Check Point Security Expert R70 / R71

Study Guide

Check Point Certified Security Administrator

Exam: #156-315.71

Copyright Check Point Software Technologies

Ltd. All rights reserved.
Printed by Check Point Press
A Division of Check Point Software Technologies Ltd.
First Printing December 2010
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at
DFARS 252.227-7013 and FAR 52.227-19.
2003-2010 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No
part of this product or related documentation may be reproduced in any form or by any means
without prior written authorization of Check Point. While every precaution has been taken in
the preparation of this book, Check Point assumes no responsibility for errors or omissions.
This publication and features described herein are subject to change without notice.

TRADEMARKS
2003-2010 Check Point Software Technologies Ltd. All rights reserved. Check
Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security,
Check Point Endpoint Security On Demand, Check Point Express, Check Point
Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding
Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid
Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG,
NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile,
Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home,
Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL,
SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1,
SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advi-

sor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning,

SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView
Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network
Extender, Stateful Clustering, Total Security, the totalsecurity logo, TrueVector,
Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1
Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator
Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1
Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1
SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX,
Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus,
ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro,
ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its
affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All
other product names mentioned herein are trademarks or registered trademarks of
their respective owners. The products described in this document are protected by
U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943,
and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications.
DISCLAIMER OF WARRANTY
Check Point Software Technologies Ltd. makes no representation or warranties,
either express or implied by or with respect to anything in this document, and shall
not be liable for any implied warranties of merchantability or fitness for a particular
purpose or for any indirect special or consequential damages.

International Headquarters:

5 HaSolelim Street
Tel Aviv 67897, Israel
Tel: +972-3-753 4555

U.S. Headquarters:

800 Bridge Parkway

Redwood City, CA 94065
Tel: 650-628-2000
Fax: 650-654-4233

Technical Support, Education & Professional Services:

8333 Ridgepoint Drive, Suite 150

Irving, TX 75063
Tel: 972-444-6612
Fax: 972-506-7913
E-mail any comments or questions about our
courseware to [email protected].
For questions or comments about other Check
Point documentation, e-mail
[email protected].

Document #:

CCSA R70 Study Guide

Revision:

R71001

Content:

Mark Hoefle

Graphics:

Jeffery Holder

Chapter 1

The Check Point Certified Security Expert Exam

Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 2

Management Portal

Check Point Management Portal Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 3

Smart Workflow

11

Check Point SmartWorkflow Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 4

SmartProvisioning

17

Check Point SmartProvisioning Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Chapter 5

SSL Portal-Based VPN

25

Check Point SSL Portal-Based VPN Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Chapter 6

Acceleration

31

Check Point Acceleration Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Chapter 7

High Availability

37

Check Point High Availability Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 8

Clustering

43

Check Point Clustering Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Chapter 9

Advanced Networking - Routing

49

Check Point Advanced Networking Routing Topics . . . . . . . . . . . . . . . . . . . . . . . 50

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Chapter 10
Balancing

Advanced Networking Load

55

Check Point Advanced Networking Load Balancing Topics . . . . . . . . . . . . . . . 56

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Chapter 11

Advanced Networking - QoS

61

Check Point Advanced Networking QoS Topics . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Sample CCSE R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Chapter 12

Check Point IPS

67

Introduction to the Check Point IPS Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Sample CCSA R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Chapter 13

Data Loss Prevention

73

Introduction to the Check Point Data Loss Prevention Topics . . . . . . . . . . . . . . . . . 74

Sample CCSA R71 Exam Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Preface
The Check Point Certified Security
Expert Exam
The Check Point Security Expert R70 / R71 course is intended to provide an understanding of upgrading and advanced configuration of Check Point software blades,
installing and managing VPNs (on both internal and external networks), gaining the
maximum security from Security Gateways, and resolving Gateway performance
issues. The Check Point Security Expert R70 / R71 Study Guide supplements
knowledge you have gained from the Check Point Security Expert R70 / R71
course, and is not a sole means of study.
The Check Point Certified Security Expert R71 (CCSE) exam covers the following
topics:
Define how the Management Portal aids in managing and troubleshooting
security configurations.
Describe how to extend access to network policy settings to outside auditors
Identify the advantages of SmartWorkflow in tracking, approving, and auditing
security policy changes.
Assess the benefits of policy life-cycle management and change management.
Determine typical SmartWorkflow administrative and use processes.
Identify the advantages of SmartProvisioning as a centralized management
tool.
1

Preface: The Check Point Certified Security Expert Exam

Determine typical typical SmartProvisioning deployment scenarios.

Describe profile based management as it applies to SmartProvisioning.
Describe the security features of SSL VPN
Identify the role of the SSL VPN in common deployment scenarios.
Identify the advantages of SecureXL security acceleration with intense security
processing requirements.
Assess the benefits of multi-core CPU combined with SecureXL security
acceleration.
Identify the features and limitations of Management High Availability.
Determine typical multiple security gateway cluster configurations using
ClusterXL
Identify the advantages of Advanced Routing protocols for scalability, faulttolerance, security.
Determine typical Load Balancing configurations using Advanced Networking
Determine typical Load Balancing configurations using Advanced Networking
Define the purpose for Reporting.
Given logged data, produce reports that provide an audit of network traffic.
Define the need for intrusion event analysis.
Monitor and analyze alerts to track and identify network intrusions.

Check Point Security Expert R70 / R71 Study Guide

Frequently Asked Questions

Preface: The Check Point Certified Security Expert Exam

Frequently Asked Questions

The table below provides answers to commonly asked questions about
the CCSE NGX R71 exam:
Question

Answer

What are the Check Point recommendations and prerequisites?

