Check Point CCSA Exam Cram 2 (Exam 156-210.4) [Paperback]

The Check Point CCSA Exam Cram 2 provides a concise overview of the latest version of Check Point's certification exam, 156-210.4. Written by an experienced and CCSA, CCSE and CCSE Plus certified network security consultant, this comprehensive review guide maps to the exam objectives for easy study. All of the new features are covered, including:

• VPN/Firewall
• Smart Dashboard
• Smart View Tracker
• Network Address Translation

Although some might look at the SOHO router they have at home and wonder how hard running a firewall can be, those who have experienced something on a larger scale, such as Internet hosting, know that the environment is dynamic—attackers are becoming smarter, and you're being forced to expose more of your systems to the outside. Check Point's flagship product—FireWall-1—gives the administrator a unified view of dozens of firewalls, which includes centralized logging and a single security policy. Routers and access lists may have cut it in the 1990s, but not anymore. As you'll see later, firewalls have to inspect all flows, and constantly check all layers for abnormalities. FireWall-1 allows you to do all this and more.

The Check Point Certified Security Administrator (CCSA) certification is the first step toward FireWall-1 guru-dom. Someone with a CCSA has demonstrated, by taking an exam, that he or she understands how to configure, maintain, troubleshoot, and upgrade a FireWall-1 installation. The product is complex, with dozens of nooks and crannies that affect the operation of the device. The exam tests you on these details, and expects that you'll know what knobs to turn in order to achieve a particular objective.

Unlike many other entry-level certifications, the CCSA focuses on the core product. There are no free points for knowing how to subnet, or for knowing the OSI model. This book will walk you through all the key material you can expect to be tested on.

Check Point exams are offered exclusively through Pearson Vue. Signing up for the exam is fairly straightforward.The advantage of doing it online is that it's easier to check the schedules, plus your online account lets you manage your exam bookings.

Before you sign up, you'll want to make sure that you have an account at the Check Point User Center, and that you've used the same email address there as you will with Pearson Vue. After you've passed the exam, your user center account will be updated to reflect this, and give you access to more advanced technical information and logos.

You'll also need a credit card to make the online purchase. As of this writing, the price is $150.

You may wonder why preparation comes after signing up. If you're like me, unless you have a hard and fast deadline to meet, you'll never get around to studying. Set a date for your exam early on. You can always reschedule it if something comes up (with 48 hours' notice, though).

If you're one of those people who can focus on your studying, then by all means schedule your exam after you've finished studying. Really, I won't be offended.

The key to passing the CCSA exam is to work with the FireWall-1 product. You'll see in Chapter 3, "SmartDashboard," that there are demo modes that let you work within the software without having any real firewalls. You can also set up your own lab, either with real computers or with a virtualization tool like VMWare. For the purposes of the CCSA, a single firewall with a server behind it can do everything you'll be tested on.

This book presents a logical path through all the features covered on the CCSA exam. Trying out things, rather than simply taking my word for it, will help you remember the info come exam time. Even if you run across something that you're not sure is covered on the exam, read through the online help and try to set it up. The worst that happens is that you learn something new.

Firewalls tend to suffer from a lack of good documentation outside of the vendor's site, and Check Point is no exception. There are a few good sites out there—I'll be certain to point you their way when the time comes—but by and large your information can be found in the documentation and the Knowledge Base. Be careful when looking at Internet sources, because the product has undergone radical changes in the past few years and a lot of the information out there refers to older revisions.

In summary, practice using the product, read the white papers and documents on the Check Point website, and read this book!

If you've taken a certification exam through one of the major vendors before, this one is no different. If not, here's a rundown of what to expect at the exam center.

The first thing you'll have to do is sign in. This involves presenting two pieces of ID, at least one with a picture, and then reading and signing Vue's agreement. You'll be expected to surrender your jacket, wallet, pager/cellphone, and any bags you might be carrying. Save yourself some undue stress and throw everything in your bag before entering the exam center.

When it's your time, you'll be led to the testing room, and the proctor will sign you in to the computer. You'll also be given either scrap paper or an erasable sheet to make notes on. If you think it will help you, you may want to write out some of the important tables, such as authentication and NAT types, just in case you're prone to forgetfulness in the heat of the moment. You'll have to return all materials they give you at the end. Depending on the testing center, there may be several computers and other people taking exams. At this point, if anything seems wrong, tell your proctor! They may be able to offer you a different computer or some earplugs to help you out. After you begin the exam, it's too late to ask!

At the computer, you'll be expected to agree to Check Point's terms and conditions (that is, that you're not going to walk out of there and post all the questions to your website). Click Start the Exam, and you're off!

The question, any necessary diagrams, and the possible answers are all on the same screen. Answer the question, and click the Next button to continue, or Previous to go back one question. There will also be a check box on the corner of your screen called Mark for Review. At the end of the exam, you'll be given an opportunity to go through all the questions, or just the ones you marked for review. Either way, you can continue to review your answers until either your time runs out or you click End Exam.

When you end the exam, the machine will pause for what seems like an eternity while it figures out your mark. It will display it on the screen, along with its congratulations or condolences, as the case may be. Quietly walk out of the exam room, hand back your scrap paper, and sign out on the same sheet you signed in on. You'll also be given your printed grade report.

The current exam has 96 questions, and you need a 70% to pass (that's 68 questions, for the mathematically impaired). You get 90 minutes to go through it. Before you think, That's less than a minute per question! realize this: There will be some questions that you'll have to sit back and think about for a minute, but if you prepare yourself in advance, there will be many more that you will immediately know the answer to. In the end, time should not be an issue.

