156-215.77 CCSA Exam Syllabus

CCSA PDF, 156-215.77 Dumps, 156-215.77 PDF, CCSA VCE, 156-215.77 Questions PDF, Check Point 156-215.77 VCE, Check Point CCSA R77 Dumps, Check Point CCSA R77 PDFUse this quick start guide to collect all the information about Check Point CCSA (156-215.77) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the 156-215.77 Security Administrator exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Check Point CCSA R77 certification exam.

The Check Point CCSA certification is mainly targeted to those candidates who want to build their career in Security domain. The Check Point Certified Security Administrator (CCSA) R77.30 exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Check Point CCSA R77.

Check Point CCSA Exam Summary:

Exam Name Check Point Certified Security Administrator (CCSA) R77.30
Exam Code 156-215.77
Exam Price $250 (USD)
Duration 90 mins
Number of Questions 90
Passing Score 70%
Books / Training CCSA Training
Schedule Exam 156-215.77
Sample Questions Check Point CCSA Sample Questions
Practice Exam Check Point 156-215.77 Certification Practice Exam
 

Check Point 156-215.77 Exam Syllabus Topics:

Topic Details
Introduction to Check Point Technology Objectives:
  1. Describe Check Point's unified approach to network management, and the key elements of this architecture.
  2. Design a distributed environment using the network detailed in the course topology.
  3. Install the Security Gateway in a distributed environment using the network detailed in the course topology.
Check Point SecurityManagement Architecture(SMART)
- SmartConsole
- Security Management Server
- Security Gateway
The Check Point Firewall - OSI Model
- Mechanism for controlling
- Network traffic.
- Packet Filtering
- Stateful Inspection
- Application Intelligence
Security Gateway Inspection Architecture - INSPECT Engine Packet Flow
DeploymentConsiderations - Standalone Deployment
- Distributed Deployment
- Standalone Full HA
- Bridge Mode
Check Point SmartConsole Clients  - SmartDashboard
- Smartview Tracker
- SmartLog
- SmartEvent
- SmartView Monitor
- SmartReporter
- SmartUpdate
- SmartProvisioning
- SmartEndpoint
Security ManagementServer - Managing Users in SmartDashboard
- Users Database
Securing Channels of Communication - Secure Internal Communication
- Testing the SIC Status
- Resetting the Trust State
Lab 1: Distributed Installation - Install Security Management Server
- Configure Security Management Server - WebUI
- Configuring the Management Server
- Install Corporate Security Gateway
- Configure Corporate Security Gateway - WebUI
- Configuring the Corporate Security Gateway
- Installing SmartConsole
Lab 2: Branch Office Security Gateway Installation
- Install SecurePlatform on Branch Gateway
- Configuring Branch Office Security
- Gateway with the First time Configuration Wizard
- Configure Branch Gateway - WebUI
Deployment Platforms Objectives:
  1. Given network specifications, perform a backup and restore the current Gateway installation from the command line.
  2. Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line.
  3. Deploy Gateways from the Gateway command line.
Check Point DeploymentPlatforms - Security Appliances
- Security Software Blades
- Remote Access Solutions
Check Point Gaia - History - Power of Two Gaia
- Benefits of Gaia
- Gaia Architecture
- Gaia System Information
Lab 3: CLI Tools - Working in Expert Mode
- Applying Useful Commands in CLISH
- Add and Delete Administrators via the CLI
- Perform Backup and Restore
Introduction to the Security Policy Objectives:
  1. Given the network topology, create and configure network, host and gateway objects.
  2. Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard.
  3. Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use.
  4. Evaluate existing policies and optimize the rules based on current corporate requirements.
  5. Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades and minimal downtime.
Security Policy Basics - The Rule Base
- Managing Objects in SmartDashboard
- SmartDashboard and Objects
- Object-Tree Pane
- Objects-List Pane
- Object Types
- Rule Base Pane
Managing Objects - Classic View of the Objects Tree
- Group View of the Objects Tree
Creating the Rule Base - Basic Rule Base Concepts
- Delete Rule
- Basic Rules
- Implicit/Explicit Rules
- Control Connections
- Detecting IP Spoofing
- Configuring Anti-Spoofing
Rule Base Management - Understanding Rule Base Order
- Completing the Rule Base
Policy Management andRevision Control - Policy Package Management
- Database Revision Control
- Multicasting
Lab 4: Building a Security Policy
- Create Security Gateway Object
- Create GUI Client Object
- Create Rules for Corporate Gateway
- Save the Policy
- Install the Policy
- Test the Corporate Policy
- Create the Remote Security Gateway Object
- Create a New Policy for the Branch Office
- Combine and Organize Security Policies
Lab 5: Configure the DMZ - Create DMZ Objects in SmartDashboard
- Create DMZ Access Rules
- Test the Policy
Monitoring Traffic and Connections Objectives:
  1. Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data.
  2. Using packet data on a given corporate network, generate reports, troubleshoot system and security issues, and ensure network functionality.
  3. Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access based on corporate requirements.
