CheckPoint Interview Questions and Answers

Searching for a CheckPoint Firewall job? ACTE interview questions will be useful for all the Job-Seekers, Professionals, Trainers, etc. CheckPoint has designed a Unified Security Architecture that is implemented all through its security products. This combined security architecture allows all Check Point products to be maintained and monitored from a single administrative console, and supply a reliable level of security. There are no. of CheckPoint Firewall jobs in the market for various positions like Network Security Engineer, Network Security Administrator, System Engineer, Network Security Specialist, Security Analyst, System Administrator, IT Analyst, Technical Specialist etc. please refer our interview questions with answers in CheckPoint Firewall job interview questions and answers page to help job seekers to land the best job.

1.What is Asymmetric Encryption.

Ans:

In Asymmetric Encryption there are two different keys used for encrypt and decrypt to packet. Means that one key is used for Encrypt packet, and the second key is used for decrypt packet. Same key cannot encrypt and decrypt.

2.How Checkpoint Components communicate and Sync with each other?

Ans:

Secure Internal Communications (SIC) is the Check Point feature that ensures components, such as Security Gateways, SmartCenter Server, SmartConsole, etc. can communicate with each other freely and securely using a simple communication initialization process.

3.Checkpoint Packet flow for SNAT and DNAT?

Ans:

• In case of SNAT
• • Anti Spoofing
  • Session lookup
  • Policy lookup
  • Routing
  • Netting
• In case of DNAT
• • Anti Spoofing
  • Session lookup
  • Policy lookup
  • Netting
  • Routing

4.What is Anti-Spoofing?

Ans:

Anti-Spoofing is the feature of Checkpoint Firewall. which is protected from attackers who generate IP Packet with Fake or Spoof source address. It determines whether traffic is legitimate or not. If traffic is not legitimate then firewall blocks that traffic on the interface of the firewall.

5.What is the Stealth Rule in checkpoint firewalls?

Ans:

Stealth Rule Protect Checkpoint firewall from direct access to any traffic. Its rule should be placed on the top of the Security rule base. In this rule the administrator denied all traffic to access the checkpoint firewall.

6.What is the Clean up rule In Checkpoint Firewall?

Ans:

Clean up rule place at last of the security rule base, It is used to drop all traffic which does not match with above rule and Logged. Clean up rule mainly created for log purpose. In this rule the administrator denied all the traffic and enabled log.

7.What are the functions of CPD, FWM, and FWD processes?

Ans:

• CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as Secure Internal Communication (SIC), Licensing and status report.
• FWM – The FWM process is responsible for the execution of the database activities of the SmartCenter server. It is; therefore responsible for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.
• FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security Servers and communication with OPSEC applications.

8.What are the two types of Check Point NG licenses?

Ans:

1. 1.Central License
2. 2.Local Licenses

Central licenses are the new licensing model for NG and are bound to the SmartCenter server. Local licenses are the legacy licensing model and are bound to the enforcement module.

9.What are the major differences between SPLAT and GAIA?

Ans:

Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here are some benefits of Gaia as compared to SPLAT/IPSO.

1. 1.Web-Based user interface with Search Navigation
2. 2.Full Software Blade support
3. 3.High connection capacity
4. 4.Role-Based administrative Access
5. 5.Intelligent Software updates
6. 6.Native IPv4 and IPv6 Support
7. 7.ClusterXL or VRRP Clusters
8. 8.Manageable Dynamic Routing Suite
9. 9.Full Compatibility with IPSO and SecurePlatform.

10.What is Checkpoint Architecture?

Ans:

Check Point has developed a Unified Security Architecture that is implemented throughout all of its security products. This Unified Security Architecture enables all Check Point products to be managed and monitored from a single administrative console and provides a consistent level of security.

