hour virus detection
Based on network analysis disclosing threats by specific sites, configure a
Web-filtering and antivirus policy to filter and scan traffic
Implement default or customized profiles to designated Gateways in the
corporate network
Manage profiles by tracking changes to the network, including performance
degradation, and troubleshoot issues with the network related to specific IPS
policy rules
Create and install IPS policies
Check Point Security Administrator R70 Study Guide 3

Preface: The Check Point Certified Security Administrator Exam Frequently Asked Questions
Frequently Asked Questions

The table below provides answers to commonly asked questions about
the CCSA R70 exam:
Question Answer
What are the Check Point rec- Check Point recommends you have at least 6
ommendations and prerequi- months to 1 year of experience with the prod-
sites? ucts, before attempting to take the CCSA R70
exam. In addition, you should also have basic
networking knowledge, knowledge of Win-
dows Server and/or UNIX, and experience with
TCP/IP and the Internet.
Check Point also recommends you take the
Check Point Security Administrator R70 class
from a Check Point Authorized Training Cen-
ter (ATC). We recommend you take this class
before taking the CCSA R70 exam. To locate
an ATC, see:
http://atc.checkpoint.com/
atclocator/locateATC
How do I register? Check Point exams are offered through Pearson
VUE, a third-party testing vendor with more
than 3,500 testing centers worldwide.
Pearson VUE offers a variety of registration
options. Register via the Web or visit a specific
testing center. Registrations at a testing center
may be made in advance or on the day you
wish to test, subject to availability. For same-
day testing, contact the testing center directly.
Locate a testing center from the VUE Pearson
Web site:
www.pearsonvue.com
What is the exam structure? The exams are composed of multiple-choice
and scenario questions. There is no partial
credit for incorrectly marked questions.

Question Answer
How long is the exam? The following countries are given 120 minutes
Do I get extra time, if I am not to complete the exam. All other regions get 150
a native English speaker? minutes:
Australia
Bermuda
Canada
Japan
New Zealand
Ireland
South Africa
UK
US
For more exam and course information, see:

http://www.checkpoint.com/services/education/


Chapter
Check Point Technology Overview 1
Check Point technology is designed to address network exploitation, administrative
flexibility and critical accessibility. This chapter introduces the basic concepts of
network security and management based on Check Point’s three-tier structure, and
provides the foundation for technologies involved in the Check Point Software
Blade Architecture, as discussed in the introduction. This course is lab-intensive,
and in this chapter, you will begin your hands-on approach with a first-time instal-
lation using standalone and distributed topologies.
Objectives:
Describe Check Point’s unified approach to network management, and the key
elements of this architecture
Design a distributed environment using the network detailed in the course
topology
Install the Security Gateway version R70 in a distributed environment using the
network detailed in the course topology
7
Chapter 1: Check Point Technology Overview Check Point Technology Overview Topics
Check Point Technology Overview Topics

The following table outlines the topics covered in the “Check Point
Technology Overview” chapter of the Check Point Security Administrator
R70 Course. This table is intended as a supplement to knowledge you
have gained from the Security Administrator R70 Courseware
handbook, and is not meant to be a sole means of study.
Page
Topic Key Element
Number
Network Access Control p. 09

Gateway controlled network p. 10
The Check Point Firewall p. 11
Mechanisms for Controlling Net- p. 12
work Traffic
Stateful Inspection p. 14
Application Intelligence p. 16
Security Gateway Inspection Archi- p. 17
tecture
Deployment Strategies p. 20
The DMZ p. 22
Bridge Mode p. 23
Security Policy Manage- p. 25
ment
SmartConsole Components p. 25
Security Management Server p. 37
Managing Users in SmartDashboard p. 39
Securing Channels of Communica- p. 43
tion
Administrative Login Using SIC p. 45
Table 1-1: Check Point Technology Overview Topics

Check Point Technology Overview Topics Chapter 1: Check Point Technology Overview
Page
Topic Key Element
Number
Lab 1: Distributed Installa- L-p. 1

tion
Install Security Management Server L-p. 2
Configure Security Management L-p. 12
Server - sysconfig
Configure Corporate Security Gate- L-p. 32
way - WebUI
Install SmartConsole L-p. 42
Launch SmartDashboard L-p. 52
Lab 2: Branch Office Secu- L-p. 57
rity Gateway Installation
Install SecurePlatform on Branch L-p. 58
Gateway
Configure Branch Gateway - L-p. 65
WebUI
Table 1-1: Check Point Technology Overview Topics

Chapter 1: Check Point Technology Overview Sample CCSA R70 Exam Question
Sample CCSA R70 Exam Question

What would be the benefit of upgrading from SmartDefense to IPS
R70?:
1. Completely rewritten engine provides improved security
performance and reporting.
2. There is no difference - IPS R70 is the new name.
3. The SmartDefense technology expands IPS-1 to IPS R70.
4. The SmartDefense is replaced by the technology of IPS-1.