You must pass the CCSA R71 exam, before taking

the CCSE R71 exam. Check Point recommends you
have at least 6 months to 1 year of experience with
the products, before attempting to take the CCSE
R70 exam. In addition, you should also have basic
networking knowledge, knowledge of Windows
Server and/or UNIX, and experience with TCP/IP
and the Internet.
Check Point also recommends you take the Check
Point Security Administrator R70 / R71 class from a
Check Point Authorized Training Center (ATC). We
recommend you take this class before taking the
CCSE R71 exam. To locate an ATC, see:
www.checkpoint.com/services/education/
certification/ngx_atc.html

How do I register?

Check Point exams are offered through Pearson

VUE, a third-party testing vendor with more than
3,500 testing centers worldwide.
Pearson VUE offers a variety of registration options.
Register via the Web or visit a specific test center.
Registrations at a testing center may be made in
advance or on the day you wish to test, subject to
availability. For same-day testing, contact the testing
center directly.
Locate a testing center from the VUE Pearson Web
site:
www.pearsonvue.com

What is the exam structure?

The exams are composed of multiple-choice

and scenario questions. There is no partial
credit for incorrectly marked questions.

Check Point Security Expert R70 / R71 Study Guide

Preface: The Check Point Certified Security Expert Exam

Question
How long is the exam?
Do I get extra time, if I am not
a native English speaker?

Frequently Asked Questions

Answer

The following countries are given 120 minutes

to complete the exam. All other regions get 150
minutes:
Australia
Bermuda
Canada
Japan
New Zealand
Ireland
South Africa
UK
US

For more exam and course information, see:

http://www.checkpoint.com/services/education/

Check Point Security Expert R70 / R71 Study Guide

Chapter
Management Portal

The Check Point Management Portal Software Blade allows the extension of
browser-based management access to outside groups, such as technical support
staff or auditors, while still maintaining centralized administrative control of policy
enforcement. Management Portal users can view security policies, check on the status of all Check Point products, and administrator activity, manage firewall logs,
and edit, create and modify internal users.
Objectives:
Configure Administrative access to the Security Management server from
an offsite machine to facilitate remote management of corporate Security
Gateways.

Chapter 1: Management Portal

Check Point Management Portal Topics

Check Point Management Portal Topics

The following table outlines the topics covered in the Management
Portal chapter of the Check Point Security Expert R70 / R71 Course. This
table is intended as a supplement to knowledge you have gained from
the Security Expert R70 / R71 Courseware handbook, and is not meant
to be a sole means of study.
Topic

Key Element

Web Based Administration

Page
Number
p. 03

Deploying the Management Portal Dedicated Server

p. 03

Deploying the Management Portal Security Management Server

p. 04

Management Portal Commands and

Configurations

p. 04

Client Side Requirements

p. 05

Table 1-1: Management Portal Topics

Check Point Security Expert R70 / R71 Study Guide

Check Point Management Portal Topics

Chapter 1: Management Portal

Topic

Key Element

Lab 1: Environment Setup

Page
Number
L-p. 1

Build the Management Server

L-p. 2

Build Gateways

L-p. 7

Install and Configure NTP

L-p. 11

Establishing SIC

L-p. 12

Lab 2:Management Portal

L-p. 15
Configure Management Portal on
Corporate Site

L-p. 16

Test Management Portal Access

L-p. 18

Configure Management Portal

Access on Partner Site

L-p. 22

Test Management Portal with Read

Only Access

L-p. 27

Table 1-1: Management Portal Topics

Check Point Security Expert R70 / R71 Study Guide

Chapter 1: Management Portal

Sample CCSE R71 Exam Question

Sample CCSE R71 Exam Question

The Management Portal allows all of the following EXCEPT:
1. View administrator activity.
2. Schedule policy installation.
3. View the status of Check Point products.
4. Manage firewall logs.

Check Point Security Expert R70 / R71 Study Guide

Answer

Chapter 1: Management Portal

Answer
The Management Portal allows all of the following EXCEPT:
1. View administrator activity.
2. Schedule policy installation.
3. View the status of Check Point products.
4. Manage firewall logs.

Check Point Security Expert R70 / R71 Study Guide

Chapter
Smart Workflow

The SmartWorkflow Blade is a security policy change-management solution that

tracks all proposed changes to the Check Point network security environment, and
provides a management review and approval process, before a new policy implementation.
Objectives:
Process a change request based on an organizations existing management
infrastructure.

11

Chapter 2: Smart Workflow

Check Point SmartWorkflow Topics

Check Point SmartWorkflow Topics

The following table outlines the topics covered in the SmartWorkflow
chapter of the Check Point Security Expert R70 R71 Course. This table is
intended as a supplement to knowledge you have gained from the
Security Expert R70 / R71 Courseware handbook, and is not meant to
be a sole means of study.
Topic

Key Element

Change Management

Page
Number
p. 11

The SmartWorkflow Environment

p. 12

Task Flow

p. 12

SmartWorkflow Toolbar

p. 15

The SmartWorkflow Session Management Window

p. 17

SmartWorkflow Session Information

p. 20

Working with SmartWorkflow

p. 21
Assigning Permissions

p. 21

Enabling SmartWorkflow

p. 21

Configuring SmartWorkflow

p. 22

Working with Sessions

p. 23

Comparing Policies

p. 26

Approving Sessions

p. 27

Auditing Changes

p. 28

Table 2-2: SmartWorkflowTopics

12

Check Point Security Expert R70 / R71 Study Guide

Check Point SmartWorkflow Topics

Chapter 2: Smart Workflow

Topic

Key Element

Lab 3: SmartWorkflow

Page
Number
L-p. 29

Create New Administrators

L-p. 30

Configure SmartWorkflow

L-p. 33

Open and Submit a Session for

Approval

L-p. 36

Disapprove the Session and Request

a Modification

L-p. 42

Repair Sessin 1

L-p. 45

Approve the Session and Install

Policy

L-p. 50

Disable SmartWorkflow

L-p. 51

Table 2-2: SmartWorkflowTopics

Check Point Security Expert R70 / R71 Study Guide

13

Chapter 2: Smart Workflow

Sample CCSE R71 Exam Question

Sample CCSE R71 Exam Question

Which of the following can NOT approve a change in a SmartWorkflow
Session?
1. Customer Superusers.
2. Provider-1 Superusers.
3. FireWalll Administrators
4. FireWall Managers.

