Use this quick start guide to collect all the information about Check Point CCSA (156-215.77) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the 156-215.77 Security Administrator exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Check Point CCSA R77 certification exam.
The Check Point CCSA certification is mainly targeted to those candidates who want to build their career in Security domain. The Check Point Certified Security Administrator (CCSA) R77.30 exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Check Point CCSA R77.
Check Point CCSA Exam Summary:
Exam Name | Check Point Certified Security Administrator (CCSA) R77.30 |
Exam Code | 156-215.77 |
Exam Price | $250 (USD) |
Duration | 90 mins |
Number of Questions | 90 |
Passing Score | 70% |
Books / Training | CCSA Training |
Schedule Exam | 156-215.77 |
Sample Questions | Check Point CCSA Sample Questions |
Practice Exam | Check Point 156-215.77 Certification Practice Exam |
Check Point 156-215.77 Exam Syllabus Topics:
Topic | Details |
---|---|
Introduction to Check Point Technology |
Objectives:
|
Check Point SecurityManagement Architecture(SMART)
|
- SmartConsole
- Security Management Server
- Security Gateway
|
The Check Point Firewall |
- OSI Model
- Mechanism for controlling
- Network traffic.
- Packet Filtering
- Stateful Inspection
- Application Intelligence
|
Security Gateway Inspection Architecture | - INSPECT Engine Packet Flow |
DeploymentConsiderations |
- Standalone Deployment
- Distributed Deployment
- Standalone Full HA
- Bridge Mode
|
Check Point SmartConsole Clients |
- SmartDashboard
- Smartview Tracker
- SmartLog
- SmartEvent
- SmartView Monitor
- SmartReporter
- SmartUpdate
- SmartProvisioning
- SmartEndpoint
|
Security ManagementServer |
- Managing Users in SmartDashboard
- Users Database
|
Securing Channels of Communication |
- Secure Internal Communication
- Testing the SIC Status
- Resetting the Trust State
|
Lab 1: Distributed Installation |
- Install Security Management Server
- Configure Security Management Server - WebUI
- Configuring the Management Server
- Install Corporate Security Gateway
- Configure Corporate Security Gateway - WebUI
- Configuring the Corporate Security Gateway
- Installing SmartConsole
|
Lab 2: Branch Office Security Gateway Installation
|
- Install SecurePlatform on Branch Gateway
- Configuring Branch Office Security
- Gateway with the First time Configuration Wizard
- Configure Branch Gateway - WebUI
|
Deployment Platforms |
Objectives:
|
Check Point DeploymentPlatforms |
- Security Appliances
- Security Software Blades
- Remote Access Solutions
|
Check Point Gaia |
- History - Power of Two Gaia
- Benefits of Gaia
- Gaia Architecture
- Gaia System Information
|
Lab 3: CLI Tools |
- Working in Expert Mode
- Applying Useful Commands in CLISH
- Add and Delete Administrators via the CLI
- Perform Backup and Restore
|
Introduction to the Security Policy |
Objectives:
|
Security Policy Basics |
- The Rule Base
- Managing Objects in SmartDashboard
- SmartDashboard and Objects
- Object-Tree Pane
- Objects-List Pane
- Object Types
- Rule Base Pane
|
Managing Objects |
- Classic View of the Objects Tree
- Group View of the Objects Tree
|
Creating the Rule Base |
- Basic Rule Base Concepts
- Delete Rule
- Basic Rules
- Implicit/Explicit Rules
- Control Connections
- Detecting IP Spoofing
- Configuring Anti-Spoofing
|
Rule Base Management |
- Understanding Rule Base Order
- Completing the Rule Base
|
Policy Management andRevision Control |
- Policy Package Management - Database Revision Control
- Multicasting
|
Lab 4: Building a Security Policy
|
- Create Security Gateway Object
- Create GUI Client Object
- Create Rules for Corporate Gateway
- Save the Policy
- Install the Policy
- Test the Corporate Policy
- Create the Remote Security Gateway Object
- Create a New Policy for the Branch Office
- Combine and Organize Security Policies
|
Lab 5: Configure the DMZ |
- Create DMZ Objects in SmartDashboard
- Create DMZ Access Rules
- Test the Policy
|
Monitoring Traffic and Connections |
Objectives:
|
SmartView Tracker |
- Log Types
- SmartView Tracker Tabs
- Action Icons
- Log-File Management
- Administrator Auditing
- Global Logging and Alerting
- Time Setting
- Blocking Connections
|
SmartView Monitor |
- Customized Views
- Gateway Status View
