Making Your Mark on Check Point's CCSA Exam
Licensing, NAT and acronyms abound on Check Point's challenging but straightforward Certified Security Administrator NG exam.
by Don Jones
7/30/2003 --
 |
|
|
| Exam |
|
|
|
#156-210: Check Point Certified Security Administrator NG |
|
| Vendor |
|
|
|
Check Point |
|
| Status |
|
|
|
Live. Available at Pearson Vue test centers worldwide. |
|
| Reviewer's Rating |
|
|
|
"This exam is straightforward and fair for an experienced Check Point administrator." |
|
| Test Information |
|
|
|
75 questions, 90 minute time limit, 69 percent needed to pass. Cost: $150 (U.S.). |
|
| Who Should Take This Exam? |
|
|
|
Passing earns candidate Check Point's CCSA title, version NG |
|
|
| Test Objectives |
|
|
|
Click here |
|
|
|
|
|
|
|
|
|
|
|
|
|
Check Point's Certified Security Administrator (CCSA) NG title is a vendor-specific security credential focusing on the company's FireWall-1 and VPN-1 products. In a marketplace that places an increasingly high value on security awareness and credentials, this is an exam that experienced Check Point administrators will definitely want to check out.
Exam Content
You'll need to pass only one exam to earn the title, 156-210. This exam will set you back $150, and you'll have 90 minutes to answer 75 questions. You'll need to get 69 percent of them correct to pass.
The questions are divided into six knowledge areas:
- VPN-1 / FireWall-1 Architecture
- SecPolicy, RuleBase, and PropSetup
- Advanced Security Policy
- Log Management
- Authentication Parameters
- Network Address Translation
Check Point's official objectives list isn't much more detailed than what's outlined above (see here). If you're so inclined, you can sign up for optional instructor-led training that covers the exam content more in-depth. You'll be taking the exam at a Pearson Vue testing center; it isn't offered through the Thomson Prometric channel.
The exam is designed for working Check Point administrators. With this in mind, below I've detailed some content areas that you'll want to make sure you cover in your studies, followed by my overall take on the exam, including some pitfalls (and a bonus or two) to look out for.
Licensing
While none of the exam's six official categories mention licensing, license management nonetheless stood out as a major component of the exam. I was asked questions about the various ways to manage licensing, the type of licenses, and so forth. I have mixed feelings about this. On one hand, license management is certainly a major piece of the Check Point products. You can't possibly be an effective administrator without understanding the ins and outs of licensing, and that certainly makes licensing fair game for exam questions.
On the other hand, licensing has nothing to do with firewall or VPN servers. Licensing is a completely artificial set of constraints that Check Point imposes, and the fact that licensing is so important and complex as to warrant a handful of exam items should be a heads up for Check Point's product developers. I'd really like to see future versions of the products make licensing more intuitive and less complex, so that more exam questions can focus on actual firewall management and security issues, rather than license management.
Study Tip: Know the difference between Central and other types of licensing, and how licenses are tied to products.
Network Address Translation
Network Address Translation (NAT) is a major component of most firewall products, and you should expect to be heavily tested on your knowledge of NAT. FireWall-1 offers different NAT modes, such as Dynamic and Automatic. Check Point expects certified administrators to know what each one does and when each one is the appropriate solution: You'll be shown network diagrams and given a business goal, and then asked to select the appropriate NAT configuration.
NAT, as you may know, is designed to translate private IP addresses on your network into one or more public IP addresses on the Internet. NAT generally works by dynamically modifying source port numbers in outgoing TCP and UDP packets; replies can thus be sent back to the original computer by keeping track of those port numbers. That's essentially how FireWall-1 works, although it offers quite a bit of flexibility, and there's also other NAT modes (such as static and automatic).
Study Tip: Know why NAT is used and how it works. Also study how the difference between the different NAT modes, particularly Dynamic NAT.
Authentication
Authentication stood out as a major, major piece of this exam. You may or may not think that's fair; many of the FireWall-1 shops I've worked in don't bother with authentication, and so there's a good argument that a qualified administrator might not know much about it. Nonetheless, Check Point thinks you need to know plenty about it in order to pass the exam, so if you haven't worked with authentication, be sure to brush up.
FireWall-1 offers a bevy of authentication options, including transparent authentication, user authentication, session authentication, client authentication and more. Each of them works a bit differently, works with different protocols, and provides a slightly different experience for end users. You need to understand how each one is used, what protocols they're good with, and how each affects your network users. Expect to be quizzed extensively on session, user, and client authentication in particular. Questions range from business-issue questions like "which authentication type would you select in such and such a situation," to questions that ask you to select the statements which are (or are not) true about a specific authentication method.