14

Check Point Security Expert R70 / R71 Study Guide

Answer

Chapter 2: Smart Workflow

Answer
Which of the following can NOT approve a change in a SmartWorkflow
Session?
1. Customer Superusers.
2. Provider-1 Superusers.
3. FireWalll Administrators
4. FireWall Managers.

Check Point Security Expert R70 / R71 Study Guide

15

Chapter
SmartProvisioning

The Check Point SmartProvisioning software blade enables you to manage and
maintain thousands of gateways from a single Security Management server or Provider- 1 CMA, with features to define, manage, and provision large-scale deployments of Check Point gateways.
Objectives:
Determine and implement the appropriate Provisioning deployment
scenario based on corporate requirements.
Modify different properties on remote Gateways (i.e., DNS, Networking)
per corporate requirements.

17

Chapter 3: SmartProvisioning

Check Point SmartProvisioning Topics

Check Point SmartProvisioning Topics

The following table outlines the topics covered in the
SmartProvisioning chapter of the Check Point Security Expert R70 / R71
Course. This table is intended as a supplement to knowledge you have
gained from the Security Expert R70 / R71 Courseware handbook, and
is not meant to be a sole means of study.
Topic

Key Element

SmartProvisioning Overview

Page
Number
p. 33

SmartProvisioning Management

p. 33

Enabling SmartProvisioning

p. 34

SmartProvisioning Console

p. 36
Tree Pane

p. 36

Workspace Pane

p. 36

Status View

p. 37

SmartProvisioning Wizard

p. 39

SmartProvisioning Profiles

p. 40
UTM-1 Edge-Only SmartProvision- p. 41
ing

Gateway Management

p. 44
Adding Gateways to SmartProvisioning

p. 44

Gateway Edit Windows

p. 45

Real-Time Gateway
Actions

p. 45
Remotely Controlled Gateways

Editing Gateway Properties

p. 45
p. 47

Table 3-3: SmartProvisioning Topics

18

Check Point Security Expert R70 / R71 Study Guide

Check Point SmartProvisioning Topics

Chapter 3: SmartProvisioning

Topic

Key Element
Executing Commands

Managing SmartLSM Security Gateways

Page
Number
p. 47
p. 48

Applying Dynamic Object Values

p. 48

Getting Updated Security Policy

p. 49

Changing Assigned SmartLSM

Security Profile

p. 50

Tracking

p. 51

Log Servers

p. 52

Configuring SmartLSM Gateway

Topology

p. 53

Managing Security Gateways

p. 55
Scheduling Backups

p. 55

Configuring Hosts

p. 56

Configuring the Domain

p. 57

Configuring Host Name

p. 57

Configuring Routing

p. 58

Managing Software

p. 58

The package Repository

p. 59

Distributing Packages

p. 59

Security Gateway Actions

p. 60

Applying Changes

p. 62

Maintenance Mode

p. 63

UTM-1 Edge Portal

p. 64
UTM-1 Edge Ports

p. 64

Table 3-3: SmartProvisioning Topics

Check Point Security Expert R70 / R71 Study Guide

19

Chapter 3: SmartProvisioning

Check Point SmartProvisioning Topics

Topic

Key Element
Provisional Settings

Understanding Dynamic
Objects

Page
Number
p. 65
p. 68

Benefits of Dynamic Objects

p. 68

Dynamic Object Types

p. 68

Dynamic Object Values

p. 69

Command Line

p. 70

Table 3-3: SmartProvisioning Topics

20

Check Point Security Expert R70 / R71 Study Guide

Check Point SmartProvisioning Topics

Chapter 3: SmartProvisioning

Topic

Key Element

Lab 4: SmartProvisioning

Page
Number
L-p. 53

Enable SmartProvisioning

L-p. 54

Create New Profile

L-p. 63

Assign Profile to Gateways

L-p. 66

Push Policy to Gateways

L-p. 68

Verify Profile Changes

L-p. 69

Table 3-3: SmartProvisioning Topics

Check Point Security Expert R70 / R71 Study Guide

21

Sample CCSE R71 Exam Question

Chapter 3: SmartProvisioning

Sample CCSE R71 Exam Question

Which version is the minimum requirement for SmartProvisioning??
1. R70.2
2. R65-HFA 40
3. R70
4. R71

Check Point Security Expert R70 / R71 Study Guide

22

Answer

Chapter 3: SmartProvisioning

Answer
Which version is the minimum requirement for SmartProvisioning??
1. R70.2
2. R65-HFA 40
3. R70
4. R71

Check Point Security Expert R70 / R71 Study Guide

23

Chapter
SSL Portal-Based VPN

Check Point SSL VPN Software Blade is a comprehensive remote access solution
that allows mobile and remote workers to connect easily and securely from any location, with any Internet device to critical resources. This software blade option integrates easily into your existing Check Point gateway, enabling more secure and
operationally efficient remote access for your endpoint users. The data transmitted
by remote access is decrypted and then filtered and inspected in real-time by Check
Points gateway security services such as anti-virus, intrusion prevention and Web
security. The SSL VPN Software Blade also includes secure methods for authentication, and the ability to check the security posture of the remote device.
Objectives:
Configure applications for SSL VPN remote access based on corporate
and user requirements.