Answer Chapter 1: Check Point Technology Overview
Answer
What would be the benefit of upgrading from SmartDefense to IPS
R70?:
1. Completely rewritten engine provides improved security
performance and reporting.
2. There is no difference - IPS R70 is the new name.
3. The SmartDefense technology expands IPS-1 to IPS R70.
4. The SmartDefense is replaced by the technology of IPS-1

Chapter 1: Check Point Technology Overview Answer

Chapter
Check Point Software Blades 2
Check Point Software Technologies’ Software Blade architecture is the industry’s
first network security architecture designed to meet businesses’ need for total, flex-
ible and manageable security. The new architecture empowers businesses with the
ability to select, from a library of over 20 software blades, the exact security pro-
tections necessary and dynamically tailor security gateways for different environ-
ments and sites.
Objectives:
Given Check Point’s latest integration of CoreXL technology, select the best
security solution for your corporate environment.
13
Chapter 2: Check Point Software Blades Check Point Software Blades Topics
Check Point Software Blades Topics

Software Blades” chapter of the Check Point Security Administrator R70
Course. This table is intended as a supplement to knowledge you have
gained from the Security Administrator R70 Courseware handbook, and
is not meant to be a sole means of study.
Page
Topic Key Element
Number
Check Point Software p. 54

Blade Architecture
Key Benefits p. 55
Selecting Software Blades p. 57
Performance p. 58
CoreXL p. 58
Deploying Software Blades p. 59
Building Security Solutions p. 60
Systems p. 64
Gateway Systems p. 64
Management Systems p. 68
Enterprise Management Systems p. 69
Software Blades p. 71
Security Gateway Software Blades p. 71
Security Management Software p. 73
Blades
Security Gateway R70 p. 75
Advantages p. 75
Performance Architecture p. 77
Building Blocks p. 81
Table 2-2: Check Point Software Blades Topics

Sample CCSA R70 Exam Question Chapter 2: Check Point Software Blades

Select the correct statement about Secure Internal Communications
(SIC) Certificates. SIC Certificates:
1. Increase network security by securing administrative communication
with a two-factor challenge response authentication.
2. Uniquely identify machines installed with Check Point software only.
They have the same function as RSA Authentication Certificates.
3. Can be used for securing internal network communications between
the Security Gateway and an OPSEC device.
4. For R70 Security Gateways are created during the Security
Management Server installation.

Chapter 2: Check Point Software Blades Answer
Answer
Select the correct statement about Secure Internal Communications
(SIC) Certificates. SIC Certificates:
1. Increase network security by securing administrative communication
with a two-factor challenge response authentication.
2. Uniquely identify machines installed with Check Point software only.
They have the same function as RSA Authentication Certificates.
3. Can be used for securing internal network communications
between the Security Gateway and an OPSEC device.
4. For R70 Security Gateways are created during the Security
Management Server installation.

Chapter
Deployment Platforms 3
Before delving into the intricacies of creating and managing Security Policies, it is
beneficial to know about Check Point’s different deployment platforms, and under-
stand the basic workings of Check Point’s UNIX-based and Linux operating sys-
tems (IPSO and SecurePlatform) that support many Check Point products. For
those familiar with Linux and UNIX this section will be a review. But for those with
little to no Linux/UNIX experience, this will be a welcome guide
Objectives:
Given network specifications, perform a backup and restore the current Gateway
installation from the command line.
Identify critical files needed to purge or backup, import and export users and
groups and add or delete administrators from the command line.
Use command line utilities to assist support in troubleshooting common
problems on the Security Gateway.
Deploy Gateways using sysconfig and cpconfig from the Gateway command line.
17
Chapter 3: Deployment Platforms Deployment Platforms Topics
Deployment Platforms Topics

The following table outlines the topics covered in the “Deployment
Platforms” chapter of the Check Point Security Administrator R70 Course.
This table is intended as a supplement to knowledge you have gained
from the Security Administrator R70 Courseware handbook, and is not
meant to be a sole means of study.
Page
Topic Key Element
Number
UTM-1 Edge Appliance p. 87

Advantages p. 88
Power-1 Appliances p. 91
Architecture p. 91
IP Appliances p. 92
Managing the IP Appliance p. 93
Network Voyager p. 94
IPSO p. 96
IPSO File Systems p. 101
CLISH p. 106
SecurePlatform p. 120
Requirements p. 121
Using Command Line p. 123
Backup and Restore p. 126
Critical Directories p. 134
Managing SecurePlatform p. 138
Command Shell p. 140
Lab 3: CLI Tools L-p. 75
Set Expert Password L-p. 76
Table 3-3: Deployment Platforms Topics

Deployment Platforms Topics Chapter 3: Deployment Platforms
Page
Topic Key Element
Number
Apply Other Useful Commands L-p. 78

Add and Delete Administrators via L-p. 79
the CLI
Perform backkup and restore L-p 81
Table 3-3: Deployment Platforms Topics

Chapter 3: Deployment Platforms Sample CCSA R70 Exam Question

What is the primary benefit of using upgrade_export over either
backup or snapshot?
1. upgrade_export will back up routing tables, hosts files, and manual

ARP configurations, where backup and snapshot will not.
2. upgrade_export has an option to backup the system and
SmartView Tracker logs while backup and snapshot will not.
3. The backup and snapshot commands can take a long time to run
whereas upgrade_export will take a much shorter amount of time.
4. upgrade_export is operating system independent and can be used
when backup or snapshot is not available.

Answer Chapter 3: Deployment Platforms
Answer
What is the primary benefit of using upgrade_export over either
backup or snapshot?
1. upgrade_export will back up routing tables, hosts files, and manual

ARP configurations, where backup and snapshot will not.
2. upgrade_export has an option to backup the system and
SmartView Tracker logs while backup and snapshot will not.
3. The backup and snapshot commands can take a long time to run
whereas upgrade_export will take a much shorter amount of time.
4. upgrade_export is operating system independent and can be
used when backup or snapshot is not available.