Study Tip: Make sure you know about transparent, client, user, session and other types of authentication. Know how to turn them on, what protocols they work with, and how users interact with them.
General Firewall
A smaller portion of the exam focuses on general firewall stuff, which is surprising: I'd actually expected the majority of the exam to focus on creating policies and rules and getting them arranged in the correct order. You'll find a few questions like this, particularly ones that give a business goal such as allowing all users to access a particular Web server.
You'll need to know quite a bit about how FireWall-1 inspects and applies rules. Understand that, as with most firewalls, packets that aren't specifically permitted by a rule are dropped (at least, by default), so the business of rule creation is pretty much all about permitting the traffic you want.
Check Point also expects candidates for this certification to know about advanced security policy. Here's where you'll really need to understand how FireWall-1 works. For example, do you know what happens to an Enforcement Module when its Managing Server goes offline? Make sure you understand the complex interaction between Check Point's software components, which bits handle which tasks, and which ones rely on which other ones.
Study Tip: Know about hidden rules, cleanup rules and stealth rules. Practice using them and understand how they work, what they do, and where they fit into the product architecture.
Management
FireWall-1 management is another important topic. You'll need to be thoroughly familiar with the different tool sets, such as Smart Status, what each tool offers, and how you can customize access permissions for each tool. For example, do you know how to configure the product so that a security auditor can review logged information and configuration settings, without being able to modify them? Do you know what the various icons and symbols within the administrative interfaces mean, and what actions you should take based upon that meaning?
Study Tip: Know the different management tools, how to control access to them, and what each one offers. Know how to grant permissions within the administrative tools.
Overall Take
My company, BrainCore.Net, specializes in IT exam development, so I always have an slightly different viewpoint than most when I'm taking an exam. While the technology being tested is always at the front of my mind, the exam itself is also something I pay close attention to. Check Point has a pretty good exam, although there were a few things you'll want to watch out for.
My biggest problem with the exam is the large number of "negatives" I was asked: "Which of the following are NOT characteristics of the product," for example. I don't like these questions because they require you to do a bit of mental gymnastics to get the correct answer. You have to read each answer choice, decide if it's true or false, and then select the false ones. It'd be much better if these could just be rephrased as, "Which of the following ARE characteristics of the product," which would be a more straightforward approach.
This exam is entirely multiple choice, and you'll see a big number of "choose 2," "choose 3" and "choose 4" questions. Be careful, though: While some of the questions tell you that you're choosing 2 (or 3 or whatever) answers, not all of them do so. Be sure to check the status bar at the bottom of the window, which always tells you how many correct answers you're supposed to be picking.
I also noticed a number of questions that were what the exam development industry calls "enemies". These are questions which give away information from another question. Because you can move back and forth between the questions as you take the exam, you have the opportunity to learn something from one item, and then backtrack to get a better shot at an earlier item. Check Point should carefully review their item pool with some experienced administrators and try to eliminate these enemies. While it's great news for you as a test-taker than some questions will help give you the answers to others, it does nothing for maintaining the value and validity of the exam and the CCSA credential.
On a more positive note, the exam I took had no pop-up graphical exhibits. There were a few questions with network diagrams, but the diagrams were embedded directly into the question. I really appreciate not having to mess around with the multiple windows that Vue's exhibit viewer utilizes, and I wish more exam vendors would take Check Point's approach of embedding smaller graphics right within the question itself.
Overall, I found the exam to be pretty straightforward and fair for an experienced Check Point administrator. There were only a handful of questions that relied on information I could have memorized (like asking me to select the correct definition for a term), and the majority of the items really do require a moderate level of experience with Check Point's products. I was a bit disappointed at the number of acronyms scattered throughout the exam; I'm not sure it's fair to expect every experienced firewall administrator to remember Check Point-specific acronyms like SIC, and your chances of passing the exam fall off considerably if you don't know all of these acronyms.
The questions themselves are almost all very short, so this should be a pretty stress-free experience. If you haven't worked with authentication or licensing, make sure you focus your study and lab efforts in those areas, as they're heavily tested and are the ones more likely for even an experienced administrator to miss.
Have you taken this exam? Post your rating below!
Don Jones is the owner and operator of ScriptingAnswers.com, a speaker at national technical IT conferences, and the author of nearly twenty books on information technology. His latest book is "Managing Windows with VBScript and WMI" (Addison-Welsey) and he's completing "Windows Administrator's Automation Toolkit" (Microsoft Press). You can reach Don at his Web site or at .
More articles by Don Jones:
|