25

Chapter 4: SSL Portal-Based VPN

Check Point SSL Portal-Based VPN Topics

Check Point SSL Portal-Based VPN Topics

The following table outlines the topics covered in the SSL Portal-Based
VPN chapter of the Check Point Security Expert R70 / R71 Course. This
table is intended as a supplement to knowledge you have gained from
the Security Expert R70 / R71 Courseware handbook, and is not meant
to be a sole means of study.
Topic

Key Element

SSL VPN Software Blade

Overview

Page
Number
p. 75

Key Features

p. 76

Simple Deployment - SSL VPN

p. 77

Deploying SSL VPN - DMZ

p. 78

Cluster Deployment

p. 79

SSL VPN Management

p. 79

SSL Network Extender

p. 80

SSL VPN Security Features

p. 81

Configuration Workflows

p. 83
The SSL VPN Wizard

p. 84

Setting up the SSL VPN Portal

p. 84

User Workflow

p. 84

Managing Access to Applications

p. 84

Protection Levels

p. 86

Introduction to Applications

p. 87
Web Applications

p. 87

File Shares

p. 87

Citrix Services

p. 88

Table 4-4: SmartWorkflowTopics

26

Check Point Security Expert R70 / R71 Study Guide

Check Point SSL Portal-Based VPN Topics

Chapter 4: SSL Portal-Based VPN

Topic

Key Element

Page
Number

Web Mail Services

p. 88

Native Applications

p. 89

Table 4-4: SmartWorkflowTopics

Check Point Security Expert R70 / R71 Study Guide

27

Chapter 4: SSL Portal-Based VPN

Check Point SSL Portal-Based VPN Topics

Topic

Key Element

Lab 5: SSL VPN

Page
Number
L-p. 71

Install SSL VPN

L-p. 72

Manditory Hotfix for R71 SSL

VPN Software Blade

L-p. 73

Enable SSL VPN in SmartDashboardl

L-p. 73

Create a File-Share Application in

SSL VPN Tab

L-p. 73

Create an Internal User

L-p. 78

Assign File-Share Access to User

Group

L-p. 81

Verify File-Share Access Through

the User Portal

L-p. 85

Configure Embedded RDP

L-p. 88

Permit Access to Applications

L-p. 93

Configure Global Properties

L-p. 96

Configure Server and Client

L-p. 98

Test RDP Session

L-p. 98

Table 4-4: SmartWorkflowTopics

28

Check Point Security Expert R70 / R71 Study Guide

Sample CCSE R71 Exam Question

Chapter 4: SSL Portal-Based VPN

Sample CCSE R71 Exam Question

Where is the ideal place to deploy your SSL VPN:
1. SSL VPN enabled on the gateway
2. Anywhere
3. Deployed in DMZ
4. In front of the external interface on the gateway

Check Point Security Expert R70 / R71 Study Guide

29

Answer

Chapter 4: SSL Portal-Based VPN

Answer
Where is the ideal place to deploy your SSL VPN:
1. SSL VPN enabled on the gateway
2. Anywhere
3. Deployed in DMZ
4. In front of the external interface on the gateway

Check Point Security Expert R70 / R71 Study Guide

30

Chapter
Acceleration

The Check Point Acceleration and Clustering Software Blade delivers a set of advanced technologies, SecureXL and ClusterXL, that work together to maximize
performance and security in high-performance environments.
Objectives:
Configure and verify that traffic throughput is enhanced using SecureXL
on a SecurePlatform Pro Security Gateway.

31

Chapter 5: Acceleration

Check Point Acceleration Topics

Check Point Acceleration Topics

The following table outlines the topics covered in the Acceleration
chapter of the Check Point Security Expert R70 / R71 Course. This table is
intended as a supplement to knowledge you have gained from the
Security Expert R70 / R71 Courseware handbook, and is not meant to
be a sole means of study.
Topic

Key Element

Check Point Acceleration

and Clustering

Page
Number
p. 95

SecureXL Security Acceleration

p. 95

What SecureXL Does

p. 96

Throughput Acceleration

p. 96

Connection Rate Acceleration

p. 96

Madking the Source Port

p. 97

Application Layer Protocol

p. 98

HTTP 1.1

p. 99

Other Application Layer Protocols

p. 100

UDP Pseudo-Connections

p. 100

Packet Flow

p. 101

SecureXL API

p. 102

VPN Capabilities

p. 103

CoreXL: Multicore Acceleration

p. 105
Supported Platforms and Features

p. 106

Performance Tuning

p. 107

Processing Core Allocation

p. 107

Packet Flows

p. 108

Table 5-5: SecureXL

32

Check Point Security Expert R70 / R71 Study Guide

Check Point Acceleration Topics

Chapter 5: Acceleration

Topic

Key Element

Page
Number

Adding Processing Cores to the

Hardware

p. 108

Allocating an Additional Core to

the SND

p. 109

Allocating a Core for Heavy Logging

p. 109

Table 5-5: SecureXL

Check Point Security Expert R70 / R71 Study Guide

33

Chapter 5: Acceleration

Check Point Acceleration Topics

Topic

Key Element

Lab 6: SecureXL

Page
Number
L-p. 101

Enable and Configure SecureXL on

the Gateway

L-p. 102

Open Connections and Verify

Acceleration

L-p. 104

Table 5-5: SecureXL

34

Check Point Security Expert R70 / R71 Study Guide

Sample CCSE R71 Exam Question

Chapter 5: Acceleration

Sample CCSE R71 Exam Question

What is the maximum number of cores supported by CoreXL?
1. 6
2. 18
3. 04
4. 012

Check Point Security Expert R70 / R71 Study Guide

35

Answer

Chapter 5: Acceleration

Answer
What is the maximum number of cores supported by CoreXL?
1. 6
2. 8
3. 4
4. 12

Check Point Security Expert R70 / R71 Study Guide

36

Chapter
High Availability

Check Point High Availability limits any disruption to network uptime should a security gateway face unforeseen performance issues. High Availability transparently
redistributes workloads to surviving cluster gateways without impacting communication throughout the cluster.
Objectives:
Deploy New Mode HA on a new cluster member.