Chapter 3: Deployment Platforms Answer

Chapter
Introduction to the Security Policy 4
The Security Policy is essential in administrating security for your organization’s
network. Your organization not only has to do a good job managing perimeter ac-
cess control to company resources, but must also handle sensitive traffic to and from
local area networks and remote devices, provide much-needed application-layer
protection, maintain simple and effective management, and keep its security budget
under control.
Objectives:
Given the network topology, create and configure network, host and gateway
objects.
Verify SIC establishment between the Security Management Server and the
Gateway using SmartDashboard.
Create a basic Rule Base in SmartDashboard that includes permissions for
administrative users, external services, and LAN outbound use.
Configure NAT rules on Web and Gateway servers.
Evaluate existing policies and optimize the rules based on current corporate
requirements.
Maintain the Security Management Server with scheduled backups and policy
versions to ensure seamless upgrades and minimal downtime.
23
Chapter 4: Introduction to the Security Policy Introduction to the Security Policy Topics
Introduction to the Security Policy Topics

The following table outlines the topics covered in the “Introductions to
the Security Policy” chapter of the Check Point Security Administrator R70
Page
Topic Key Element
Number
Security Policy Basics p. 158

The Rule Base p. 158
Managing Objects in p. 159
SmartDashboard
SmartDashboard and Objects p. 160
Managing Objects p. 162
Creating the Rule Base p. 166
Basic Rule Base Concepts p. 166
Default Rule p. 166
Basic Rules p. 169
Implicit/Explicit Rules p. 170
Control Connections p. 172
Detecting IP Spoofing p. 176
Completing the Rule Base p. 179
Understanding Rule Base Order p. 179
Rule Base Management p. 180
Useful Tips p. 180
Policy Management and Revision p. 182
Control
Table 4-4: Security Policy Topics

Introduction to the Security Policy Topics Chapter 4: Introduction to the Security Policy
Page
Topic Key Element
Number
Policy Management Over- p. 183

view
Installation Targets p. 186
Querying and Sorting Rules and p. 188
Objects
Database Revision Control p. 192
Implementing Database Revision p. 192
Control
Network Address Transla- p. 195
tion
IP Addressing p. 196
Hide NAT p. 197
Static NAT p. 199
Choosing the Hide Address p. 201
Configuring Automatic NAT p. 201
Hide NAT Object Configuration p. 204
Manual NAT p. 208
Multicasting p. 212
Configuring Multicast Access Con- p. 212
trol
Lab 4: Defining Basic L-p. 83
Objects and Rules
Create Security Gateway Object L-p. 85
Create GUIclient Object L-p. 91
Create Rules for Corporate Gateway L-p. 92
Save the Policy L-p 97
Install the Policy L-p. 98

Chapter 4: Introduction to the Security Policy Introduction to the Security Policy Topics
Page
Topic Key Element
Number
Test the Corporate Policy L-p. 102

Create the Remote Security Gate- L-p. 103
way Object
Create a New Policy for the Branch L-p. 108
Office
Combine Policies L-p. 112
Lab 5: Configure the DMZ L-p. 119
Configure DMZ Interface on the L-p. 120
Gateway
Create DMZ Objects in SmartDash- L-p. 121
board
Create DMZ Access Rule L-p. 123
Test the Policy L-p. 124
Lab 6: Configuring NAT L-p. 125
Configure Hide NAT on the Corpo- L-p. 126
rate Network
Test the Hide NAT Address L-p. 129
Configure Static NAT on the DMZ L-p. 131
Server
Test the Static NAT Address L-p. 133
Observe Hide NAT Traffic Using L-p. 134
fw monitor
Observe Static NAT Traffic Using L-p. 139
fw monitor

Sample CCSA R70 Exam Question Chapter 4: Introduction to the Security Policy

A Web server behind the Security Gateway is set to Automatic Static
NAT. Client side NAT is not checked in the Global Properties. A client
on the Internet initiates a session to the Web Server. Assuming there is a
rule allowing this traffic, what other configuration must be done to allow
the traffic to reach the Web server?
1. Nothing else must be configured.
2. Automatic ARP must be unchecked in the Global Properties.
3. A static route must be added on the Security Gateway to the internal
host.
4. A static route for the NAT IP must be added to the Gateway's
upstream router.

Chapter 4: Introduction to the Security Policy Answer
Answer
A Web server behind the Security Gateway is set to Automatic Static
NAT. Client side NAT is not checked in the Global Properties. A client
on the Internet initiates a session to the Web Server. Assuming there is a
rule allowing this traffic, what other configuration must be done to allow
the traffic to reach the Web server?
1. Nothing else must be configured.
2. Automatic ARP must be unchecked in the Global Properties.
3. A static route must be added on the Security Gateway to the
internal host.
4. A static route for the NAT IP must be added to the Gateway's
upstream router.

Chapter
Monitoring Traffic and
Connections
5
To manage your network effectively and to make informed decisions, you need to
gather information on the network’s traffic patterns.
Objectives:
Use queries in SmartView Tracker to monitor IPS and common network

traffic and troubleshoot events using packet data.
Using packet data on a given corporate network, generate reports,
troubleshoot system and security issues, and ensure network
functionality.
Using SmartView Monitor, configure alerts and traffic counters, view a
Gateway's status, monitor suspicious activity rules, analyze tunnel activity
and monitor remote user access based on corporate requirements.
29
Chapter 5: Monitoring Traffic and ConnectionsIntroduction to the Monitoring Traffic and Connec-
Introduction to the Monitoring Traffic and

Connections Topics
The following table outlines the topics covered in the “Monitoring
Traffic and Connections” chapter of the Check Point Security Administrator
R70 Course. This table is intended as a supplement to knowledge you
have gained from the Security Administrator R70 Courseware
handbook, and is not meant to be a sole means of study.
Page
Topic Key Element
Number
SmartView Tracker p. 219