The Check Point Unified Security Architecture is comprised of four main components:

1. 1.Core Technologies: Check Point uses a common set of core technologies, such as INSPECT for security inspection, across multiple layers of security.
2. 2.Central Management: All Check Point products can be managed and monitored from a single administrative console.
3. 3.Open Architecture: Check Point has built its security architecture to be open and interoperable in a heterogeneous environment. For example, Check Point products can interoperate with other network and security equipment from third-party vendors to enable cooperative enforcement of Security Policies.
4. 4.Universal-update Ability: Check Point has consolidated multiple security-alert and update functions to ease update procedures and help Administrators ensure that security is always up-to-date.

11.What is the 3 tier architecture component of Checkpoint Firewall?

Ans:

• Smart Console.
• Security Management.
• Security Gateway.

12.What is NAT?

Ans:

NAT stands for Network Address Translation. It is used to map private IP addresses with Public IP Address and Public IP address map with Private IP Address. Mainly it is used for Provide Security to the Internal Network and Servers from the Internet. NAT is also used to connect the Internet with Private IP Address. Because Private IP can’t route on the Internet.

13.What is Source NAT?

Ans:

Source NAT used to initiate traffic from internal network to external network. In source NAT only source IP will be translated in public IP address.

14.What is IPSec?

Ans:

IP Sec (IP Security) is a set of protocol. which is responsible for making secure communication between two host machines, or a network over a public network such as the Internet. IPSec Protocol provides Confidentiality, Integrity, Authenticity and Anti Replay protection.

There is two IPSec protocol which provides security

1. 1.ESP (Encapsulation Security Payload) and
2. 2.AH (Authentication Header).

15.What are the protocols of IPSec? And what are the Protocol numbers of IPSec Protocols?

Ans:

IPSec uses two Protocols AH (Authentication Header) and ESP (Encapsulated Security Payload). AH works on Protocol number 51 and ESP works on Protocol number 50.

16.What is VPN (Virtual Private Network)

Ans:

VPN (Virtual Private Network) is used to create a secure connection between two private networks over the Internet. It uses Encryption authentication to secure data during transmission. There are two type of VPN

• Site to Site VPN.
• Remote Access VPN.

17.What is the Difference between ESP and AH IPSec Protocol?

Ans:

• ESP – ESP Protocol is a part of IPsec suite , It provides Confidentiality, Integrity and Authenticity. It’s used in two modes: Transport mode and Tunnel mode.
• AH – It is also part of an IPsec suit, It provides only Authentication and Integrity, Its does not provide Encryption. It’s also used for two modes: Transport mode and Tunnel mode.

18.What is Explicit rule In Checkpoint Firewall?

Ans:

It’s a rule in ruse base which is manually created by network security administrators called Explicit rule.

19.What is Hide NAT?

Ans:

Hide NAT used to translate multiple private IP or Network with single public IP address. Means many to one translation. It can only be used in source NAT translation. Hide NAT cannot be used in Destination NAT.

20.What is Destination NAT.

Ans:

When requested to translate Destination IP address for connection with Internal Private network from Public IP address. Only static NAT can be used in Destination NAT.

21.Difference between Automatic NAT and Manual NAT.

Ans:

Automatic NAT	Manual NAT
Automatic created by Firewall	Manually Created by Network Security Administrator
Cannot modify	Can be Modify
Cannot create “No NAT” rule	Can be Create “No NAT” rule
Can not create Dual NAT	Can be Create Dual NAT
Port forwarding not possible	Port forwarding possible
Proxy ARP by default enabled	Proxy ARP by default not enable

22.What is the difference between standalone deployment distributed deployment? 

Ans:

Standalone deployment:

In standalone deployment, Security Gateway and Security management server installed on same Machine.

Distributed deployment:

In Distributed deployment, Security Gateway and Security Management Server installed on different machines.

23.What is SIC?

Ans:

SIC – SIC stands for “Secure Internal Communication”. It’s a checkpoint firewall feature that is used to make secure communication between Checkpoint firewall components. It is used when Security Gateway and Security management server installed in Distributed deployment. Its Authentication and Encryption for secure communication.

24.How does SIC work? What are the different ports of SIC?

Ans:

Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between gateways, management servers and other CheckPoint components. SIC is required to install polices on gateways and to send logs between gateways and management servers.