37

Chapter 6: High Availability

Check Point High Availability Topics

Check Point High Availability Topics

The following table outlines the topics covered in the High
Availability chapter of the Check Point Security Expert R70 / R71 Course.
This table is intended as a supplement to knowledge you have gained
from the Security Expert R70 / R71 Courseware handbook, and is not
meant to be a sole means of study.
Topic

Key Element

Management High Availability

Page
Number
p. 115

The Management High Availability

Environment

p. 116

What Data is Backed Up gy the

Standby Security Servers?

p. 117

Synchronization Modes

p. 117

Synchronization Status

p. 117

Table 6-6: High Availability

38

Check Point Security Expert R70 / R71Study Guide

Check Point High Availability Topics

Chapter 6: High Availability

Topic

Key Element

Lab 7: Deploying New

Mode HA

Page
Number
L-p. 107

Create and Configure a Secondary

Cluster Member

L-p. 109

Cluster and Member IP Addresses

L-p. 110

Reconfigure Routing

L-p. 113

Configure Gateway-Cluster Objects L-p. 114

Configure ClusterXL Properties

L-p. 123

Modify the Rule Base

L-p. 125

Pass Traffic Through Cluster

L-p. 125

Observe Cluster Status in SmartView Monitor

L-p. 126

Test Failover

L-p. 128

Method 1

L-p. 128

Method 2

L-p. 129

Method 3

L-p. 129

Table 6-6: High Availability

Check Point Security Expert R70 / R71 Study Guide

39

Chapter 6: High Availability

Sample CCSE R71 Exam Question

Sample CCSE R71 Exam Question

What could be a reason why synchronization between primary and
secondary Security Management Servers does not occur?
1. You have installed both Security Management Servers on different
server systems (e.g. one machine on HP hardware and the other one
on Dell).
2. You did not activate synchronization within the Global Properties.
3. You are using different time zones.
4. If the set of installed products differ from each other, the Security
Management Servers do not synchronize the database to each other.

40

Check Point Security Expert R70 / R71Study Guide

Answer

Chapter 6: High Availability

Answer
What could be a reason why synchronization between primary and
secondary Security Management Servers does not occur?
1. You have installed both Security Management Servers on different
server systems (e.g. one machine on HP hardware and the other one
on Dell).
2. You did not activate synchronization within the Global Properties.
3. You are using different time zones.
4. If the set of installed products differ from each other, the
Security Management Servers do not synchronize the database
to each other..

Check Point Security Expert R70 / R71 Study Guide

41

Chapter
Clustering

The Check Point Acceleration and Clustering Software Blade delivers a set of advanced technologies, SecureXL and ClusterXL, that work together to maximize
performance and security in high-performance environments.
Objectives:
Learn the standard configurations for ClusterXL
Learn how packets travel through a cluster
Learn the basics of how VRRP works on the IP appliance

43

Chapter 7: Clustering

Check Point Clustering Topics

Check Point Clustering Topics

The following table outlines the topics covered in the Clustering
chapter of the Check Point Security Expert R70 / R71 Course. This table is
intended as a supplement to knowledge you have gained from the
Security Expert R70 / R71 Courseware handbook, and is not meant to
be a sole means of study.
Topic

Key Element

ClusterXL: Smart Load

Balancing

Page
Number
p. 125

Installing ClusterXL

p. 126

Clusteing terms

p. 126

Unicast Load Sharing

p. 128

How Pivot Mode Works

p. 129

How Packets Travel Through a

Custer

p. 130

Cluster Control Protocol

p. 131

Cluster Synchronization

p. 131

Check Point State Synchronization

p. 131

Sticky Connections

p. 133
The Sticky Decision Function

ClusterXL Configuration
Issues

p. 133
p. 134

Modes of ClusterXL Supporting

SecureXL

p. 134

Crossover-Cable Support

p. 134

VRRP Overview

p. 135
How VRRP Works

p. 136

Table 7-7: Clustering

44

Check Point Security Expert R70 / R71 Study Guide

Check Point Clustering Topics

Chapter 7: Clustering

Topic

Key Element

Page
Number

VRRP with Internal and External

VRIDs

p. 137

VRRP with Simultaneous Backup

p. 138

Table 7-7: Clustering

Check Point Security Expert R70 / R71 Study Guide

45

Chapter 7: Clustering

Check Point Clustering Topics

Topic

Key Element

Lab 8: Load Sharing Unicast (Pivot) and Multicast

Modes

Page
Number
L-p. 131

Configure Load Sharing Unicast

Mode

L-p. 132

Test Load Sharing Unicast Mode

L-p. 133

Configure Load Sharing Multicast

Mode

L-p. 137

Test Load Sharing Multicast Mode

L-p. 139

Lab 9: VPN with Sticky

Decision Function

L-p. 141
Configure VPN in a Cluster

L-p. 142

Define the VPN Domain

L-p. 142

Create the VPN Community

L-p. 145

Create the VPN Rule and Modify

the Rule Base

L-p. 147

Test VPN Connection

L-p. 148

View a Packet Capture of FT Connections without Sticky Decision

Function

L-p. 149

View a Packet Capture of FT Con- L-p. 152

nections with Sticky Decision Function

Table 7-7: Clustering

46

Check Point Security Expert R70 / R71 Study Guide

Sample CCSE R71 Exam Question

Chapter 7: Clustering

Sample CCSE R71 Exam Question

By default, a standby Security Management Server is automatically
synchronized by an active Security Management Server, when:.
1. The Security Policy is saved.
2. The Security Policy is installed.
3. The user database is installed.
4. The standby Security Management Server starts for the first time.

Check Point Security Expert R70 / R71 Study Guide

47

Answer

Chapter 7: Clustering

Answer
By default, a standby Security Management Server is automatically
synchronized by an active Security Management Server, when:.
1. The Security Policy is saved.
2. The Security Policy is installed.
3. The user database is installed.
4. The standby Security Management Server starts for the first time.

