Security Knowledge: Check Point Exam #156-110

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Check Point’s long-standing involvement in information security leaves little doubt as to the company’s knowledge of and experience with the complexity of security issues. According to a November 2004 report by Infonetics, Check Point holds 88 percent of the worldwide VPN/firewall software market share. Check Point thoroughly understands what is required for an organization to protect its assets, while still allowing secure access to customers, partners and suppliers.

Successful security professionals need a strong background in a variety of physical, social and technical skills. These issues and skills are embodied in the Check Point Certified Security Principles Associate (CCSPA) exam.

Check Point began offering certifications in late 1998. The initial focus was on the technical implementation of a software-based firewall and VPN solution. As solutions became more complex and increasingly interwoven with business enterprise needs, customers and candidates requested a more general certification. Check Point’s Education Services team, along with its partners and Authorized Training Centers, reviewed the requirements for a broad, vendor-neutral information security certification. This review led to a set of competencies for 16 knowledge domains. The CCSPA affirms the candidate’s mastery of the concepts melding the organization’s various issues and concerns into a comprehensive enterprise security policy.

CCSPA Requirements and Prerequisites
The CCSPA is a vendor-neutral certification for the Check Point Certified Professional Security series. There are no formal prerequisites for the CCSPA. Candidates are required to pass a single exam, #156-110, offered through Pearson VUE testing centers. Candidates for the CCSPA should have basic knowledge of security issues, risk management, business recovery strategies, the nature of intrusions and attacks, and the fundamentals of cryptography.

The CCSPA exam measures competency and understanding in the following 16 knowledge domains:



  • Information Security Fundamentals: The information security fundamentals component of the CCSPA begins with the Information Security Triad (confidentiality, integrity and availability) and moves on to examine the candidate’s understanding of other common security models, such as the four-way security models, (ISC)2 domains of security and CERT security practices.
  • Designing Security: This component begins with such issues as economy of mechanism, fail-safes and separation of privilege and also covers security life cycles and change control.
  • Risk Management: In this component, the candidate must identify enterprise assets, the threats and vulnerabilities of those assets and establish the cost of loss or destruction. The candidate must then match the loss to the appropriate risk mitigation strategies, countermeasures and safeguards.
  • Security Policies: This component of the CCSPA requires the candidate to identify the types and levels of security policies within the organization. For each type of security policy, the candidate must demonstrate an understanding of guidelines and standards for administration and enforcement.
  • Business Continuity Planning: This component examines the candidate’s understanding of the components required to build a business continuity plan, the risks involved, the strategies for protection and the trade-offs between cost to protect and cost of significant loss.
  • Operational Security: This component tests the candidate’s comprehension of the elements of operational security. The candidate must demonstrate an ability to identify critical information and identifiers, analyze threats and vulnerabilities and apply countermeasures to confound the adversary’s ability to use collected intelligence.
  • Access-Control Models: This component focuses on the candidate’s understanding of the methods to reduce information security risks by limiting access to those who need the information and have been properly authorized.
  • Communicating Security Effectively: This component looks at a frequently overlooked competency—that of communicating security effectively. The candidate must demonstrate an understanding of how to close the human factors gap of ignorance—what is appropriate for training and what isn’t, the cost of training versus not training and the return on investment.
  • Security Architecture: This component examines the candidate’s comprehension of a security architecture and how it should be implemented. This includes hardening the OS, maintaining patches and isolating user populations and servers.
  • Intrusions and Attacks: This component tests the candidate’s understanding of the types of intrusions and attacks, the vulnerabilities they exploit and the methods of detecting them.
  • Cryptography: This component examines the candidate’s understanding of the principles of cryptography and encryption. This module tests the candidate’s understanding of symmetric and asymmetric encryption and common encryption algorithms.
  • Baselining and Penetration Testing: This component measures the candidate’s comprehension of what should be measured when, how to audit benchmarks and test the system’s defense against vulnerabilities.
  • Access-Control Technologies: This component examines the candidate’s understanding and ability to implement user authentication via a variety of models and techniques. These include physical access controls, layered access, firewalls and access management.
  • Small Network Security: The small network security component of the CCSPA tests the candidate’s understanding of the tools and methods for allowing remote-access users into the network, as well as the risks involved. Remote-access users include branch offices and telecommuters.
  • Intranets, Extranets and Virtual Corporations: This component of the exam explores the layered defense principles required to implement private corporate networks and virtual corporations formed over the Internet. This includes the application of encryption and access-control models.
  • Securing the Enterprise: This component of the exam focuses on the candidate’s ability to integrate all issues into a high-level enterprise security policy. This includes administrative controls, business continuity plans, and safeguards and countermeasures. This component also examines the issues of remote access and user management.


The best way to prepare for this exam is to review the Check Point training materials provided in “Principles of Network Security.” The CCSPA exam usually has between 95 and 110 questions. Observed time trials during development show that an English-speaking candidate who is comfortable with the content can complete the exam in 35 to 45 minutes. Non-English-speaking candidates usually complete the exam within 55 to 65 minutes.

The CCSPA certification demonstrates to employers that a candidate understands the enterprise’s information security issues and is capable of developing security strategies to face those issues in today’s threat environment. Certified candidates have the ability to implement and enforce the organization’s security policies and provide essential services to the workforce and customers. The candidate will do this without materially impeding the flow of essential communications among suppliers, customers and partners.

Ken Finley is a senior analyst for Check Point’s Education Services, responsible for the certification job models and exam performance metrics. He can be reached at


Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|