Checkpoint® CCSA-NG (Next Generation) Exam Cram Notes


(CCSA: Checkpoint® Certified Systems Administrator)

2. Solaris Platform: To uninstall VPN-1/FireWall-1 on a Solaris platform, use pkgrm

3. Linux Platform: To uninstall VPN-1/FireWall-1 on a Linux platform, use rpm -e

Note that, if the Primary Management Servr is uninstalled, all other Check Point Products need to be uninstalled and reinstalled from scratch.

17. Communication between the Management server and the other modules in FireWall-1 NG are authenticated using certificates. An encrypted secure link is established between the communicating modules and the Management Server upon successful authentication. The requirements for successful authentication using certificates are:

1. The communicating Modules agree on the version information

2. Agree on authentication information

3. Agree on encryption method.

A digital certificate is an electronic file that uniquely identifies individuals and Web sites on the Internet and enables secure, confidential communications. A trusted third party Certificate Authority, such as VeriSign creates, signs, and issues certificates.

Note that a digital certificate can also be generated by Internal Certificate Authority if the certificate is going to be used only on the internal network, and NOT on Internet.

18. VPN-1/FireWall-1 supports the following internal authentication schemes:

  • OS Password: This is Operating System password
  • FireWall-1 password: This is an encryped password supported by FireWall-1
  • S/Key: One time password, very secure.

The following external authentication schemes are supported:

  • SecurID: Here the Security Dynamics PassCode is entered by the user.
  • EXENT Pathway Defender: Separate server software requires response from the user.
  • RADIUS: Requires RADIUS server to perform centralized authentication.
  • TACACS: TACACS server prompts the user for a response.

The Kerberos authentication scheme is not supported by VPN-1/FireWall-1.

19. To define a rule in the rule base in FireWall-1, the following must be specified at the minimum:

  • Source
  • Destination
  • Service
  • Action
  • Install On (the enforcement point)

20. VPN-1/FireWall-1 ignores other protocol packets such as IPX, DecNET. These protocols are processed by other protocols stacks. Note that, if you install an IPX protocol stack, for example, the IPX packets are processed by IPX stack independent of VPN-1/FireWall-1. This could be a security risk and need to be thoroughly evaluation for need before installing the same.

Previous      0  1 2  3 4      Next

Please visit for CCSA, CCSA NG and other practice tests: images-used/se-banner125X125.gif