Check Point Security Expert R70 / R71 Study Guide

48

Chapter
Advanced Networking - Routing

The Check Point Advanced Networking Software Blade makes it easier for administrators to deploy security within complex and highly utilized network environments making this ideal for high-end enterprise and datacenter environments where
performance and availability are critical.
Objectives:
Configure VPN in a clustered environment, and demonstrate VPN
failover.
Configure and test VPN Tunnel Interfaces (VTIs) for a clustered
environment.

49

Chapter 8: Advanced Networking - Routing Check Point Advanced Networking Routing Topics

Check Point Advanced Networking

Routing Topics
The following table outlines the topics covered in the Advanced
Networking - Routing chapter of the Check Point Security Expert R70 /
R71 Course. This table is intended as a supplement to knowledge you
have gained from the Security Expert R70 / R71 Courseware handbook,
and is not meant to be a sole means of study.
Topic

Key Element

Advanced Networking
Blade

Page
Number
p. 143

Check Point Dynamic Routing

The Command Line Interface

p. 145
p. 147

User Execution Mode

p. 147

Privileged Execution Mode

p. 147

Global Configuration Mode

p. 147

Router Configuration Mode

p. 148

Interfaces

p. 149

Kernel Interfaces

p. 149

Martian Addresses

p. 150

Border Gateway Protocol

(BGP)

p. 151
BGP Decision Process

p. 152

Dynamic Capabilities

p. 153

Internet Control Message

Protocol (ICMP)

p. 154

Open Shortest Path First

Protocol

p. 155

Table 8-8: Advanced Networking - Routing

50

Check Point Security Expert R70 / R71 Study Guide

Check Point Advanced Networking Routing TopicsChapter 8: Advanced Networking - Routing

Topic

Key Element

Page
Number

Router Discovery Protocol

p. 157

SNMP Multiplexing
(SMUX)

p. 159

Distance Vector Multicast

Routing Protocol
(DVMRP)

p. 160

Internet Group Management Protocol (IGMP)

p. 161
Protocol Independent Multicast

Access Lists

p. 160
p. 163

AS Paths and AS Path Lists

p. 163

BGP Communities and Community

Lists

p. 165

Prefix Lists and Prefix Trees

p. 165

Route Aggregation and

Generation

p. 166
Route Flap Damping

p. 167

Route Maps

p. 167

Multicast Access Control

p. 168
Multicast Routing Protocols

p. 169

Dynamic Registration Using IGMP

p. 169

IP Multicast Group Addressing

p. 169

Reserved Local Addresses

p. 169

Per-Interface Multicast Restrictions

p. 171

VPN Connections

p. 171

Table 8-8: Advanced Networking - Routing

Check Point Security Expert R70 / R71 Study Guide

51

Chapter 8: Advanced Networking - Routing

Sample CCSE R71 Exam Question

Sample CCSE R71 Exam Question

Which statement is TRUE for route-based VPNs?
1. Route-based VPNs replace domain-based VPNs.
2. IP Pool NAT must be configured on each gateway.
3. Route-based VPNs are a form of partial overlap VPN Domain.
4. Dynamic-routing protocols are not required.

52

Check Point Security Expert R70 / R71 Study Guide

Answer

Chapter 8: Advanced Networking - Routing

Answer
Which statement is TRUE for route-based VPNs?
1. Route-based VPNs replace domain-based VPNs.
2. IP Pool NAT must be configured on each gateway.
3. Route-based VPNs are a form of partial overlap VPN Domain.
4. Dynamic-routing protocols are not required.

Check Point Security Expert R70 / R71 Study Guide

53

Answer

Check Point Security Expert R70 / R71 Study Guide

Chapter 8: Advanced Networking - Routing

54

Chapter
Advanced Networking Load
Balancing

The Check Point Advanced Networking Software Blade provides for flexible server
load balancing. Each connection request is directed to a specific server based on one
of the Advanced Networking Software Blades pre-defined load balancing algorithms.
Objectives:
Configure Load Sharing Unicast (Pivot) and Multicast Mode on a cluster
member.

55

Chapter 9: Advanced Networking Load Balancing Check Point Advanced Networking Load

Check Point Advanced Networking Load

Balancing Topics
The following table outlines the topics covered in the Advanced
Networking - Load Balancing chapter of the Check Point Security Expert
R70 / R71 Course. This table is intended as a supplement to knowledge
you have gained from the Security Expert R70 / R71 Courseware
handbook, and is not meant to be a sole means of study.
Topic

Key Element

Why Load Balancing?

Page
Number
p. 175

ConnectControl

p. 175

Methods of Load-Balancing

p. 176

ConnectControl Packet Flow

p. 177

Logical Server Types

p. 177

Packet Flow in an HTTP Logical

Server

p. 178

Packet Flow in Other Logical

Server Types

p. 179

Persistent Server Mode

p. 181

Server Availability

p. 182

Load Measuring

p. 183

Table 9-9: Advanced Networking - Load Balancing

56

Check Point Security Expert R70 / R71 Study Guide

Sample CCSE R71 Exam Question

Chapter 9: Advanced Networking Load Balancing

Sample CCSE R71 Exam Question

In which ClusterXL Load Sharing mode, does the pivot machne get
chosen automatically by ClusterXL
1. Hot Standby Load Sharing
2. CCP Load Sharing
3. Unicast Load Sharing
4. Multicast Load Sharing

Check Point Security Expert R70 / R71 Study Guide

57

Chapter 9: Advanced Networking Load Balancing

Answer

Answer
In which ClusterXL Load Sharing mode, does the pivot machne get
chosen automatically by ClusterXL
1. Hot Standby Load Sharing
2. CCP Load Sharing
3. Unicast Load Sharing
4. Multicast Load Sharing

58

Check Point Security Expert R70 / R71 Study Guide

Answer

Chapter 9: Advanced Networking Load Balancing

Check Point Security Expert R70 / R71 Study Guide

59

Chapter
Advanced Networking - QoS

10

The Advanced Networking blade lets you to prioritize business-critical traffic such
as ERP, database, and Web services traffic over less time-critical traffic. It also allows you to guarantee bandwidth and control latency for streaming applications
such as Voice over Internet Protocol (VoIP) and video conferencing. In addition,
with highly granular controls, the Advanced Networking blade enables guaranteed
or priority access to specific employeeseven if they are remotely accessing network resources through a VPN tunnel.
Objectives:
Setup and verify the best QoS configuration, using the Advanced
Networking Software Blade, for your corporate environment, and test
and confirm a bandwidth control Policy.

