Checkpoint® CCSA-NG (Next Generation) Exam Cram Notes


(CCSA: Checkpoint® Certified Systems Administrator)

Object Tree Tab Menu Command
1 Network Objects Manage -> Network Objects
2 Services Manage -> Services
3 Resources Manage -> Resources
4 OPSEC Applications Manage ->OPSEC Applications
5 Servers Manage -> Servers
6 Users Manage -> Users
7 Time Objects Manage -> Time
8 Virtual Links Manage -> Virtual Links

Note that, Users and Servers are management objects.

33. Some of the popular protocol port numbers are:

  • Telnet: Port #23
  • FTP: Port #21
  • HTTP (WWW): Port #80
  • SMTP: Port #25

34. The Internet Assigned Numbers Authority (IANA) has set aside several ranges of IP numbers that can be freely used over private networks (Internet will not route these IP addresses). These private IP address ranges that are designated private:

Class A private address range: -

Class B private address range: -

Class C private address range: -

35. VPN/FireWall-1 Security Policy permits any number of administrators to view the Security Policy. However, only one administrator can log in using read/write permissions. This arrangement will prevent confusion arising from two admins simultaneously making changes to the Security Policy, without knowing what the other is doing.

36. The following are required to log on to the Log Viewer of a FireWall-1 Management Server:

  • User Name
  • Password
  • Name or IP address of Management Server.

37. SIC (Secure Internal Communication) is used for communication between Modules and the Management Server. The following are true about SIC (Secure Internal Communication):

1. SIC name of a Module is typically known as DN (Distinguished Name).

2. VPN certificates and SIC certificates are used for different purposes.

3. IP connectivity between the Management Server and Module is REQUIRED for starting initialization process of the Module. The certificate is securely issued to the Module during initialization process. After successful initialization, the Module is said to be in TRUST state.

38. SecureUpdate allows to manage installation of CheckPoint and OPSEC products at a central location. The operations that can be performed include:

1. Upgrade and uninstall major versions and Service Packs.

2. Do multiple simultaneous upgrades

3. Manage product repository

4. View status of operation

39. SecureUpdate supports two types of licenses:

1. Central License - Here the Module License is bound to the IP address of the Management Server. That is, the Management Server IP address is used for issuing the license. The advantage is that, even if the IP address of the local module (to which the license is issued) changes, there is no need to re-issue the license.

2. Local License - Here the Module License is bound to the IP address of the module to which license is issued. If the IP address of the local module changes, the license need to be re-validated.

40. Static source mode translates the client's internal, invalid/reserved IP addresses to legal external IP addresses. Note that IP addresses have 1 to 1 relationship in static modes.

Static destination mode translates the server's legal external IP addresses to invalid/reserved internal IP addresses. Static destination mode is used when any server is located in the internal network with a private or invalid IP address, and being accessed from the Internet.

Previous      0  1 2  3 4      Next

Please visit for CCSA, CCSA NG and other practice tests: images-used/se-banner125X125.gif