Passed CCSA & CCSE this week

astinius1 · #1 (**permalink**) 2006-05-14

Big thanks to Barry Stiefel, I just completed The CCSA/CCSE bootcamp that he has developed and it is above and beyond any other Check Point training I have ever attended.

My suggestions for the exams:

1. Nothing substitues for hands on experience, get the 15 day eval and throw everything at it.

2. for the CCSE - Know VOIP and QOS inside and out.

3. Take Barry's Dual Certification Bootcamp, everything you ever wanted to know and many things you never though you would need to know, without the class, passing the new NGX 1.1 exams would have been nearly impossible.

Good Luck!

Russ Aspinwall

goldy · #2 (**permalink**) 2006-05-15

can you exapnd on what was covered on the CCSE test as i will be taking it in the near future. i have the sybex book and boson tests.

Thanks

astinius1 · #3 (**permalink**) 2006-05-16

Boson tests covered too much material that is not on the exams (both CCSA and CCSE), it's a decent tool, but don't count on them.

Read the Syngress NGX book from cover to cover, it doesn't cover everything, so don't just count on it either.

Read these Check Point PDFs, these are your best resouce:
CheckPoint_NGX_SmartCenter_User_Guide.pdf
Firewall_and_SmartDefense.pdf
CheckPoint_NGX_VPN_Guide.pdf
NGX_R60_Route_Based_VPN_Deployments.pdf
CheckPoint_NGX_Upgrade_Guide.pdf
CheckPoint_NGX_ClusterXL_User_Guide.pdf
CheckPoint_NGX_QoS_User_Guide.pdf
CheckPoint_NGX_VPN-1_Pro_VoIP_Capabilities.pdf (not enough info in this one)

Here is a brief overview on the CCSE:

1. Concentrate on VOIP, specifically SIP and H.323 protocols and how they are configured in a VOIP domain. You will also need what each uses for handoffs. Make sure you know how SIP, H.323. SCCP and MGCP differ and what they each support. In my opinion, The official Check Point PDFs and the Syngress NGX book do not cover the material well enough, I used the official
NGX courseware in addition to these to get a well rounded view of VOIP. I recieved 10-12 questions per test on VOIP.

2. Know QOS, make sure you are comfotable with weights, limits and guarantees and know how they interact with each other, I recieved quite a few questions on how limits and guarantees (including per connection based ones) affected each other and subrules. I recieved 7-10 questions per test on QOS.

3. VPNs, many questions on the test, know the different community topologies (star and meshed),how to set them up and determine which ones are best for different scenarios. There were questions on overlapping VPN domains and route based VPNs (only 1 or 2), so be prepared for those. Also, make sure you know what command line tools to use to check the status of and make changes to VPNs. Understand how to convert a site from shared secret based VPNs to certificate based VPNs. I recieved 15 - 20 questions on VPNs per test, quite a few of them were situational questions.

4. SmartDefense and Web Inteligence, not a lot of questions on these, just know how Smartdefense applies to the other technologies that are in the test (VOIP, VPN, etc...)

5. Licensing and upgrading, Know how centeral licensing works and how to apply them in different upgrade scanarios (NG AI > NGX). Know the order in which to upgrade your Smartcenter and firewall form NG AI to NGX. Know how to use SmartUpdate. I had 7 -10 questions on these.

6. Content security, know CIFS, I had 3 questions on this alone! None of the resources covered CIFS well so, know what CIFS can allow and prevent and where to apply the config. FTP security, I had 3 questions on PUT and GET and how to allow or deny them. This was one of my weakest areas, so I don't have a lot on it.

7. High Availability and Clustering, In my opinion this was area was the most difficult on the exam, make sure you know how Managment High availability works inside and out. Make sure you study clustering in depth and understand what HA and clustering does in a failover state, including what the command line tools report for failover, how it looks and how to interperate them. I had 12 - 15 questions on the exam in regards to HA and failover and most of them were situational questions and very difficult to boot.

Things that I did not see much of or at all on either test were:
Remote access, only 1 or 2 questions total on both tests. Mostly dealing with the interaction with internal networks.
Eventia, I did not get any, they other guy that took the test got 1.
SmartLSM, 0 questions
SmartPortal, 0 questions
VPN-1 Edge, 0 questions

I probably left out some details, but my brain is still jello from the week of training and studying for them. forgive any spelling or grammer issues for the same reason :)

Good Luck,

Russ

goldy · #4 (**permalink**) 2006-05-16

Thanks a lot, that was very helpful. now i am scared of the exam HAHAHAHA.

leogoesrj · #5 (**permalink**) 2006-08-23

Man i will try the CCSE NGX 156-315.1 soon, i got 81% at CCSA NGX today!

karia · #6 (**permalink**) 2006-08-23

hi
thank u Mr astinius1.Great sharing of information about ccse ngx

with regards
karia

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode