Test Yourself on Exam #156-210.4: Check Point Software Security Administrator NG, Management I

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Exam #156-210.4 Check Point Certified Security Administrator NG, Management I is the exam required for the most current Check Point Certified Security Administrator NG, Management I (CCSA) certification.


1. As system security administrator, you are responsible for preparing the systems for upgrades. Which critical files and directories should you back up before a system upgrade? Choose three.


A. $FWDIR/conf directory
B. rulebases_5_0.fws
C. objects_5_0.C
D. $CPDIR/temp directory
E. $FWDIR/state directory


2. You are about to deploy VPN-1/FireWall-1 Enforcement Modules. Which of the following statements are true about your preparations? Choose two.


A. There is no need to harden an Enforcement Module’s operating system.
B. Harden the operating system of an Enforcement Module.
C. Operating system service patches are not recommended for Enforcement Modules.
D. Allow Telnet from the Internet to an Enforcement Module, for remote administration.
E. Apply operating system service patches to stay current on security concerns.


3. You are a security administrator for XYZ Corp. You want to license a distributed VPN-1/FireWall-1 configuration with four Enforcement Modules and one SmartCenter Server. Which license type is best for your deployment?


A. Discretionary
B. Remote
C. Central
D. Local
E. Mandatory


4. As network security and firewalls evolve, hackers are shifting their focus to exploiting vulnerabilities in network applications. This places what new demands on today’s firewalls?


A. Firewalls should provide network-level protection, by inspecting packets at all layers of the OSI model.
B. Firewalls should not inspect traffic below the application layer of the OSI model because such inspection is no longer relevant.
C. Firewalls should understand application behavior to protect against application attacks and hazards.
D. Firewalls should provide separate proxy processes for each application accessed through the firewall.
E. Firewalls should be installed on all Web servers, behind organizations’ intranets.


5. At ABC Company, auditors are Check Point Security Administrators with a customized permissions profile. Auditors must have the ability to review information from SmartView Tracker, SmartView Status and SmartView Monitoring, but they may not make changes to the information. Auditors are not permitted to view security policies or the objects database.
Which of the following settings grants auditors the most appropriate set of permissions, based on the corporate environment, as described above for ABC Company?


A. Read-Only SmartView Reporter
B. Read-Only Monitoring
C. Read-Only Security Policy
D. Read-Only SmartUpdate
E. Read-Only Log Consolidator


6. In SmartView Status, what does a status of “Untrusted” tell you?


A. The Enforcement Module is offline.
B. The security administrator has entered the wrong password at SmartView Status login.
C. Secure Internal Communications (SIC) has not been established between the SmartCenter Server and the Enforcement Module.
D. The SmartCenter Server cannot contact a gateway.
E. An Enforcement Module is installed and responding to status checks, but the status is problematic.



1. A, B and C are correct. You should backup this directory regularly, even if you are not performing an upgrade. The $FWDIR/conf directory contains files, such as base.def, that are modified over time. Performing an upgrade without backing these files to a safe location will cause the system to revert to the default settings. Changes to rules and audit information about modifications to the rule book are stored in rulebases_5_0.fws. Updating the install without saving this file results in loss of all the audit and modification data. To protect information about properties that affect VPN-1/FireWall-1 behavior, you must also back up the objects_5_0.C file. This also contains information on such defined objects as network, server, service and time, along with other miscellaneous data.


2. B and E are correct. Core responsibilities of a network security administrator are to keep the operating system current and configured to close the security loopholes inherent in open systems. Any time an administrator upgrades the system on which an Enforcement Module resides, there is a risk a previously closed loophole might be reopened. Because of this, it is always important for the administrator to apply any operating system service patches to stay current on security concerns and ensure the operating system is appropriately hardened.


3. C is correct. A Local license is tied to the IP address of the machine on which the license is applied. It can only be used on that machine. A Central license permits the Enforcement Module license to be tied to the IP address of the SmartCenter Server. This permits one IP address for all licenses, and a license will remain valid even if the IP address of an Enforcement Module should change. The administrator can also remove a license from one Enforcement Module and install it on another. Therefore, to license a distributed VPN-1/FireWall-1 configuration with multiple Enforcement Modules and a single SmartCenter Server, the Central license type is the more appropriate choice for deployment.


4. C is correct. Firewalls have become very proficient at maintaining access control and thus commonly defeat more than 90 percent of network attacks. The new interests to cyber attackers are the known applications vulnerabilities that allow them to exploit the application itself and gain entrance to protected systems past access-control devices that are unable to detect exploits aimed at these services. To meet these types of future threats, firewalls should understand application behavior to protect against application attacks and hazards.


5. B is correct. Under these circumstances, auditors will not be given any “write” privileges. Since, under the stated restrictions, auditors will not be permitted to view security policies or the objects database, the most appropriate option would be a tracking or monitoring function. Given these options, Read-Only Monitoring would be the best solution.


6. C is correct. SmartView Status displays network module hierarchy and status information. The status column can display icons for the following: connected, disconnected, untrusted, unknown, problem, waiting, no response, untrusted, OK, attention. The icon “Untrusted” tells you that Secure Internal Communications (SIC) have failed; the object is connected, but the SmartCenter Server is not in control of the module installed on the object.


Check Point Certified Security Administrator: At-a-Glance


The Check Point Certified Security Administrator (CCSA) certification is a foundation-level credential that tests candidates’ ability to configure and manage implementations of Check Point’s flagship product, FireWall-1, as an enterprise-level Internet security solution to help protect the corporate network. CCSAs have the skills needed to define and configure security policies, enabling secure access to information across corporate networks. In addition, CCSAs are able to monitor network security activity and implement measures to stop intruders from accessing networks.
Exam #156-210.4 is the only requirement for CCSA certification.
For more information on CCSA, visit www.checkpoint.com/services/education/certification/certifications/ccsa.html.
For more information on the objectives for exam #156-210.4, visit

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|