SmartView Tracker Login p. 220
Log Types p. 220
SmartView Tracker Tabs p. 222
Action Icons p. 223
Log-File Management p. 225
Administrator Auditing p. 228
Global Logging and Alerting p. 228
Time Settings p. 231
Blocking Connections p. 233
Terminating and Blocking Active p. 233
Connections
SmartView Monitor p. 235
SmartView Monitor Login p. 237
Customizable Views p. 237
Monitoring Suspicious Activity p. 244
Rules
Monitoring Alerts p. 244
Table 5-5: Monitoring Traffic and Connections Topics

Introduction to the Monitoring Traffic and Connections Topics Chapter 5: Monitoring Traffic and
Page
Topic Key Element
Number
SmartView Tracker vs. SmartView p. 249

Monitor
Eventia Reporter p. 250
Report Types p. 252
Predefined Reports p. 254
Customizing Predefined Reports p. 256
Eventia Reporter Considerations p. 257
Eventia Reporter Licensing p. 260
Lab 7: Monitoring with L-p. 143
SmartView Tracker
Launch SmartView Tracker L-p. 144
Track by Source and Destination L-p. 148
Modify the Gateway to Activate L-p. 150
SmartView Monitor
View Traffic Using SmartView L-p 152
Monitor
Table 5-5: Monitoring Traffic and Connections Topics

Chapter 5: Monitoring Traffic and Connections Sample CCSA R70 Exam Question

A third-shift Security Administrator configured and installed a new
Security Policy early this morning. When you arrive, he tells you that he
has been receiving complaints that Internet access is very slow. You
suspect the Security Gateway virtual memory might be the problem.
Which SmartConsole component would you use to verify this?
1. This information can only be viewed with fw ctl pstat command from
the CLI.
2. SmartView Tracker.
3. Eventia Analyzer.
4. SmartView Monitor

Answer Chapter 5: Monitoring Traffic and Connections
Answer
A third-shift Security Administrator configured and installed a new
Security Policy early this morning. When you arrive, he tells you that he
has been receiving complaints that Internet access is very slow. You
suspect the Security Gateway virtual memory might be the problem.
Which SmartConsole component would you use to verify this?
1. This information can only be viewed with fw ctl pstat command from
the CLI.
2. SmartView Tracker.
3. Eventia Analyzer.
4. SmartView Monitor

Chapter 5: Monitoring Traffic and Connections Answer

Chapter
Using SmartUpdate 6
SmartUpdate extends your organization’s ability to provide centralized policy man-
agement across enterprise-wide deployments. SmartUpdate can deliver automated
software and license updates to hundreds of distributed Security Gateways from a
single management console.
Objectives:
Monitor remote Gateways using SmartUpdate to evaluate the need for

upgrades, new installations, and license modifications.
Use SmartUpdate to apply upgrade packages to single or multiple VPN-1
Gateways.
Upgrade and attach product licenses using SmartUpdate.
35
Chapter 6: Using SmartUpdate Introduction to the SmartUpdate Topics
Introduction to the SmartUpdate Topics

The following table outlines the topics covered in the “SmartUpdate”
chapter of the Check Point Security Administrator R70 Course. This table is
intended as a supplement to knowledge you have gained from the
Security Administrator R70 Courseware handbook, and is not meant to
be a sole means of study.
Page
Topic Key Element
Number
SmartUpdate and Manag- p. 265

ing Licenses
Understanding SmartUpdate p. 266
SmartUpdate Introduction p. 268
Overview of Managing Licenses p. 270
License Attachment Process p. 274
Service Contracts p. 279
Licensing R70 p. 285
Obtaining a License Key p. 285
Software Installation Packages p. 287
Gateway Upgrade p. 288
SmartUpdate Options p. 289
The SmartUpdate Command Line p. 290
Lab 8: Using SmartUpdate L-p. 159
Get Gateway Data and Run L-p. 160
CPINFO
Download HFA Package L-p. 163
Table 6-6: Using SmartUpdate Topics

Sample CCSA R70 Exam Question Chapter 6: Using SmartUpdate

You are a Security Administrator preparing to deploy a new HFA
(Hotfix Accumulator) to ten Security Gateways at five geographically
separate locations. What is the BEST method to implement this HFA?
1. Send a Certified Security Engineer to each site to perform the update.
2. Use SmartUpdate to install the packages to each of the Security
Gateways remotely.
3. Use a SSH connection to SCP the HFA to each Security Gateway.
Once copied locally, initiate a remote installation command and
monitor the installation progress with SmartView Monitor.
4. Send a CD-ROM with the HFA to each location and have local
personnel install it.

Chapter 6: Using SmartUpdate Answer
Answer
You are a Security Administrator preparing to deploy a new HFA
(Hotfix Accumulator) to ten Security Gateways at five geographically
separate locations. What is the BEST method to implement this HFA?
1. Send a Certified Security Engineer to each site to perform the update.
2. Use SmartUpdate to install the packages to each of the Security
Gateways remotely.
3. Use a SSH connection to SCP the HFA to each Security Gateway.
Once copied locally, initiate a remote installation command and
monitor the installation progress with SmartView Monitor.
4. Send a CD-ROM with the HFA to each location and have local
personnel install it.

