CCSA R80 QUESTIONS AND ANSWERS
VPN Terms - CORRECT ANSWER✅✅✅- VPN Community - A named collection of VPN domains, each
protected by a VPN gateway
- VPN Trust Entities - Certificate Authorities such as the Checkpoint Internal Certificate Authority (ICA)
used for creating SIC trusted connections and generating internal certificates
- VPN Domain - A group of computers and networks connected to a VPN tunnel by one VPN gateway
that handles encryption and protects VPN members
SIC Encryption Standard - CORRECT ANSWER✅✅✅AES128 above R71. R71 or below use 3DES
SecureXL Traffic Flow Modes - CORRECT ANSWER✅✅✅- Slow Path - Packets and connections are
inspected by the firewall and are not processed by SecureXL
- Medium Path - Packets that require deeper inspection cannot use the accelerated path. Firewall
offloads these packets. For example IPS inspected packets are offloaded to the IPS PSL (Passive
Streaming Library). SecureXL processes these packets more quickly than the slow path
- Accelerated Path - Packets and connections offloaded to SecureXL and not processed by the firewall
User Directory - CORRECT ANSWER✅✅✅Used to obtain ID and security information about network
users
AppWiki - CORRECT ANSWER✅✅✅enables application scanning and detection of more than 5000
distinct application and more than 300000 Web 2.0 widgets
Checkpoint Software Blades - CORRECT ANSWER✅✅✅- Mobile Access -- Configure how remote
users access internal resources when mobile
, - DLP - DLP in a SmartConsole - configure advanced tools to automatically identify data that must not go
outside the network
- Geo Policy - Create a policy for traffic to or from specific geopolitical or political locations
- HTTPS Policy - SSL Inspection (Configured in Smart Dashboard)
Trigger a failover of cluster members - CORRECT ANSWER✅✅✅1. Log into Security Gateway CLI and
run clusterXL_admin down
2. SmartView Monitor, right-click security gateway member and select cluster memberstop
Command to uninstall security policy from CLI - CORRECT ANSWER✅✅✅fw unloadlocal
Function of "Publish" - CORRECT ANSWER✅✅✅The publish button makes any changes an
administrator has made in their management session visible to all other administrator sessions and
saves it to the database
ClusterXL Modes - CORRECT ANSWER✅✅✅*** FILL THESE IN ***
a. High Availability (Legacy Mode)
b. Load Sharing Multicast
c. Load Sharing Unicast
d. New High Availability
3 Authentication Methods used for SIC - CORRECT ANSWER✅✅✅Certificates, Standards-Based SSL
for the creation of secure channels and 3DES or AES128
Order of NAT Priorities - CORRECT ANSWER✅✅✅1. Static NAT
2. IP Pool NAT
3. Hide NAT
VPN Terms - CORRECT ANSWER✅✅✅- VPN Community - A named collection of VPN domains, each
protected by a VPN gateway
- VPN Trust Entities - Certificate Authorities such as the Checkpoint Internal Certificate Authority (ICA)
used for creating SIC trusted connections and generating internal certificates
- VPN Domain - A group of computers and networks connected to a VPN tunnel by one VPN gateway
that handles encryption and protects VPN members
SIC Encryption Standard - CORRECT ANSWER✅✅✅AES128 above R71. R71 or below use 3DES
SecureXL Traffic Flow Modes - CORRECT ANSWER✅✅✅- Slow Path - Packets and connections are
inspected by the firewall and are not processed by SecureXL
- Medium Path - Packets that require deeper inspection cannot use the accelerated path. Firewall
offloads these packets. For example IPS inspected packets are offloaded to the IPS PSL (Passive
Streaming Library). SecureXL processes these packets more quickly than the slow path
- Accelerated Path - Packets and connections offloaded to SecureXL and not processed by the firewall
User Directory - CORRECT ANSWER✅✅✅Used to obtain ID and security information about network
users
AppWiki - CORRECT ANSWER✅✅✅enables application scanning and detection of more than 5000
distinct application and more than 300000 Web 2.0 widgets
Checkpoint Software Blades - CORRECT ANSWER✅✅✅- Mobile Access -- Configure how remote
users access internal resources when mobile
, - DLP - DLP in a SmartConsole - configure advanced tools to automatically identify data that must not go
outside the network
- Geo Policy - Create a policy for traffic to or from specific geopolitical or political locations
- HTTPS Policy - SSL Inspection (Configured in Smart Dashboard)
Trigger a failover of cluster members - CORRECT ANSWER✅✅✅1. Log into Security Gateway CLI and
run clusterXL_admin down
2. SmartView Monitor, right-click security gateway member and select cluster memberstop
Command to uninstall security policy from CLI - CORRECT ANSWER✅✅✅fw unloadlocal
Function of "Publish" - CORRECT ANSWER✅✅✅The publish button makes any changes an
administrator has made in their management session visible to all other administrator sessions and
saves it to the database
ClusterXL Modes - CORRECT ANSWER✅✅✅*** FILL THESE IN ***
a. High Availability (Legacy Mode)
b. Load Sharing Multicast
c. Load Sharing Unicast
d. New High Availability
3 Authentication Methods used for SIC - CORRECT ANSWER✅✅✅Certificates, Standards-Based SSL
for the creation of secure channels and 3DES or AES128
Order of NAT Priorities - CORRECT ANSWER✅✅✅1. Static NAT
2. IP Pool NAT
3. Hide NAT
