Use this quick start guide to collect all the information about Check Point CCSM (156-115.77) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the 156-115.77 Security Master exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Check Point CCSM R77 certification exam.
The Check Point CCSM certification is mainly targeted to those candidates who want to build their career in Security domain. The Check Point Certified Security Master (CCSM) R77.30 exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Check Point CCSM R77.
Check Point CCSM Exam Summary:
Exam Name | Check Point Certified Security Master (CCSM) R77.30 |
Exam Code | 156-115.77 |
Exam Price | $350 (USD) |
Duration | 90 mins |
Number of Questions | 90 |
Passing Score | 70% |
Books / Training | CCSM Training |
Schedule Exam | Pearson VUE |
Sample Questions | Check Point CCSM Sample Questions |
Practice Exam | Check Point 156-115.77 Certification Practice Exam |
Check Point 156-115.77 Exam Syllabus Topics:
Topic | Details |
---|---|
Troubleshoot security problems |
- Given a specific internal or client problem, replicate the issues in a test environment. - Given a specific internal or client problem, troubleshoot and correct the issue. |
Chain Modules |
- Use command fw ctl chain to study chain module behavior. Observe how policy changes impact the chain. - Use the command fw debug fwm on and review the file fwm.elg to find such issues as SIC, mis-configured rules, GUI client connectivity problems, and improperly entered information. - Given a specific internal or client need, analyze and apply the appropriate hot fix and evaluate its effectiveness. - Use Check Point Debugging Tools
|
NAT |
- Use commands fw ctl debug and fw monitor to troubleshoot the NAT stages of Automatic Hide NAT and Automatic Static NAT. - Configure Manual NAT to define specific rules in unique NAT environments. |
ClusterXL |
- Using commands fw ctl debug and fw ctl kdebug troubleshoot ClusterXL connections from information displayed in debug file. - Use commands fw tab –t connections and fw tab –t connections –x to review and clear connections table. - Modify file table.def to allow traffic through a specific cluster member. |
VPN Troubleshooting |
- Use command vpn debug to locate source of encryption failures. - Use command fw monitor to verify VPN connectivity and identify potentially mis-configured VPN’s. |
SecureXL Acceleration debugging | - Use commands fw accel and kernel debug to view acceleration tables and verify accelerated connections. |
Hardware Optimization |
- Identify the correct Check Point Hardware/Appliances for a given scenario - Performance tuning and evaluation of complex networks and technologies - Scope proper sizing of hardware based on customer requirements - Use command ethtool to tune NIC performance. - Edit arp cache table to increase size to improve performance. - Use command fw ctl pstat to improve load capacity. - Use the fwaccel stat and fwaccel stats outputs to tune the firewall rule base. |
Software Tuning |
- Deploy NAT templates to reduce load on Rule Base application. - Configure cluster synchronization planning to improve network performance. - Identify performance limiting configurations - Correct and tune different scenarios - Identify the causes of performance limiting factors (internal and external factors) |
Enable CoreXL | - Configure CoreXL for specific cpu task assignment. |
IPS |
- Configure IPS to reduce false positives. - Use command fw ctl zdebug to improve logging efficiency. - Use IPS Bypass to improve performance. |
IPV6 | - Deploy IPV6 in a local environment |
Advanced VPN |
- Identify differences between route-based VPNs and domain-based VPNs. - Configure VTI for route-based VPN gateways. - Configure OSPF for Dynamic VPN routing in a Community. - Identify the Wire Mode function by testing a VPN failover. - Configure Directional VPN Rule Match for Route-Based VPN. |
Dynamic Routing |
- Diagnose and solve specific routing issues in a network environment. - Multicast Design and troubleshooting PIM Sparse mode and Dense mode based on GateD and IPSRD - Design/troubleshoot OSPF/BGP in GateD and IPSO IPSRD environments - Static routing and network topologies |
To ensure success in Check Point CCSM R77 certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Security Master (156-115.77) exam.