Chapter
Upgrading to R70 7
This chapter shows how to upgrade an existing Security Management server and se-
curity gateway to R70. Upgrades are used to save Check Point product configura-
tions, Security Policies, and objects, so that Security Administrators do not need to
recreate Gateway and Security Management Server configurations. This chapter
lists guidelines for deciding when to upgrade, versus doing a new installation.
Objectives:
Based on current products or platforms used in an enterprise network,

perform a pre installation compatibility assessment before upgrading to
R70.
Given R70 licensing restrictions, obtain a license key.
Install a Contract File on platforms such as Windows, SecurePlatform,
Linux, Solaris and IPSO.
39
Chapter 7: Upgrading to R70 Introduction to the Upgrading to R70
Introduction to the Upgrading to R70

The following table outlines the topics covered in the “Upgrading to
R70” chapter of the Check Point Security Administrator R70 Course. This
table is intended as a supplement to knowledge you have gained from
the Security Administrator R70 Courseware handbook, and is not meant
to be a sole means of study.
Page
Topic Key Element
Number
Pre installation Compati- p. 295

bility
Supported Upgrade Paths p. 297
Backward Compatibility for Gate- p. 297
ways
IPS-1 Upgrade Paths and Interoper- p. 298
ability
Important R70 Upgrade Notes p. 298
Upgrade Configuration p. 300
Distributed Installation p. 302
Gateway Upgrade p. 306
Lab 9: Upgrading a Secu- L-p. 169
rity Gateway Locally
Upgrade the Security Gateway L-p. 170
Table 7-7: Upgrading to R70 Topics

Sample CCSA R70 Exam Question Chapter 7: Upgrading to R70

You currently do not have a Check Point software subscription for one
of your products. What will happen if you attempt to upgrade the license
for this product?
1. The license is not upgraded.
2. It is upgraded with new available features, but cannot be activated.
3. It is deleted.
4. The license will be upgraded with a warning.

Chapter 7: Upgrading to R70 Answer
Answer
You currently do not have a Check Point software subscription for one
of your products. What will happen if you attempt to upgrade the license
for this product?
1. The license is not upgraded.
2. It is upgraded with new available features, but cannot be activated.
3. It is deleted.
4. The license will be upgraded with a warning.

Chapter
User Management and
Authentication
8
In this chapter, we discuss Security Gateway options for creating, managing, and
authenticating users. If you do not have a user-management infrastructure in place,
you can make a choice between managing the internal-user database or choosing to
implement an LDAP server. If you have a large user count, Check Point recom-
mends opting for an external user-management database, such as LDAP. By main-
taining a large user database externally, Security Gateway performance is greatly
enhanced. For example, if the user database is external, the database will not have
to be reinstalled every time the user information changes. Additionally, the external
user database can be used as the user database by other applications.
Authentication confirms the identity of valid users authorized to access your com-
pany network. Staff from different departments are assigned access permissions,
based on their level of responsibility and role within the organization. Authentica-
tion ensures that all users trying to access the system are valid users, but does not
define their access rights.
Check Point authentication features enable you to verify the identity of users log-
ging in to the Security Gateway, but also allow you to control security by allowing
some users access and disallowing others. Users authenticate by proving their iden-
tities, according to the scheme specified under a Gateway authentication scheme,
such as LDAP, RADIUS, SecurID and TACACS.
43
Chapter 8: User Management and Authentication
Objectives:
Centrally manage users to ensure only authenticated users securely

access the corporate network either locally or remotely.
Manage users to access to the corporate LAN by using external
databases

Introduction to the User Management and Authentication Topics Chapter 8: User Management and
Introduction to the User Management and

Authentication Topics
The following table outlines the topics covered in the “User
Management and Authentication” chapter of the Check Point Security
Administrator R70 Course. This table is intended as a supplement to
knowledge you have gained from the Security Administrator R70
Courseware handbook, and is not meant to be a sole means of study.
Page
Topic Key Element
Number
Creating Users and Groups p. 311

in SmartDashboard
User Types p. 311
Security Gateway Authenti- p. 313
cation
Introduction to Authentication p. 313
Methods
Authentication Schemes p. 315
Remote User Authentication p. 317
Authentication Methods p. 319
User Authentication p. 319
Configuring User Authentication p. 325
Session Authentication p. 326
Configuring Session Authentication p. 327
Client Authentication p. 328
Configuring Client Authentication p. 333
Resolving Access Conflicts p. 335
Configuring Authentication Tracker p. 336
Table 8-8: User Management and Authentication Topics

Chapter 8: User Management and AuthenticationIntroduction to the User Management and Authen-
Page
Topic Key Element
Number
LDAP User Management p. 337

with SmartDirectory
LDAP Features p. 337
Multiple LDAP Servers p. 339
Using an Existing LDAP Server p. 340
Configuring Entities to Work with p. 340
the Gateway
Managing Users p. 346
SmartDirectory Groups p. 347
Lab 10: Client Authentica- L-p. 177
tion
Use Manual Client Authentication L-p. 178
with FTP and Local User
Modify the Rule Base L-p. 181
Test Manual Client Authentication L-p. 184
Use Partially Automatic Client L-p. 185
Auth with a Local User
Use Partially Automatic Client L-p. 189
Auth with LDAP
Verify SmartDashboard Integration L-p. 195
Test Active Directory Authentica- L-p. 198
tion
Create a Database Revision L-p. 200
Table 8-8: User Management and Authentication Topics

Sample CCSA R70 Exam Question Chapter 8: User Management and Authentication

Choose the BEST sequence for configuring user management in
SmartDashboard, using an LDAP server.
1. Configure a server object for the LDAP Account Unit, and create an
LDAP resource object.
2. Configure a workstation object for the LDAP server, configure a
server object for the LDAP Account Unit, and enable LDAP in
Global Properties.
3. Configure a server object for the LDAP Account Unit, enable LDAP
in Global Properties, and create an LDAP resource object.
4. Enable LDAP in Global Properties, configure a host-node object
for the LDAP server, and configure a server object for the LDAP
Account Unit.