These security measures make sure of the safety of SIC:

1. 1.Certificates for authentication
2. 2.Standards-based SSL for the creation of the secure channel
3. 3.3DES for encryption

25.Define The Internal Certificate Authority (ICA)

Ans:

The ICA is created during the Security Management server installation process. The ICA is responsible for issuing certificates for authentication. For example, ICA issues certificates such as SIC certificates for authentication purposes to administrators and VPN certificates to users and gateways.

26.Explain Initializing the Trust Establishment Process

Ans:

Communication Initialization establishes a trust between the Security Management server and the CheckPoint gateways. This trust lets CheckPoint components communicate securely. Trust can only be established when the gateways and the server have SIC certificates.

For SIC to succeed, the clocks of the gateways and servers must be synchronized.

The Internal Certificate Authority (ICA) is created when the Security Management server is installed. The ICA issues and delivers a certificate to the Security Management server.

To initialize SIC:

1. 1.Decide on an alphanumeric Activation Key.
2. 2.In SmartDashboard, open the gateway network object. In the General Properties page of the gateway, click Communication to initialize the SIC procedure.
3. 3.In the Communication window of the object, enter the Activation Key that you created in step 2.
4. 4.Click Initialize.

The ICA signs and issues a certificate to the gateway. Trust state is Initialized but not trusted. The certificate is issued for the gateway, but not yet delivered.

SSL negotiation takes place. The two communicating peers are authenticated with their Activation Key.

The certificate is downloaded securely and stored on the gateway.

After successful Initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate, signed by the same ICA. The Activation Key is deleted. The SIC process no longer requires the Activation Key, only the SIC certificates.

27.What are the various Checkpoint SIC ports?

Ans:

Checkpoint SIC Ports

PORT	TYPE	SERVICE DESCRIPTION
18209	tcp	NGX Gateways <> ICAs (status, issue, or revoke)
18210	tcp	Pulls Certificates from an ICA
18211	tcp	Used by the cpd daemon (on the gateway) to receive Certificates

28.IPSec works at which OSI layer?

Ans:

IP Layer (Network Layer and provide security services Network Layer and above).

29.What is the Packet Flow of Checkpoint firewall?

Ans:

1. 1.SAM Database.
2. 2.Address Spoofing.
3. 3.Session Lookup.
4. 4.Policy Lookup.
5. 5.Destination NAT.
6. 6.Route Lookup.
7. 7.Source NAT.
8. 8.Layer 7 Inspection.
9. 9.VPN.
10. 10.Routing.

30.What Advantage of NAT.

Ans:

• Save Public IP to save cost.
• Security with hide Internal Network.
• Avoid Routing.
• Publish Server over Internet.
• Overlapping Network.
• Access Internet from Private IP address.

31.What is a Smart Dashboard?

Ans:

It’s a smart console. It’s used to Configure Rule, Policy object, Create NAT Policy, Configure VPN and Cluster.

32.Which Applications In Check Point Technology Can Be Used To Configure Security Objects?

Ans:

SmartDashboard

33.What’s the Table Checkpoints?

Ans:

Table Checkpoint is nothing but which checks the information with in a table.

34.Where you can view the results of the checkpoint?

Ans:

we can view the results of the checkpoints in the Test Result Window.

35.What’s the Standard Checkpoint?

Ans:

property value of an object in your application or web page is checked by standard checkpoint.

36.Which environment is supported by Standard Checkpoint?

Ans:

All add-in environments are supported by Standard Checkpoint.

37.What’s the Bitmap Checkpoint?

Ans:

In checkpoint Bitmap checks the bitmap images in your web page or application.

38.Which environments are supported by Image Checkpoint?

Ans:

Image Checkpoints are supported only in the Web environment.

39.Which environments are supported by Table Checkpoint?

Ans:

Table Checkpoints are supported only in the ActiveX environment.

40.What is a firewall?

Ans:

Firewalls control the traffic between the internal and external networks and are the core of a strong network security policy.