61

Chapter 10: Advanced Networking - QoS

Check Point Advanced Networking QoS Topics

Check Point Advanced Networking QoS

Topics
The following table outlines the topics covered in the Advanced
Networking - QoS chapter of the Check Point Security Expert R70 / R71
Course. This table is intended as a supplement to knowledge you have
gained from the Security Expert R70 / R71 Courseware handbook, and
is not meant to be a sole means of study.
Topic

Key Element

Quality of Service

Page
Number
p. 189

QoS Technology - Stateful Inspection

QoS Architecture

p. 190
p. 192

QoS Gateway

p. 193

QoS Security Management Server

p. 193

QoS SmartConsole

p. 194

QoS Configuration

p. 195

Client/Server Interaction

p. 196

QoS Policy Management

p. 197

Bandwidth Allocation and Rules

p. 199

Default Rule

p. 200

QoS Action Type

p. 200

Example of a Rule Matching VPN

Traffic

p. 201

Bandwidth Allocation and SubRules

p. 202

Implementing the Rule Base

p. 203

Deploying QoS

p. 204

Table 10-10: Advanced Networking - QoS

62

Check Point Security Expert R70 / R71 Study Guide

Check Point Advanced Networking QoS Topics

Topic

Chapter 10: Advanced Networking - QoS

Key Element
Sample Bandwidth Allocations

Page
Number
p. 205

Table 10-10: Advanced Networking - QoS

Check Point Security Expert R70 / R71 Study Guide

63

Chapter 10: Advanced Networking - QoS

Topic

Check Point Advanced Networking QoS Topics

Key Element

Lab 10: Configuring Check

Point QoS Policy

Page
Number
L-p. 155

Enable and Configure Check Point

QoS

L-p. 156

Enable Check Point QoS on Security Gateway

L-p. 156

Configure Check Point QoS Global

Properties

L-p. 157

Configure QoS on the Gateway

L-p. 157

Create Check Point QoS Rules and

Adjust rule Weights

L-p. 159

Add Outbound Rule

L-p. 159

Add Inbound Rule

L-p. 161

Verify and Install Policy

L-p. 163

Test QoS Policy

L-p. 164

Inbound Transfer Rate

L-p. 164

Outbound Transfer Rate

L-p. 165

Table 10-10: Advanced Networking - QoS

64

Check Point Security Expert R70 / R71 Study Guide

Sample CCSE R71 Exam Question

Chapter 10: Advanced Networking - QoS

Sample CCSE R71 Exam Question

Shich Check Point QoS feature is used to dynamically allocat relative
portions of available bandwidth?
1. Guarantees
2. Weighted Fair Queing
3. Low Latency Queuing
4. Differentiated Services

Check Point Security Expert R70 / R71 Study Guide

65

Answer

Chapter 10: Advanced Networking - QoS

Answer
Shich Check Point QoS feature is used to dynamically allocat relative
portions of available bandwidth?
1. Guarantees
2. Weighted Fair Queing
3. Low Latency Queuing
4. Differentiated Services

Check Point Security Expert R70 / R71 Study Guide

66

Chapter
Check Point IPS

11

This chapter presents basic information on Check Points Intrusion Prevention Software Blade, how intrusion prevention systems work, and prevent network attacks
that the intrusion prevention system can detect.
Objectives:
Implement default or customized profiles to designated Gateways in the
corporate network.
Manage profiles by tracking changes to the network, including
performance degradation, and troubleshoot issues with the network
related to specific IPS policy rules.

67

Chapter 11: Check Point IPS

Introduction to the Check Point IPS Topics

Introduction to the Check Point IPS Topics

The following table outlines the topics covered in the Check Point
IPS chapter of the Check Point Security Administrator R70 / R71 Course.
This table is intended as a supplement to knowledge you have gained
from the Security Administrator R70 / R71 Courseware handbook, and
is not meant to be a sole means of study.
Topic