Chapter 8: User Management and Authentication Answer
Answer
Choose the BEST sequence for configuring user management in
SmartDashboard, using an LDAP server.
1. Configure a server object for the LDAP Account Unit, and create an
LDAP resource object.
2. Configure a workstation object for the LDAP server, configure a
server object for the LDAP Account Unit, and enable LDAP in
Global Properties.
3. Configure a server object for the LDAP Account Unit, enable LDAP
in Global Properties, and create an LDAP resource object.
4. Enable LDAP in Global Properties, configure a host-node
object for the LDAP server, and configure a server object for the
LDAP Account Unit.

Chapter
Encryption and VPNs 9
The Check Point Security Gateway enables you to create site-to-site Virtual Private
Networks (VPNs) that provide secure communication between two defined partic-
ipants, by encrypting the communication on unsecured public networks, such as the
Internet.
Objectives:
Select the most appropriate encryption algorithm when securing

communication over a VPN, based on corporate requirements.
Configure a certificate-based site-to-site VPN using one partner's internal
CA.
Establish VPN connections to partner sites in order to establish access to
a central database by configuring Advanced IKE properties.
49
Chapter 9: Encryption and VPNs Introduction to the Encryption and VPNs Topics
Introduction to the Encryption and VPNs

Topics
The following table outlines the topics covered in the “Encryption and
VPNs” chapter of the Check Point Security Administrator R70 Course. This
Page
Topic Key Element
Number
Securing Communication p. 353

Privacy p. 353
Symmetric Encryption p. 354
Symmetric Disadvantages p. 355
Asymmetric Encryption p. 356
Diffie-Hellman p. 356
Integrity p. 358
Authentication p. 359
Two-Phases of Encryption p. 361
Encryption Algorithms p. 362
IKE p. 363
ISAKMP p. 363
Oakley p. 363
ISAKMP/Oakley p. 363
Phase 1 p. 364
Phase 2 p. 365
How a VPN Works p. 366
Tunneling-Mode Encryption p. 369
Table 9-9: Encryption and VPNs Topics

Introduction to the Encryption and VPNs Topics Chapter 9: Encryption and VPNs
Page
Topic Key Element
Number
Certificate Authorities p. 371

Certificates p. 371
Multiple Certificate Authorities p. 372
Local Certificate Authority p. 372
CA Service via the Internet p. 373
Internal Certificate Authority p. 375
Creating Certificates p. 375
Table 9-9: Encryption and VPNs Topics

Chapter 9: Encryption and VPNs Sample CCSA R70 Exam Question

Your organization maintains several IKE VPNs. Executives in your
organization want to know which mechanism Security Gateway R70
uses to guarantee the authenticity and integrity of messages. Which
technology should you explain to the executives?
1. Certificate Revocation Lists
2. Application Intelligence.
3. Digital signatures.
4. Key-exchange protocols.

Answer Chapter 9: Encryption and VPNs
Answer
Your organization maintains several IKE VPNs. Executives in your
organization want to know which mechanism Security Gateway R70
uses to guarantee the authenticity and integrity of messages. Which
technology should you explain to the executives?
1. Certificate Revocation Lists
2. Application Intelligence.
3. Digital signatures.
4. Key-exchange protocols.

Chapter 9: Encryption and VPNs Answer

Chapter
User Management and
Authentication
10
Virtual Private Networking technology leverages the Internet to build and enhance
secure network connectivity. Based on standard Internet secure protocols, a VPN
enables secure links between special types of network nodes: the Gateways. Site-to
site VPN ensures secure links between Gateways. Remote Access VPN ensures se-
cure links between Gateways and remote access clients.
Objectives:
Configure a pre-shared secret site-to-site VPN with partner sites.

Configure permanent tunnels for remote access to corporate resources.
Configure VPN tunnel sharing, given the difference between host-based,
subnet-based and gateway-based tunnels.
55
Chapter 10: User Management and Authentication Introduction to the Introduction to VPNs Topics
Introduction to the Introduction to VPNs

Topics
The following table outlines the topics covered in the “Introduction to
VPNs” chapter of the Check Point Security Administrator R70 Course. This
Page
Topic Key Element
Number
The Check Point VPN p. 381

VPN Deployments p. 383
Site-to-Site VPNs p. 383
Remote-Access VPNs p. 383
VPN Implementation p. 384
Three Critical VPN Components p. 384
VPN Setupq p. 385
VPN communities p. 387
VPN Topologies p. 389
Choosing a Topology p. 391
Authentication Between Commu- p. 395
nity Members
Domain and Route-Based VPNs p. 396
Access Control and VPN Commu- p. 397
nities
Excluded Services p. 400
Special considerations for Planning p. 400
a VPN Topology
Integrating VPNs into a Rule Base p. 401
Table 10-10: Introduction to VPNs Topics

Introduction to the Introduction to VPNs Topics Chapter 10: User Management and Authentication
Page
Topic Key Element
Number
Simplified vs, Traditional p. 403

Mode VPNs
VPN Tunnel Management p. 404
Permanent Tunnels p. 404
VPN Tunnel Sharing p. 407
Remote Access VPNs p. 409
Multiple Remote Access VPN p. 410
Communities
Establishing a Connection Between p. 410
Remote User and a Gateway
Configuring Remote Access VPN p. 413
Lab 11: Site-to-Site VPN L-p. 201
Between Corporate and
Branch Office
Define the VPN Domain L-p. 202
Create the VPN Community L-p. 205
Create the VPN Rule and Modify- L-p. 211
ing the Rule Base
Test VPN Connection L-p. 214
VPN Troubleshooting L-p. 220
Lab 12: Tow-Gateway IKE L-p. 223
Encryption Using Certifi-
cates
Save Certificate for Export L-p. 224
Add Instructor Machine to VPN L-p. 226
Community
Add the Instructor Network to the L-p. 231
VPN Community