41.What are Check Point Software Blades?

Ans:

Check Point Software Blades are a set of security features that makes sure that the Security Gateway or Security Management Server gives the correct functionality and performance.

42.What is Check Point Firewall?

Ans:

The Check Point Firewall is part of the Software Blade architecture that supplies “next-generation” firewall features, including:

• VPN and mobile device connectivity
• Identity and computer awareness
• Internet access and filtering
• Application control
• Intrusion and threat prevention
• Data Loss Prevention

43.What are the primary components of the Check Point solution?

Ans:

These are the primary components of a Check Point solution:

• Security Gateway – The engine that enforces the organization’s security policy, is an entry point to the LAN, and is managed by the Security Management Server.
• Security Management Server – The application that manages, stores, and distributes the security policy to Security Gateways.
• SmartDashboard – A Check Point client used to create and manage the security policy.

44.What is a dual stack network?

Ans:

A dual stack network is a network in which all of the nodes are both IPv4 and IPv6 enabled.

45.Does Check Point support dual stack network?

Ans:

Yes, Check Point support a dual stack network that uses IPv4 and IPv6 addresses.

46.Can you explain about Access Control and the Rule Base in firewalls?

Ans:

A primary goal of a firewall is to control access and traffic to and from the internal and external networks. The Firewall lets system administrators securely control access to computers, clients, servers and applications. The Firewall Rule Base defines the quality of the access control and network performance. Rules that are designed correctly make sure that a network:

• Only allows authorized connections and prevents vulnerabilities in a network
• Gives authorized users access to the correct internal networks
• Optimizes network performance and efficiently inspects connections
• CheckPoint Interview Questions – Creating Firewall Security Policy

47.What is the use of Firewall Rule Base?

Ans:

The firewall is the core of a well-defined network security policy. The goal of the Check Point Firewall Rule Base is to create rules that only allow the specified connections.

48.How do you manage the Firewall Rule Base?

Ans:

Use SmartDashboard to easily create and configure Firewall rules for a strong security policy.

49.What are Explicit and Implied Rules in Rule Base?

Ans:

These are the types of rules in the Rule Base:

Explicit rules –

Rules that you create to configure which connections the Firewall allows

Implied rules –

Rules that are based on settings in the Global Properties menu

50.What is the Order of Rule Enforcement in Rule Base?

Ans:

The Firewall inspects connections and enforces the Rule Base in a sequential manner. The Firewall inspects each connection that comes to the network and compares the data (source, destination, service, etc.) to the first rule. If the connection matches the rule, the Firewall applies the action of that rule. If the connection does not match the rule, the Firewall continues with the next rule in the Rule Base.

51.What are the Basic Access Control Rules for all Rule Bases?

Ans:

These are basic access control rules we recommend for all Rule Bases:

• Stealth rule that prevents direct access to the Security Gateway.
• Cleanup rule that drops all traffic that is not allowed by the earlier rules.
• There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.

52.How do you define Security Zones?

Ans:

Networks use different security zones to protect very important resources and to defend against malware. Create rules that allow only the applicable traffic in and out of a security zone. Make sure that there are different rules in the Firewall Rule Base that define traffic to and from the security zones.

53.What are the key elements in Security Zones?

Ans:

These are the key elements that define security zones:

• External network – Insecure data, such as the Internet
• Internal network – Company data that is only used by trusted and authenticated users
• Perimeter – The border between the internal and external networks.
• DMZ – Company servers that can be accessed from insecure sources, such as the Internet

54.What is Perimeter?

Ans:

The Firewall on the perimeter of the network is responsible for all the incoming and outgoing traffic.

55.What kind of connections are allowed by a firewall on the perimeter?

Ans:

These are some of the connections that are usually allowed by a Firewall on the perimeter:

• Outgoing connections to the Internet
• Connections to the DNS server
• Specified external connections
• Connections to servers in the DMZ
• Connections from the internal network to the internal network
• VPN connections

56.What is DMZ (Demilitarized Zone)?