- Traffic View
- Tunnels View
- Remote Users View
- Cooperative Enforcement View
|
Monitoring Suspicious Activity Rules
|
- Monitoring Alerts |
Gateway Status |
- Overall Status
- Software Blade Status
- Displaying Gateway Information
|
SmartView Tracker vs.SmartView Monitor | |
Lab 6: Monitoring with SmartView Tracker |
- Launch SmartView Tracker
- Track by Source and Destination
- Modify the Gateway to Active
- SmartView Monitor
|
Network Address Translation |
Objectives:
|
Introduction to NAT |
- IP Addressing
- Hid NAT
- Choosing the Hide Address in Hide NAT
- Static NAT
- Original Packet
- Reply Packet
- NAT Global Properties
- Object Configuration - Hid NAT
- Hide NAT Using Another Interface
- Static NAT
|
Manual NAT |
- Configuring Manual NAT
- Special Considerations
- ARP
|
Lab 7: Configure NAT |
- Configure Static NAT on the DMZ Server
- Test the Static NAT Address
- Configure Hide NAT on the Corporate Network
- Test the Hide NAT Address
- Observe Hide NAT Traffic Using fw monitor
- Configure Wireshark
- Observe Traffic
- Observe Static NAT Traffic Using fw monitor
|
Using SmartUpdate |
Objectives:
|
SmartUpdate and Managing Licenses |
- SmartUpdate Architecture
- SmartUpdate Introduction
- Overview of Managing Licenses
- License Terminology
- Upgrading Licenses
- Retrieving License Data from Security Gateways
- Adding New Licenses to the License & Contract Repository
- Importing License Files
- Adding License Details Manually
- Attaching Licenses
- Detaching Licenses
- Deleting Licenses From License & Contract Repository
- Installation Process
|
Viewing License Properties | - Checking for Expired Licenses To Export a License to a File |
Service Contracts p. | - Managing Contracts Updating Contracts |
User Management and Authentication |
Objectives:
|
Creating Users and Groups | - User Types |
User Authentication | - User Authentication Rule Base Considerations |
Security Gateway Authentication |
- Types of Legacy Authentication p. 142
- Authentication Schemes p. 143
- Remote User Authentication p. 145
- Authentication Methods p. 146
|
Session Authentication | - Configuring Session Authentication |
Client Authentication |
- Client Authentication and Sign-On Overview
- Sign-On Methods
- Wait Mode
- Configuring Authentication Tracking
|
LDAP User Management with UserDirectory
|
- LDAP Features
- Distinguished Name
- Multiple LDAP Servers
- Using an Existing LDAP Server
- Configuring Entities to Work with the Gateway
- Defining an Account Unit
- Managing Users
- UserDirectory Groups
|
Lab 8: Configuring User Directory |
- Connect User Directory to Security
- Management Server
|
Identity Awareness |
Objectives:
|
Introduction to Identity Awareness
|
- AD Query
- Browser-Based Authentication
- Identity Agents
- Deployment
|
Lab 9: Identity Awareness |
- Configuring the Security Gateway
- Defining the User Access Role
- Applying User Access Roles to the Rule Base
- Testing Identity Based Awareness
- Prepare Rule Base for Next Lab
|
Introduction to Check Point VPNs |
Objectives:
|
The Check Point VPN | |
VPN Deployments |
- Site-to-Site VPNs
- Remote-Access VPNs
|
VPN Implementation |
- VPN Setup
- Understanding VPN Deployment
- VPN Communities
- Remote Access Community
|
VPN Topologies |
- Meshed VPN Community
- Star VPN Community
- Choosing a Topology
- Combination VPNs
- Topology and Encryption Issues
|
Special VPN Gateway Conditions |
- Authentication Between Community Members
- Domain and Route-Based VPNs
- Domain-Based VPNs
- Route-Based VPN
|
Access Control and VPN Communities |
- Accepting All Encrypted Traffic
- Excluded Services
- Special Considerations for Planning a VPN Topology
|
Integrating VPNs into a Rule Base |
- Simplified vs. Traditional Mode VPNs
- VPN Tunnel Management
- Permanent Tunnels
- Tunnel Testing for Permanent Tunnels
- VPN Tunnel Sharing
|
Remote Access VPNs |
- Multiple Remote Access VPN Connectivity Modes
- Establishing a Connection Between a Remote User and a Gateway
|
Lab 10: Site-to-site VPN Between Corporate and Branch Office
|
- Define the VPN Domain
- Create the VPN Community
- Create the VPN Rule and Modifying the Rule Base
- Test VPN Connection
- VPN Troubleshooting
|
To ensure success in Check Point CCSA R77 certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Security Administrator (156-215.77) exam.