Chapter 10: User Management and Authentication Introduction to the Introduction to VPNs Topics
Page
Topic Key Element
Number
Create Atlantis Certificate Author- L-p. 233

ity
Install and Verify Security Gateway L-p. 237
Configuration
Test Encryption with Certificates L-p. 238
Revert to Standard Security Policy L-p. 242
Lab 13: Remote Access and L-p. 243
Office Mode
Create Remote-Access Group L-p. 245
Configure Gateway for IKE L-p. 246
Encryption and LDAP Authentica-
tion
Configure VPN Domain L-p. 248
Configure Office Mode IP-Pool L-p. 251
Configure Remote Access Commu- L-p. 253
nity Objects
Modify the Rule Base for Remote L-p. 256
Access
Create a Site Using the Site Wizard L-p. 258
Verify Office Mode IP Assignment L-p. 265
Test the Remote Connection L-p. 267

Sample CCSA R70 Exam Question Chapter 10: User Management and Authentication

You have traveling salesmen connecting to your VPN community from
all over the world. Which technology would you choose?
1. IPsec: It allows complex setups that match any network situation
available to the client, i.e. connection from a private customer
network or various hotel networks.
2. IPsec: It offers encryption, authentication, replay protection and all
algorithms that are state of the art (AES) or that perform very well. It
is native to many client operating systems, so setup can easily be
scripted.
3. SSL VPN: It only requires HTTPS connections between client and
server. These are most likely open from all networks, unlike IPsec,
which uses protocols and ports which are blocked by many sites.
4. SSL VPN: It has more secure and robust encryption schemes than
IPsec.

Chapter 10: User Management and Authentication Answer
Answer
You have traveling salesmen connecting to your VPN community from
all over the world. Which technology would you choose?
1. IPsec: It allows complex setups that match any network situation
available to the client, i.e. connection from a private customer
network or various hotel networks.
2. IPsec: It offers encryption, authentication, replay protection and all
algorithms that are state of the art (AES) or that perform very well. It
is native to many client operating systems, so setup can easily be
scripted.
3. SSL VPN: It only requires HTTPS connections between client
and server. These are most likely open from all networks, unlike
IPsec, which uses protocols and ports which are blocked by
many sites.
4. SSL VPN: It has more secure and robust encryption schemes than
IPsec.

Chapter
Messaging and Content Security 11
Protecting corporate resources is a major concern for most businesses. Blocking un-
desirable content is an important part of a corporate security policy for a variety of
reasons, including:
Computer viruses, Trojans and ActiveX components containing

malicious code can bring down entire networks.
Viewing undesirable Web content wastes time and resources.
Access control firewalls prevent unauthorized traffic from passing through the
Gateway. However, hackers also attempt to misuse allowed traffic and services.
Some of the most serious threats in today's Internet environment come from attacks
that attempt to exploit the application layer. Access control devices cannot easily
detect malicious attacks aimed at these services.
Objectives:
Configure Check Point Messaging Security to test IP Reputation, content

based anti-spam, and zero hour virus detection.
Based on network analysis disclosing threats by specific sites, configure a
Web-filtering and antivirus policy to filter and scan traffic.
61
Chapter 11: Messaging and Content Security Introduction to the Messaging and Content Security
Introduction to the Messaging and Content

Security Topics
The following table outlines the topics covered in the “Messaging and
Content Security” chapter of the Check Point Security Administrator R70
Page
Topic Key Element
Number
Antivirus Protection p. 419

Anti-Virus Signature Database p. 420
Updates
Antivirus Scanning p. 422
Content Security Scanning in Prac- p. 423
tice
File Type Recognition p. 429
Continuous Download p. 430
Logging and Monitoring p. 431
File Size Limitations and Scanning p. 432
Basic URL Filtering p. 435
Architecture p. 435
Anti-Spam and Mail p. 437
Architecture p. 439
Logging and Monitoring p. 441
Lab 14: Messaging and L-p. 269
Content Security
Revert to Standard Security Policy L-p. 270
Modify DMZ Server Object L-p. 271
Table 11-11: Messaging and Content Security Topics

Introduction to the Messaging and Content Security TopicsChapter 11: Messaging and Content Se-
Page
Topic Key Element
Number
Modify Rule Base L-p. 273

Observe SMTP Traffic L-p. 274
Modify the Gateway Properties L-p. 275
Configure Anti-Virus and Anti- L-p. 276
Spam for Monitor Only
Analyze Logs L-p. 279
Reconfigure Policy to Block L-p. 282
Attacks
Table 11-11: Messaging and Content Security Topics

Chapter 11: Messaging and Content Security Sample CCSA R70 Exam Question

Which Security Servers can perform authentication tasks, but
CANNOT perform content security tasks?
1. HTTP
2. RLOGIN
3. FTP
4. HTTPS

Answer Chapter 11: Messaging and Content Security
Answer
Which Security Servers can perform authentication tasks, but
CANNOT perform content security tasks?
1. HTTP
2. RLOGIN
3. FTP
4. HTTPS

Chapter 11: Messaging and Content Security Answer

Chapter
Check Point IPS 12
This chapter presents basic information on Check Point’s Intrusion Prevention Soft-
ware Blade, how intrusion prevention systems work, and prevent network attacks
that the intrusion prevention system can detect.
Objectives:
Implement default or customized profiles to designated Gateways in the

corporate network.
Manage profiles by tracking changes to the network, including
performance degradation, and troubleshoot issues with the network
related to specific IPS policy rules.
Create and install IPS policies.
67
Chapter 12: Check Point IPS Introduction to the Check Point IPS Topics
Introduction to the Check Point IPS Topics