Ans:

Servers that are accessed by the Internet are usually located in a DMZ (demilitarized zone). The DMZ makes sure that these servers cannot connect to the internal network. Make sure that the Rule Base contains rules for DMZ traffic. For example, these are rules for a web server in the DMZ:

• A rule that allows HTTP and HTTPs traffic to the DMZ network object
• A rule that allows traffic from the internal network group object to any destination (the destination includes the DMZ)

57.How do you prevent IP Spoofing?

Ans:

Attackers use IP spoofing to make the IP address of a packet appear to be from a trusted source. This can bypass the Firewall to introduce malicious content and actions (malware and bot downloads, DoS attacks, unauthorized access, and so on) to your network.

Anti-Spoofing detects if a packet with an IP address that is, according to the topology, behind one interface, actually arrives from a different interface. For example, if a packet from an external network has an internal IP address, Anti-Spoofing blocks the packet.

58.How do you configure Anti-Spoofing?

Ans:

Use the Topology page to configure Anti-Spoofing for the external and internal interfaces on the Security Gateway. Configure Anti-Spoofing protection on all the interfaces of the Security Gateway, including internal interfaces.

59.How Security Gateways Translate Traffic?

Ans:

A Security Gateway can use these procedures to translate IP addresses in your network:

Static NAT –

Each internal IP address is translated to a different public IP address. The Firewall can allow external traffic to access internal resources.

Hide NAT –

The Firewall uses port numbers to translate all specified internal IP addresses to a single public IP address and hides the internal IP structure. Connections can only start from internal computers, external computers CANNOT access internal servers. The Firewall can translate up to 50,000 connections at the same time from external computers and servers.

Hide NAT with Port Translation –

Use one IP address and let external users access multiple application servers in a hidden network. The Firewall uses the requested service (or destination port) to send the traffic to the correct server. A typical configuration can use these ports: FTP server (port 21), SMTP server (port 25) and an HTTP server (port 80). It is necessary to create manual NAT rules to use Port Translation.

60.Can you explain about NAT Rule Base?

Ans:

The NAT Rule Base has two sections that specify how the IP addresses are translated:

• Original Packet
• Translated Packet
• Each section in the NAT Rule Base is divided into cells that define the Source, Destination, and Service for the traffic.

61.What are Automatic and Manual NAT Rules?

Ans:

There are two types of NAT rules for network objects:

• Rules that SmartDashboard automatically creates and adds to the NAT Rule Base
• Rules that you manually create and then add to the NAT Rule Base When you create manual NAT rules, it can be necessary to create the translated NAT objects for the rule.

62.When do you use Automatic Rules?

Ans:

You can enable automatic NAT rules for these SmartDashboard objects:

• Security Gateways
• Nodes
• Networks
• Address Ranges

63.Can you explain about Automatic and Proxy ARP?

Ans:

Giving a machine in the internal network an external IP address using NAT makes that machine appear to the Internet to be on the external network, or the Internet side of the firewall. When NAT is configured automatically, the Security Gateway replies on behalf of translated network objects to ARP requests from the Internet router for the address of the internal machine.

64.Why do we use NAT and Anti-Spoofing together?

Ans:

NAT is performed after Anti-Spoofing checks, which are performed only on the source IP address of the packet. This means that spoofing protection is configured on the interfaces of the Security Gateway in the same way as NAT.

65.How do you disable NAT in a VPN Tunnel?

Ans:

When communicating within a VPN, it is normally not necessary to perform NAT. You can disable NAT in a VPN tunnel with a single click in the VPN community object. Disabling NAT in a VPN tunnel by defining a NAT rule slows down the performance of the VPN.

66.What is IP Pool NAT?

Ans:

An IP Pool is a range of IP addresses (an address range, a network or a group of one of these objects) that is routable to the gateway. IP Pool NAT ensures proper routing for encrypted connections for the following two connection scenarios:

• SecuRemote client / SecureClient to MEP (Multiple Entry Point) gateways
• Gateway to MEP gateways

67.How do you reuse IP Pool Addresses For Different Destinations?

