Firewall Question Dump

Mrcorp.net

July 2002

 

I did not write these questions, nor do I have an answer guide.  You must research these on your own.  If you do not know one of these questions, it would be in your best interest to get some Checkpoint study materials and learn all you can about this question.  These questions were taken from a mailing list of Checkpoint users who took the CCSA and CCSE or are preparing to take one of the tests.

 

1.     What's the default UDP timeout for Outbound hide mode NAT
Connections:

a.     30 seconds

b.     60 seconds

c.     330 seconds

d.     600 seconds

e.       3600 seconds

 

2.     What's the default UDP timeout for Outbound static source mode NAT
Connections:

a.     30 seconds

b.     60 seconds

c.     330 seconds

d.     600 seconds

e.       3600 seconds

 

3.     How do you change the default extended tcp time out:

a.     fwd_tcp_defaultext?W 0x<num>

b.     fwd_tcp_defaultextend?W 0x<num>

c.     fwx_tcp_extdefaultextend?W 0x<num>

d.      fwd_tcp_defaultext?W 0x<num>

 

4.     The user composes a mail message and sends it through the firewalled gateway SMTP client to the  original server. Assuming all necessary actions have been performed and the message has been transferred to the spool directory, what action does the mail dequeuer perform next?

a.     The mail dequeuer examines the spool directory for the messages

b.     The mail dequeuer takes the R files and sends them, or processes them into E files

c.     The mail dequeuer opens a second connectionto the final SMTP Server

d.     The mail dequeuer, after opening a connection to the mail server, opens a connection to the CVP Server if needed

e.       The mail dequeuer receives the files back from CVP Server and completes the sending of the message to final SMTP Server

 

5.     "When you disable a rule, the rule is not disabled until you verify
the Security Policy"

a.     True

b.      False

 

6.     TCP and UDP timeout, what is the command line syntax for this?

a.     FW tcp_exptimeout #%

b.     FW tcp_extendtimeout #%

c.       FW udp_expandtimeout #%

 

7.     You are setting up a VPN, and must select an encryption method. Your data is
extremely business sensitive and you want maximum security for your data communications. Which encryption scheme would you select?

a.     Tunneling Mode

b.     In-place

c.     FWZ-1

d.     Triple DES

e.       Hybrid_IKE

 

8.     vpn-1/firewall-1 uses ___________ to retrieve the interface name, ip and network mask when an administrator clicks the GET button in the interfaces tab of a workstation network object.

a.       Ioctl

b.     control connection

c.     snmp

d.      udp

e.       uri

 

9.      How to increase hidden timeout value for TCP? (by Command line)

 

10.  How to increase hidden timeout value for UDP? (by command line)

 

Links to Checkpoint study resources:

 

http://www.corefacts.co.uk/ccsaexam1.htm
http://www.remainsecure.com/ccsa.htm
http://www.certguide.com/checkpoint.htm
http://www.certifyexpress.com/checkpoint/ccsa/ccsa-cramnotes.pdf
http://cramsession.brainbuzz.com/cramsession/checkpoint/ccsa/

http://www.checkpointcert.com/