Check Point Certified
Security Administrator Examcram
(156-205)
11. Administrative permissions available for CP 2000
Firewall:
1)
Read/Write : Allows full access to all Check Point
products. Note that only one FireWall-1 administrator
can be logged in with Read/Write permission at any given
time.
2)
Custom: Permissions can be set individually per
administrator.
12. For an administrator, the following are required
parameters to log-in:
1.
User Name
2.
Password
3.
Name or IP address of of the management server.
13. While implementing security policy, there are
three different enforcement directions:
a)
Inbound (default), packets going into the FireWall are
checked.
b)
Outbound, packets going out of the FireWall are checked.
c)
Eitherbound, packets going into and packets leaving the
FireWall are checked against the security policy.
14. License:
All Check Point products except GUI require a license
for their operation.
15. The communication between the Management module
and the Firewall Module is encrypted. The Management
server establishes a trust relationship with FireWall
module for secure communication between the modules.
16. VPN-1/FireWall-1 is uninstalled on different
platforms as below:
1.
Windows Platform:
To uninstall
VPN-1/FireWall-1 on a Windows platform use,
Add/Remove Programs applet
in the Control Panel.
2.
Solaris Platform:
To uninstall
VPN-1/FireWall-1 on a Solaris platform, use
pkgrm
3.
Linux Platform:
To uninstall
VPN-1/FireWall-1 on a Linux platform, use
rpm -e
Note that, if the Primary
Management Servr is uninstalled, all other Check Point
Products need to be uninstalled and reinstalled from
scratch.
17. Fingerprint is used to verify the identity of the
Management Server being accessed via the GUI Client for
the first time. When a GUI Client initially connects to
the Management Server, you should fetch the fingerprint
and compare it with the established fingerprint obtained
by means of fax, mail, print, or some other non network
means. Fingerprint matching ensures that the Management
Server is communicating to the right GUI.
18. VPN-1/FireWall-1 supports the following internal
authentication schemes:
1.
OS Password: This is Operating System password
2.
FireWall-1 password: This is an encryped password
supported by FireWall-1
3.
S/Key: One time password, very secure.
The following external authentication schemes are
supported:
1.
SecurID: Here the Security Dynamics PassCode is entered
by the user.
2.
EXENT Pathway Defender: Separate server software
requires response from the user.
3.
RADIUS: Requires RADIUS server to perform centralized
authentication.
4.
TACACS: TACACS server prompts the user for a response.
The Kerberos authentication scheme is not supported
by VPN-1/FireWall-1.
19. To define a rule in the rule base in FireWall-1,
the following must be specified at the minimum:
1.
Source
2.
Destination
3.
Service
4.
Action
5.
Install On (the enforcement point)
20. VPN-1/FireWall-1 ignores other protocol packets
such as IPX, DecNET. These protocols are processed by
other protocols stacks. Note that, if you install an IPX
protocol stack, for example, the IPX packets are
processed by IPX stack independent of VPN-1/FireWall-1.
This could be a security risk and need to be thoroughly
evaluation for need before installing the same.
|
|
|
Please visit our sponsor: |
|