Ans:

IP Pool addresses can be reused for different destinations, which makes more efficient use of the addresses in the pool. If a pool contains N addresses, then any number of clients can be assigned an IP from the pool as long as there are no more than N clients per server.

68.What is Check Point Mobile Access Security Gateway?

Ans:

Check Point Mobile Access Software Blade extends the functionality of a Firewall and lets remote users easily and securely use the Internet to connect to internal networks. Remote users start a standard HTTPS request to the Mobile Access Security Gateway. They can then authenticate with multiple options such as: username/password, certificates, or SecurID.

69.What is the difference between Client-Based vs Clientless?

Ans:

Client-based –

Client application installed on endpoint computers and devices. Clients are usually installed on a managed device, such as a company-owned computer. The client supplies access to most types of corporate resources according to the access privileges of the user.

Clientless –

Users connect through a web browser and use HTTPS connections. Clientless solutions usually supply access to web-based corporate resources.

70.What is SSL Network Extender?

Ans:

SSL Network Extender is an on-demand SSL VPN client and is installed on the computer or mobile device from an Internet browser. It supplies secure access to internal network resources.

71.How do you connect to a Citrix Server?

Ans:

The Mobile Access Software Blade integrates the Firewall Citrix clients and services. It is not necessary to use STA (Secure Ticketing Authority) servers in a Mobile Access Security Gateway deployment because Mobile Access uses its own STA engine. You can also use Mobile Access in a deployment with STA and CSG (Citrix Secure Gateway) servers.

The Mobile Access server certificate must use a FQDN (Fully Qualified Domain Name) that is issued to the FQDN of the Mobile Access Security Gateway.

72.How do you configure VPN connections between Security Gateways and remote devices?

Ans:

 The IPsec VPN Software Blade lets the Firewall encrypt and decrypt traffic to and from external networks and clients. Use SmartDashboard to easily configure VPN connections between Security Gateways and remote devices. You can configure Star and Mesh topologies for large-scale VPN networks that include third-party gateways. The VPN tunnel guarantees:

• Authenticity – Uses standard authentication methods
• Privacy – All VPN data is encrypted
• Integrity – Uses industry-standard integrity assurance methods

73.What is IKE and IPsec?

Ans:

The Check Point VPN solution uses these secure VPN protocols to manage encryption keys, and send encrypted packets. IKE (Internet Key Exchange) is a standard key management protocol that is used to create the VPN tunnels. IPsec is protocol that supports secure IP communications that are authenticated and encrypted on private or public networks.

74.What is Domain Based VPN?

Ans:

The VPN traffic is routed according to the VPN domains that are defined in SmartDashboard. Use domain based routing to let satellite Security Gateways send VPN traffic to each other. The center Security Gateway creates VPN tunnels to each satellite and the traffic is routed to the correct VPN domain.

75.What is Route Based VPN?

Ans:

VPN traffic is routed according to the routing settings (static or dynamic) of the Security Gateway operating system. The Security Gateway uses a VTI (VPN Tunnel Interface) to send the VPN traffic as if it were a physical interface. The VTIs of Security Gateways in a VPN community connect and can support dynamic routing protocols.

76.Describe about Granular Routing Control?

Ans:

Granular Routing Control is used to granular control of the VPN traffic in the network. Granular Routing Control feature is used to enable the Security Gateway to:

• Find the best possible route for VPN traffic
• Select the interfaces that are used for VPN traffic to internal and external networks
• Configure the IP addresses that are used for VPN traffic
• Use route probing to select available VPN tunnels
• Use Load Sharing for Link Selection to equally distribute VPN traffic to VPN tunnels

77.What is the use of Identity Awareness Software Blade?

Ans:

The Identity Awareness Software Blade lets you configure the Firewall to enforce access control for individual users and groups. You can use Identity Sources to get information about users and groups to create flexibility and additional security for the Rule Base. Identity Awareness lets you create rules that are for the specified users for these Rule Bases:

• Firewall
• URL Filtering and Application Control
• DLP
• Anti-Bot

78.What is AD Query?