Caution - Although you'll be tempted in some cases to immediately click your answer and then click Next, take the time to read the possible answers thoroughly. These exams are widely known for little tricks, such as asking the question in the negative (for example, "Which of the following are false?") or subtly interchanging some words to trip you up. For instance, some commands are available only in certain modes, and the first correct answer you see may be the right command but the wrong mode.

Although you can go back to a previous question, I'd advise you not to make heavy use of the Previous button. Not only does second-guessing yourself often lead to confusion, but cycling through older questions eats up time. Make a note of the question on your scratchpad and get back to it later. If you are up in the air on the question, you should click the Mark for Review button so that you can find it more easily at the end.

Caution - That Mark for Review button is very handy. If you've narrowed down an answer to a couple of choices, there's a chance that a subsequent question may help you out. This is where the scratchpad also helps.

Time management is important. Try to leave about 10 minutes at the end to review. This means you should be doing at least 25 questions every 20 minutes. An unanswered question is the same as an incorrectly answered one, so if you find yourself with only a few minutes remaining, random guessing is better than not finishing.

Pick an exam time that is to your advantage. Personally, I find mornings to be the best, because my head is fairly clear (after some coffee, that is) and my energy hasn't been drained by the day's work.

A bit of psychological advice: You aren't going to learn anything new in the couple of hours before the test. This is the time to reinforce what you know by reviewing your notes and this book's Cram Sheet, not for frantically memorizing pages from the manual. Relax as much as possible, accept that you've done your best studying, and get ready to write.

Finally, stay away from so-called "braindump" sites, where you can view questions that are purportedly from the real exam. Not only does it devalue the certification that you're going after, but the information on those sites is often wrong. If someone offers you "real" or "actual" test questions, don't fall for it. In the past, some of the sites have been successfully sued by the testing vendor, and the subscriber lists were turned over to the vendor.

Really only two types of questions are asked on the exam, as described next. There are no simulations, but you will find some scenarios, which I also describe.

Multiple-choice questions are the most prevalent type of question on the exam. Given five possible answers, you're asked to choose the best correct one. Sometimes, you'll see two answers that seem correct, but only one can be the right one. It's possible that you're overthinking or misinterpreting the question.

Here's an example:

Check Point FireWall-1's guiding principle is what?

Answer: A. The guiding policy is also referred to as a default deny. B is not correct because it is a default allow. C is not the correct answer because even though it is a correct statement, it is not a guiding principle. D is not correct because firewalls should not trade security. E is not correct because attacks can come on any port or protocol, and it is not a guiding principle.

These types of questions generally give you five answers and ask you to check a specific number of them. Unlike some on other exams, you'll always know how many answers you have to give (usually two or three). Make sure that you check the correct number of answers, because you can't count on the exam engine to remind you! Sometimes the expected number will be part of the question, or will be stated explicitly after the question.

Here's an example:

What are the three types of authentication that can be used in the action field of a rule?

Answer: A, C, and D. These are the only possible options in the rule action. B is not an option. E is not an option.

Some questions are given in the form of a scenario, sometimes with a network diagram to explain the question. The big thing to keep in mind here is that a lot of information doesn't pertain to the real question, and may be a distraction.

Here's an example:

Sally Sysadmin just bought eight FireWall-1 NG-AI enforcement points and a Smart Centre Server that came with a free hat. The hat was too big, but she was able to trade it in for a shirt. The enforcement points run on Solaris, and are distributed across her WAN. Because the Smart Centre Server runs on Secure Platform, what licensing scheme should she use?

Answer: B. A is not correct because Check Point does not recommend using local licenses for new installations. B is correct because central licensing is the preferred method. C is not correct because distributed is not a licensing option. D is not correct because enterprise is not a licensing option.

Other than the first few chapters, the order in which you read this book doesn't matter too much. For someone fairly new to Check Point, the order presented tackles topics starting with the basics, and moving on to more difficult and specialized areas.

The book starts with a self-assessment, which helps you determine whether you're the ideal candidate for the CCSA certification. Although it only presents guidelines, if you're deficient in a certain area, you may want to work on that before attempting the CCSA.

Each chapter starts with a list of key terms and concepts you'll need to know for the exam. If they are new to you, you'll want to pay closer attention to the chapter. Follow along in the software as you go through the chapters, and consult the documentation and online help for more information if you'd like. At the end of each chapter is a series of review questions to test your understanding of the material.

Tip - When going through the end-of-chapter quiz, write down your answers on a scrap of paper instead of doing them in your head or, even worse, just reading the answers. Questions that you answered incorrectly tell you what you should be reviewing before moving on.

At the end of the book are many more practice questions. These should be done in a more formal fashion, because the idea is to get you closer to an exam situation. Sit down in a quiet room with a piece of paper, and answer all the questions before you look at the solutions.

Also check online for updates to this book.Check in to see whether there have been any significant changes, or errata to report.

Caution - This is what an Exam Alert looks like. An Exam Alert stress concepts, terms, or procedures that are likely to appear on the certification exam.

Note - The Note icon provides additional information about the material being discussed that will be of interest to FireWall-1 administrators.

Tip - A Tip box points out a shortcut or a time-saving technique that will make you more efficient.

Caution - Cautions signify something you must watch out for, or exercise caution while doing. Failure to do so might cause an outage, and perhaps a long night of restoring from tape.

Sidebar - A headlined sidebar provides longer bits of information that may not be directly covered on the exam but is important background material to know. The information in the sidebars will help your understanding of the exam topics.© Copyright Pearson Education. All rights reserved.