Key Element

IPS Overview

Page
Number
p. 211

New IPS Engine/Architecture

p. 213

Flexible IPS Policy Management

p. 215

IPS Event Manager

p. 216

Configuring and Managing IPS

p. 217
IPS Protection

p. 219

IPS Profiles

p. 220

Assigning Profiles

p. 220

Protection Browser

p. 221
Exporting the Protections List

p. 223

Protection Parameters

p. 223

Activating Protections

p. 226
Automatically Activating Protections

p. 226

Manually Activating Protections

p. 228

Monitoring Traffic

p. 229
Network Exceptions

p. 231

Viewing Packet Information

p. 232

Optimizing IPS

p. 233

Table 11-11: Check Point IPS Topics

68

Check Point Security Administrator R70 / R71 Study Guide

Introduction to the Check Point IPS Topics

Chapter 11: Check Point IPS

Topic

Key Element

Page
Number

Performance Management

p. 234

Bypass Under Load

p. 235

Troubleshooting

p. 236

Tuning Protections

p. 237

IPS Policy Settings

p. 237

Enhancing System Performance

p. 238

Updating Protections - IPS

Subscription

p. 239
Managing IPS Protections

p. 240

Updating IPS Protections

p. 240

IPS Software Blade Contracts (R71) p. 242

Lab 11: Implementing IPS

L-p. 167
Modify the Gateway Properties

L-p. 168

Modify DMZ Server Object

L-p. 169

Configure IPS for Preliminary

Detection

L-p. 172

Create a New IPS Profile

L-p. 173

Assign to Gateway

L-p. 179

Generate an Attack

L-p. 181

Analyze the Attack

L-p. 184

Reconfigure IPS to Block Attacks

L-p. 187

Review Logs

L-p. 190

Table 11-11: Check Point IPS Topics

Check Point Security Administrator R70 / R71Study Guide

69

Chapter 11: Check Point IPS

Sample CCSA R71 Exam Question

Sample CCSA R71 Exam Question

You just upgraded to R71 and are using the IPS Software Blade. You
want to enable all critical protections while keeping the rate of false
positive very low. How can you achieve this?
1. The new IPS system is based on policies and gives you the ability to
activate all checks with critical severity and a high confidence level.
2. This can't be achieved; activating any IPS system always causes a high
rate of false positives.
3. As in SmartDefense, this can be achieved by activating all the critical
checks manually.
4. The new IPS system is based on policies, but it has no ability to
calculate or change the confidence level, so it always has a high rate
of false positives.

70

Check Point Security Administrator R70 / R71 Study Guide

Answer

Chapter 11: Check Point IPS

Answer
You just upgraded to R71 and are using the IPS Software Blade. You
want to enable all critical protections while keeping the rate of false
positive very low. How can you achieve this?
1. The new IPS system is based on policies and gives you the
ability to activate all checks with critical severity and a high
confidence level.
2. This can't be achieved; activating any IPS system always causes a high
rate of false positives.
3. As in SmartDefense, this can be achieved by activating all the critical
checks manually.
4. The new IPS system is based on policies, but it has no ability to
calculate or change the confidence level, so it always has a high rate
of false positives.

Check Point Security Administrator R70 / R71Study Guide

71

Chapter 11: Check Point IPS

72

Answer

Check Point Security Administrator R70 / R71 Study Guide

Chapter
Data Loss Prevention

12

The need to secure our data goes beyond access to network resources. It isnt
enough to permit or deny access into and out of internal networks where confidential company data is located. Research has shown that one of the greatest threats to
data loss is unintentional and from the inside. The Check Point Data Loss Prevention (DLP) Appliances and Software Blade address the need to protect sensitive
data from leaving secure corporate sites.
Objectives:
Configure DLP Data Types in a rule.
Monitor and adjust DLP Policies

73

Chapter 12: Data Loss Prevention

Introduction to the Check Point Data Loss Prevention Topics

Introduction to the Check Point Data Loss

Prevention Topics
The following table outlines the topics covered in the Data Loss
Prevention chapter of the Check Point Security Administrator R70 / R71
Course. This table is intended as a supplement to knowledge you have
gained from the Security Administrator R70 / R71 Courseware
handbook, and is not meant to be a sole means of study.
Topic

Key Element

The Need for Data Loss

Prevention

Page
Number
p. 249

DLP Gateway in a Network

p. 251

What Happens on Rule Match

p. 252

Deployment Options

p. 253

DLP Platforms and Performance

p. 253

DLP User Check

p. 254

Installing, Connecting, Verifying

Clients

p. 255

Data Loss Prevention Portal

p. 255

Data Loss Prevention

Views

p. 257
My Organization

DLP Policies

p. 259
p. 260

The Default Policy

p. 260

DLP Policy vs, Security Policy

p. 261

Data Loss Prevention

Actions

p. 263
Data Types

P. 264

Table 12-12: Check Point IPS Topics

74

Check Point Security Administrator R70 / R71 Study Guide

Introduction to the Check Point Data Loss Prevention Topics

Topic

Chapter 12: Data Loss Prevention

Key Element

Page
Number

Protecting Data by Keyword

p. 265

Dictionary Data Types

p. 266

Protecting Documents by Template

p. 266

Protecting Files

p. 267

Protecting Data by Pattern

p. 267

Protecting Data by CPcode

p. 267

Defining Compound Data

Types

p. 268
Data Type Groups

Lab 12: Data Loss Prevention

p. 269
L-p. 191

Topology Setup

L-p. 192

Configure the DLP Gateway

L-p. 196

Configure the DLP Object in Smart- L-p. 202

Dashboard
Modify the Rule Base

L-p. 209

Test the Default Policy

L-p. 210

Employee Name

L-p. 212

Keyword Search

L-p. 218

Template Exercise

L-p. 231

Table 12-12: Check Point IPS Topics

Check Point Security Administrator R70 / R71Study Guide

75

Chapter 12: Data Loss Prevention

Sample CCSA R71 Exam Question

Sample CCSA R71 Exam Question

Mark the configuratin options that are available for Data Loss
Prevention in R71
1. A Dedicated DLP Gateway running only the DLP Software Blade.
2. The DLP Gateway running only the Firewall Software Blade.
3. The DLP Gateway running only the Management Server on the same
machine.
4. The DLP as an integrated software blade, which can be enabled on a
Check Point Security Gateway running other software blades such as
Firewall, IPS and Management.

76

Check Point Security Administrator R70 / R71 Study Guide

Answer

Chapter 12: Data Loss Prevention

Answer
Mark the configuratin options that are available for Data Loss
Prevention in R71
1. A Dedicated DLP Gateway running only the DLP Software
Blade.
2. The DLP Gateway running only the Firewall Software Blade.
3. The DLP Gateway running only the Management Server on the same
machine.
4. The DLP as an integrated software blade, which can be enabled on a
Check Point Security Gateway running other software blades such as
Firewall, IPS and Management.

Check Point Security Administrator R70 / R71Study Guide

77

Chapter 12: Data Loss Prevention

78

Answer

Check Point Security Administrator R70 / R71 Study Guide