Ans:

The Security Gateway registers to receive security event logs from the AD domain controllers when the security policy is installed. When a user authenticates with AD credentials, these event logs are generated and are sent to the Security Gateway.

The Firewall identifies the user based on the AD security event log. The user sends traffic that matches an Identity Awareness rule in the security policy. The Firewall can enforce the user-based rule on the traffic.

79.How Check Point Firewall can use the URL Filtering and Application Control Software Blades?

Ans:

Use URL Filtering and Application Control to:

• Create a Granular Policy – Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. You can also create an HTTPS policy that enables the Security Gateway to inspect HTTPS traffic to prevent security risks related to the SSL protocol.
• Manage Bandwidth Consumption – Configure the rules to limit the available network bandwidth for specified users or groups. You can make separate limits for uploading and downloading.
• Keep Your Policies Updated – The Application Database is updated regularly and makes sure that your Internet security policy has the newest applications and website categories. The Security Gateway connects to the Check Point Online Web Service to identify new social networking widgets and website categories for URLs.
• Communicate with Users – UserCheck objects add flexibility to URL Filtering and Application Control and let the Security Gateway communicate with users. UserCheck helps users understand that certain websites are against the company’s security policy. It also tells users about the changing Internet policy for websites and applications.
• Create Custom Objects – In addition to the hundreds of default objects, create new objects to manage Internet use for your network. You can create objects for applications, websites, categories and groups. Use these custom objects in rules to meet your organization’s requirements.

80.What is UserCheck?

Ans:

UserCheck works with the URL Filtering and Application Control Software Blades and lets the Security Gateway send messages to users about possible non-compliant or dangerous Internet browsing. Create rules and UserCheck objects in the URL Filtering and Application Control Rule Base to communicate with the users. These actions use UserCheck objects:

• Inform
• Ask
• Block

81.What is the use of Check Point IPS Software Blade

Ans:

Check Point IPS Software Blade analyzes traffic for possible risks, to enhance network security of your organization. The IPS detection engine has multiple defense layers, detects and prevents against known threats, and often protects against future ones.

82.Can you explain about Anti-Bot and Anti-Virus Rule Bases?

Ans:

There is a different Rule Base for Anti-Bot and Anti-Virus. The Anti-Bot and Anti-Virus rules use the Malware database and network objects. Security Gateways that have Identity Awareness enabled can also use Access Role objects as the Protected Scope in a rule. The Access Role objects let you easily make rules for individuals or different groups of users.

The first Anti-Bot or Anti-Virus rule that matches the traffic is applied. There are no implied rules in this Rule Base, all traffic is allowed unless it is explicitly blocked. A rule that is set to the Prevent action, blocks activity and communication for that malware.

83.What is Check Point DLP?

Ans:

The Check Point Data Loss Prevention Software Blade (DLP) lets you use the Firewall to prevent users from sending sensitive data to external networks. DLP helps you implement an automated corporate policy that catches sensitive and protected data before it leaves your organization.

84.What are the features of Data Loss Prevention (DLP)?

Ans:

These are the features that the Data Loss Prevention Software Blade uses:

• UserCheck – Lets users handle data loss incidents with automated user notification and the unique Ask User mode. Each person in your organization learns the best practices to prevent future accidental leaks. These are the majority of DLP incidents and they can be handled quickly with the DLP Self Incident Handling Portal or the UserCheck client.
• MultiSpect – Unmatched accuracy to identify and prevent incidents. DLP uses multi-parameter correlation with different customizable data types and with CPcode.
• Out of the Box Security – A rich set of defined data types recognizes sensitive forms, templates and data. DLP has a good out-of-the-box policy to make sure that the data stays in the internal network.
• Data Owner Auditing – Data Owners are the users in the organization that control the information and files for their own area or department. They get timely automated notifications and reports that show how their data is being moved. Without Data Owner control, system administrators can frequently be placed in an awkward position between managers and employees.
• CPcode – DLP supports fully customized data identification through the use of CPcode. You can define how email data matches DLP policies and rules.

