Checkpoint® Certified Security Administrator Exam cram Notes


Note that, if the Primary Management Servr is uninstalled, all other Check Point Products need to be uninstalled and reinstalled from scratch.

17. Fingerprint is used to verify the identity of the Management Server being accessed via the GUI Client for the first time. When a GUI Client initially connects to the Management Server, you should fetch the fingerprint and compare it with the established fingerprint obtained by means of fax, mail, print, or some other non network means. Fingerprint matching ensures that the Management Server is communicating to the right GUI.

18. VPN-1/FireWall-1 supports the following internal authentication schemes:

  • OS Password: This is Operating System password
  • FireWall-1 password: This is an encryped password supported by FireWall-1
  • S/Key: One time password, very secure.

The following external authentication schemes are supported:

  • SecurID: Here the Security Dynamics PassCode is entered by the user.
  • EXENT Pathway Defender: Separate server software requires response from the user.
  • RADIUS: Requires RADIUS server to perform centralized authentication.
  • TACACS: TACACS server prompts the user for a response.

The Kerberos authentication scheme is not supported by VPN-1/FireWall-1.

19. To define a rule in the rule base in FireWall-1, the following must be specified at the minimum:

  • Source
  • Destination
  • Service
  • Action
  • Install On (the enforcement point)

20. VPN-1/FireWall-1 ignores other protocol packets such as IPX, DecNET. These protocols are processed by other protocols stacks. Note that, if you install an IPX protocol stack, for example, the IPX packets are processed by IPX stack independent of VPN-1/FireWall-1. This could be a security risk and need to be thoroughly evaluation for need before installing the same.

Previous      0 1 2 3 4      Next

Please visit our sponsor: images-used/se-banner125X125.gif