IPS” chapter of the Check Point Security Administrator R70 Course. This
Page
Topic Key Element
Number
IPS Overview p. 449

New IPS Engine/Architecture p. 451
Flexible IPS Policy Management p. 453
IPS Event Manager p. 455
Configuring and Manag- p. 456
ing IPS
IPS Protection p. 460
IPS Profiles p. 462
Assigning Profiles p. 464
Protection Browser p. 466
Exporting the Protections List p. 468
Protection Parameters p. 468
Activating Protections p. 473
Automatically Activating Protec- p. 473
tions
Manually Activating Protections p. 476
Monitoring Traffic p. 477
Network Exceptions p. 478
Viewing Packet Information p. 479
Optimizing IPS p. 482
Table 12-12: Check Point IPS Topics

Introduction to the Check Point IPS Topics Chapter 12: Check Point IPS
Page
Topic Key Element
Number
Performance Management p. 482

Tuning Protections p. 486
IPS Policy Settings p. 486
Enhancing System Performance p. 487
Updating Protections - IPS p. 489
Subscription
Managing IPS Protections p. 489
Updating IPS Protections p. 489
Downloading Updates p. 490
Lab 15: Implementing IPS L-p. 285
Modify the Gateway Properties L-p. 286
Modify DMZ Server Object L-p. 287
Configure IPS for Preliminary L-p. 291
Detection
Generate an Attack L-p. 302
Analyze the Attack L-p. 304
Reconfigure IPS to Block Attacks L-p. 308
Review Logs L-p. 310
Table 12-12: Check Point IPS Topics

Chapter 12: Check Point IPS Sample CCSA R70 Exam Question

You just upgraded to R70 and are using the IPS Software Blade. You
want to enable all critical protections while keeping the rate of false
positive very low. How can you achieve this?
1. The new IPS system is based on policies and gives you the ability to
activate all checks with critical severity and a high confidence level.
2. This can't be achieved; activating any IPS system always causes a high
rate of false positives.
3. As in SmartDefense, this can be achieved by activating all the critical
checks manually.
4. The new IPS system is based on policies, but it has no ability to
calculate or change the confidence level, so it always has a high rate
of false positives.

Answer Chapter 12: Check Point IPS
Answer
You just upgraded to R70 and are using the IPS Software Blade. You
want to enable all critical protections while keeping the rate of false
positive very low. How can you achieve this?
1. The new IPS system is based on policies and gives you the
ability to activate all checks with critical severity and a high
confidence level.
2. This can't be achieved; activating any IPS system always causes a high
rate of false positives.
3. As in SmartDefense, this can be achieved by activating all the critical
checks manually.
4. The new IPS system is based on policies, but it has no ability to
calculate or change the confidence level, so it always has a high rate
of false positives.

Chapter 12: Check Point IPS Answer

CCSA R70 Study Guide

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

CCSA R70 Study Guide

Caricato da

Copyright:

Formati disponibili

Check Point Security Administrator R70

Check Point Certified Security Administrator

RESTRICTED RIGHTS LEGEND:

© 2003-2010 Check Point Software Technologies Ltd.

Document #: CCSA R70 Study Guide

Content: Mark Hoefle

Graphics: Jeffery Holder

Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 1 Check Point Technology Overview 7

Check Point Technology Overview Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Chapter 2 Check Point Software Blades 13

Check Point Software Blades Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Chapter 3 Deployment Platforms 17

Deployment Platforms Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Chapter 4 Introduction to the Security Policy 23

Introduction to the Security Policy Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Chapter 5 Monitoring Traffic and

Introduction to the Monitoring Traffic and Connections Topics . . . . . . . . . . . . . . . 30

Chapter 6 Using SmartUpdate 35

Introduction to the SmartUpdate Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Chapter 7 Upgrading to R70 39

Introduction to the Upgrading to R70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Chapter 8 User Management and

Introduction to the User Management and Authentication Topics . . . . . . . . . . . . . . 45

Chapter 9 Encryption and VPNs 49

Introduction to the Encryption and VPNs Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Chapter 10 User Management and

Introduction to the Introduction to VPNs Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Chapter 11 Messaging and Content Security 61

Introduction to the Messaging and Content Security Topics . . . . . . . . . . . . . . . . . . . 62

Chapter 12 Check Point IPS 67

Introduction to the Check Point IPS Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

The Check Point Security Administrator R70 course provides an understanding of

2 Check Point Security Administrator R70 Study Guide

Check Point Security Administrator R70 Study Guide 3

Frequently Asked Questions

4 Check Point Security Administrator R70 Study Guide

For more exam and course information, see:

5 Check Point Security Administrator R70 Study Guide

6 Check Point Security Administrator R70 Study Guide

Check Point Technology Overview Topics

Network Access Control p. 09

Table 1-1: Check Point Technology Overview Topics

8 Check Point Security Administrator R70 Study Guide

Lab 1: Distributed Installa- L-p. 1

Table 1-1: Check Point Technology Overview Topics

Check Point Security Administrator R70 Study Guide 9

Sample CCSA R70 Exam Question

10 Check Point Security Administrator R70 Study Guide

Check Point Security Administrator R70 Study Guide 11

12 Check Point Security Administrator R70 Study Guide

Check Point Software Blades Topics

Check Point Software p. 54

Table 2-2: Check Point Software Blades Topics

14 Check Point Security Administrator R70 Study Guide

Sample CCSA R70 Exam Question

Check Point Security Administrator R70 Study Guide 15

16 Check Point Security Administrator R70 Study Guide

Deployment Platforms Topics

UTM-1 Edge Appliance p. 87

Table 3-3: Deployment Platforms Topics

18 Check Point Security Administrator R70 Study Guide

Apply Other Useful Commands L-p. 78