85.What are Check Point Software Acceleration Solutions?

Ans:

These are features that you can enable to increase the performance of the Firewall:

• CoreXL
• SecureXL (Performance Pack)
• These are software based features that are included in the Check Point operating systems.

86.What is CoreXL?

Ans:

In a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated instance runs on one processing core. These instances handle traffic concurrently and each instance is a complete Firewall kernel that inspects traffic. When CoreXL is enabled, all Firewall instances in the Security Gateway process traffic through the same interfaces and apply the same gateway security policy.

87.What is SecureXL?

Ans:

SecureXL is an acceleration solution that maximizes performance of the Firewall and does not compromise security. When SecureXL is enabled on a Security Gateway, some CPU intensive operations are processed by virtualized software instead of the Firewall kernel.

The Firewall can inspect and process connections more efficiently and accelerate throughput and connection rates. These are the SecureXL traffic flows:

• Slow path – Packets and connections that are inspected by the Firewall and are not processed by SecureXL.
• Accelerated path – Packets and connections that are offloaded to SecureXL and are not processed by the Firewall.
• Medium path – Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path.

88.What is the use of SmartEvent Software Blade?

Ans:

The SmartEvent Software Blade is a unified security event management and analysis solution that delivers real-time, graphical threat management information. SmartEvent consolidates and shows all security events that are generated by these Software Blades:

• Firewall
• Identity Awareness, and URL Filtering
• IPS
• Application Control
• Anti-Bot, Threat Emulation, and Anti-Virus

89.What is the use of SmartLog Software Blade?

Ans:

The SmartLog Software Blade is a log management tool that reads logs from all Software Blades on Security Management Servers and Security Gateways. SmartLog works with the SmartLog Index Server that gets log files from different log servers and indexes them. SmartLog supplies these monitoring features:

• Quickly search through billions of logs with simple search strings
• Select from many default search queries to find the applicable logs
• Monitor logs from administrator activity and connections in real-time
• DLP
• Administrators can quickly identify very important security events and do the necessary actions to prevent more attacks.

90.Explain how virtual corporations maintain confidentiality?

Ans:

Encryption

91.Which of the applications in Check Point technology can be used to view who and what the administrator do to the security policy?

Ans:

SmartView Tracker

92.Explain Which of the following is the BEST method for managing users in an enterprise?

Ans:

Place them in a centralized Lightweight Directory Access Protocol.

93.Give an example for simple, physical-access control?

Ans:

Lock

94.Explain how a biometric device performs in measuring metrics, when attempting to authenticate subjects?

Ans:

1. 1. False Rejection Rate
2. 2. Crossover Error Rate
3. 3. False Acceptance Rate.

95.What is a stateful inspection?

Ans:

Stateful inspection was invented by checkpoint, providing accurate and highly efficient traffic inspection. The inspection engine examines every packet as they are intercepted at the network layer. The connection state and context information are stored and updated dynamically in kernel table

96.What is the main purpose for the Security managementserver?

Ans:

Security management server is used for administrative management of the security policy, stores database and objects.

97.What is Fw unload local?

Ans:

Fwunloadlocal is a command used to detach the security policy from the local machine.

98.What is FW Monitor command?

Ans:

FW Monitor is a packet analyzer tool available on every checkpoint security Gateway.

It provides Kernel level inspection and works for Layers 3 and above in OSI model.

There are four inspection points as a packet passes through the kernel (or virtual Machine)

• i —- Before the Virtual machine, in the inbound direction (Pre-Inbound)
• I —- After the virtual machine, in the inbound direction (Post – inbound)
• o —- Before the virtual machine, in the outbound direction (Pre Outbound)
• O — After the virtual machine, in the outbound direction (Post Outbound)

99.What is bi-directional NAT?

Ans:

If Bi-directional NAT is selected, the gateway will check all NAT rules to see if there is a source match in one rule, and a destination match in another rule. The Gateway will use the first matches found, and apply both rules concurrently.