SmartView Tracker - Log Types
- SmartView Tracker Tabs
- Action Icons
- Log-File Management
- Administrator Auditing
- Global Logging and Alerting
- Time Setting
- Blocking Connections
SmartView Monitor - Customized Views
- Gateway Status View
- Traffic View
- Tunnels View
- Remote Users View
- Cooperative Enforcement View
Monitoring Suspicious Activity Rules
- Monitoring Alerts
Gateway Status - Overall Status
- Software Blade Status
- Displaying Gateway Information
SmartView Tracker vs.SmartView Monitor  
Lab 6: Monitoring with SmartView Tracker - Launch SmartView Tracker
- Track by Source and Destination
- Modify the Gateway to Active
- SmartView Monitor
Network Address Translation Objectives:
  1. Configure NAT rules on Web and Gateway servers
Introduction to NAT - IP Addressing
- Hid NAT
- Choosing the Hide Address in Hide NAT
- Static NAT
- Original Packet
- Reply Packet
- NAT Global Properties
- Object Configuration - Hid NAT
- Hide NAT Using Another Interface
- Static NAT
Manual NAT - Configuring Manual NAT
- Special Considerations
- ARP
Lab 7: Configure NAT  - Configure Static NAT on the DMZ Server
- Test the Static NAT Address
- Configure Hide NAT on the Corporate Network
- Test the Hide NAT Address
- Observe Hide NAT Traffic Using fw monitor
- Configure Wireshark
- Observe Traffic
- Observe Static NAT Traffic Using fw monitor
Using SmartUpdate Objectives:
  1. Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications.
  2. Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways.
  3. Upgrade and attach product licenses using SmartUpdate.
SmartUpdate and Managing Licenses - SmartUpdate Architecture
- SmartUpdate Introduction
- Overview of Managing Licenses
- License Terminology
- Upgrading Licenses
- Retrieving License Data from Security Gateways
- Adding New Licenses to the License & Contract Repository
- Importing License Files
- Adding License Details Manually
- Attaching Licenses
- Detaching Licenses
- Deleting Licenses From License & Contract Repository
- Installation Process
Viewing License Properties - Checking for Expired Licenses To Export a License to a File
Service Contracts p. - Managing Contracts Updating Contracts
User Management and Authentication Objectives:
  1. Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely.
  2. Manage users to access to the corporate LAN by using external databases
Creating Users and Groups - User Types
User Authentication - User Authentication Rule Base Considerations
Security Gateway Authentication - Types of Legacy Authentication p. 142
- Authentication Schemes p. 143
- Remote User Authentication p. 145
- Authentication Methods p. 146
Session Authentication - Configuring Session Authentication
Client Authentication - Client Authentication and Sign-On Overview
- Sign-On Methods
- Wait Mode
- Configuring Authentication Tracking
LDAP User Management with UserDirectory
- LDAP Features
- Distinguished Name
- Multiple LDAP Servers
- Using an Existing LDAP Server
- Configuring Entities to Work with the Gateway
- Defining an Account Unit
- Managing Users
- UserDirectory Groups
Lab 8: Configuring User Directory - Connect User Directory to Security
- Management Server
Identity Awareness Objectives:
  1. Use Identity Awareness to provide granular level access to network resources.
  2. Acquire user information used by the Security Gateway to control access.
  3. Define Access Roles for use in an Identity Awareness rule.
  4. Implementing Identity Awareness in the Firewall Rule Base.
Introduction to Identity Awareness
- AD Query
- Browser-Based Authentication
- Identity Agents
- Deployment
Lab 9: Identity Awareness - Configuring the Security Gateway
- Defining the User Access Role
- Applying User Access Roles to the Rule Base
- Testing Identity Based Awareness
- Prepare Rule Base for Next Lab
Introduction to Check Point VPNs Objectives:
  1. Configure a pre-shared secret site-to-site VPN with partner sites.
  2. Configure permanent tunnels for remote access to corporate resources.
  3. Configure VPN tunnel sharing, given the difference between host-based, subnet-based and gateway-based tunnels.
The Check Point VPN  
VPN Deployments - Site-to-Site VPNs
- Remote-Access VPNs
VPN Implementation  - VPN Setup
- Understanding VPN Deployment
- VPN Communities
- Remote Access Community
VPN Topologies  - Meshed VPN Community
- Star VPN Community
- Choosing a Topology
- Combination VPNs
- Topology and Encryption Issues
Special VPN Gateway Conditions - Authentication Between Community Members
- Domain and Route-Based VPNs
- Domain-Based VPNs
- Route-Based VPN
Access Control and VPN Communities - Accepting All Encrypted Traffic
- Excluded Services
- Special Considerations for Planning a VPN Topology
Integrating VPNs into a Rule Base - Simplified vs. Traditional Mode VPNs
- VPN Tunnel Management
- Permanent Tunnels
- Tunnel Testing for Permanent Tunnels
- VPN Tunnel Sharing
Remote Access VPNs - Multiple Remote Access VPN Connectivity Modes
- Establishing a Connection Between a Remote User and a Gateway
Lab 10: Site-to-site VPN Between Corporate and Branch Office
- Define the VPN Domain
- Create the VPN Community
- Create the VPN Rule and Modifying the Rule Base
- Test VPN Connection
- VPN Troubleshooting

To ensure success in Check Point CCSA R77 certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Security Administrator (156-215.77) exam.

Rating: 4.7 / 5 (41 votes)