I finally passed CCSA. It was'nt that hard especeially since this was my second try. I don't know if that's always the case but I got the same exam twice so it was really easy for me even though I didn't score as high as I should. I next goal is CCSE and then SOLARIS. Before I took the exam I asked people on the forum for help just like everyone else does, but no one ever replies. I'm sure someone's gonna ask me for help about what they should study to pass the exam. Because I know what's it's like being in their shoes and because I would like to be helped if I was them I'll try my best to help them out and I hope it's not considered as cheating.If we're on this forum I think we should be trying to help each other out in any way that we can and don't be stingy. I posted below some questions that someone had posted before. Those same exact questions were on the exam both times, every single on of them so try to find the answers for them because I'm not sure if my answers were correct.I try to see what else I could remember was on the exam.

#You are a FW administrator with a management station
managing 3 different firewalls.The system status
display of one of the FW shows a computer icon with
"!" in the status column.Which of the following is the
most likely cause?
a)The "destination" object has been defined as
external
b)The rule base is unable to resolve the IP address
c)The firewall has been halted
d)The firewall is unprotected , no security policy is
loaded
----
#The SecuRemote kernel is installed between the ---- &
----
a)TCP/IP protocol stack and Hardware card
b)Network and Hardware card
c)TCP/IP protocol stack and NIC driver
a)TCP/IP protocol stack and Network
----
#What command is used to extend the interval of the
timeout in a NAT table to prevent a hidden TCP
connection from losing its port?
a) fwd_tcp_todefaultext?w 0x<num>
b) fwx_tcp_expiration?w 0x<num>
c) fwx_tcp_todefaultextend?w 0x<num>
d)c) fwx_tcp_timeout?w 0x<num>
e) fwx_tcp_expdefaultextend?w 0x<num>
---
#Fully automatic Client authentication provides
authentication for TCP and UDP protocols whether
supported by those protocols or not.
TRUE/FALSE
---
# When a management server fetches SNMP & other
management information from a firewall, is the packet
encrypted?
a) is it always
b)only if encryption is purchased
c)only if the manager is in the firewalls encryption
domain
d)only if control map is set to FWA1
e)only if "Encrypt Firewall control connection" is
checked in the global properties section
----
#You are a FW administrator with a management station
managing 2 different firewalls.One of the firewalls
does not show up in the dialog box when attempting to
install a security policy.Which of the following is
the most likely cause?
a) No Masters file was created
b)The license of multiple firewalls has expired
c)The firewall not rebooted
d)The firewall not listed in the "Install on" column
of the rule
e)The firewall listed as external in the workstations
properties dialog box
---
#You have setup Static NAT to allow internet traffic
to an internal webserver.You notice that any HTTP
attempts to that machine are being dropped in the log
due to rule0.Which of the following is the most likely
cause?
a)Spoofing on the internal interface is set to "this
Net"
b)Spoofing on the external interface is set to
"Others"
c)you do not have a rule that above HTTP access to the
internal webservers
d)you do not have a rule that above HTTP access to any
destination
----
#Your company has requested that you provide external
internet users access to an interal webserver that has
unreserved/illegal IP address .You have a valid IP
address to publish that has been given to you by your
ISP.You also control the router between the external
interface of the FW and the internet.Select the
responses below that includes correct actions
necessary to implement static NAT.
1)Publish an arp entry on the external interface of
the firewall for the valid IP address.
2)Publish an arp entry on the internal webserver for
the valid IP address.
3)Place the static route on the firewall from the
valid IP address to the internal webserver.
4)Place the static route on the router from the valid
IP adress to the firewall external IP address.

what are the 2 correct answers?? and why not 2&3??
---
# Assume that you are working in WinNT OS .What is the
default expiration time for a Hide NAT connection not
showing any UDP activity?
Time in seconds please!!
---
#Which NAT mode is necessary if you want to start an
HTTP session to a server on a illegal IP address?
[HERE "Hide " ALSO WORKS, BUT WHY NOT "Static source"
?]

Report this post to a moderator

Way to go!!

__________________
Peace Out
-=PotatoHead=-
A+, CNA, MCP, MCSA, Net+

Report this post to a moderator

Congrats....

Very kind of you to share some info with us.

This Forum does not seem to have developed as well as some of the others due to the fact that Checkpoint Certs are kind of new compared to some of the others.

It still is a shame that folks come around here and add little value. Anyway I'm not one to talk since I really haven't added anything but am determined to do so after I pass the Exam.

Thanks again...

Krugar

Report this post to a moderator

sweet that you passed. best of luck on the following one's

Report this post to a moderator