Passed CCSA Exam, but only half the questions were in TK/Actualtest

[Whizzer]

Hey,

Although I'm happy with the CCSA certification (passed with 77%), it's not the main reason why I'm opening this topic. In the exam were 73 questions, from which around 40 were in the most recent ActualTest (147 questions) which I could find here on the board (*click*). The other ones were totally different.

So beware!

Until now I noticed only little differences between Testkings and Actualtests, but that opinion is based on the ones I used for my Cisco exams. So if the testking for ccsa contains much more information than the ActualTests, please ignore the "TK" in this subject!

O, I noticed that several question in de ActualTest mentioned here are the same as the Actualtest for 156-315.1 ver 11-23-06. Uhm??? Is that normal?

[Dinesh]

hi, i failed on 17th, i was looking @ acualtest(147), could u pls give me advice, i need to pass this asap.

ddindev@yahoo.com
thanks

[robori]

This questions which were not on TK/ActualTests, were they difficult ? What subjects did they cover ?



Thank you!

[Whizzer]

Well, I found some of them pretty difficult.

I can't remember manu of them, but there was a very difficult NAT one... Something about all the settings checked in Global Properties, cleared the "translate on client side" and then they asked something about the status of bi-directional NAT and... uhm... uhm... uhm... damn, forgot it..

Also some questions about encryption and not the Actualtests questions... Sorry, can't remember them anymore.

NAT is the most difficult part of the exam. Also several questions about LDAP.

Both of you good luck with your exam!

[mamakos]

I agree with Whizzer. Certain questions were really hard. Especially because of the fact that they were badly put and that the suggested answers did not correspond (or were badly expressed) to the solution which every administrator would have used.

Concerning the NAT, we had something like that:

Q1:
=====
You have three newtorks behind a router : 192.168.10.0/24, 192.168.20.0/24 and 192.168.30.0/24.
This router is connected tu the 192.168.1.0/24 interface of the Firewall.
To access Internet, the 192.168.1.0/24 must use (and is apparently already currently using it) the 200.0.0.3/32 IP which is the external IP of the gateway.
You want to let the 192.168.10.0/24 and 192.168.20.0/24 access the Internet but by using the IP 200.0.0.5/32.
You are also alerted that the "manual NAT on client side" option has been disabled.

I do not remember all the answers. I just remember that the one I would have used did not have the mandatory "proxy arp set up" required because of the cleared "Nat on client side" option.
The answers were pretty odd to me. either had they been written by non expert people or they made mistakes while copying them or even I did not understood their English...


Q2
=====
You have a web server on your Internal Network. You want to let a special network of the internet access it but only for FTP and HTTP.
It is written that
- the administrator has set up a manual NAT rule for this
- the administrator has cleared the following automatic NAT options
* bi directional nat
* NAT on client Side

The question is : will these two settings restrict the access the the web server occordingly to the needs ?

Possible Answers (I do not remember quite well)
A) Yes. Clearing bi directional NAT will assure that no other NAT is matched. The NAT stuff will provide nating only to the client side
B) No. These options only apply to automatic NAT rules
C) Yes. Theses options only apply to automatic NAT rules
D) No plus opter things
E) Yes. But the first option only apply to the automatic NAT Rule. The second will provide translation on the kernel side nearest to the host.

==> So you do not know what the rule base includes. You do not know wether the "settings" word in the question refers to (manual NAT + cleared options or just the two cleared options).


Q3
=====
You have a gateway with :
- internal network 192.168.0.0/24
- DMZ network 172.16.0.0/24
- Internet
- servers on the DMZ with Public IP => accessible from the Internet
- PC on the internal net wanting to access the DMZ servers BUT WITH THEIR PUBLIC IP !

I may forget a couple of things. I do not remember if the DMZ servers were having automatic NAT configured and if the Internal network had a Hide NAT configured to access the Internet.

Again, every administrator knows how to set it up in 3 seconds. But the provided answers did not realy rung me a bell...

Q4
====
LDAP !! When schema has not been exported, which information remains in the Ckeckpoint ?
A) Time settings, Location, Password
B) Location, I do not know what, Time settings
C) Time settings, Password, I do not know what
D) I do not know what, Password, Time settings

The last two answers were the same (except for the provided order among the remaining information suggested).
The "I do not know what" is becaude I can't remember what what suggested although I checked the B answer ;-)

Do not worry, there are still 4 questions where you have to answer SMARTVIEW MONITOR (I wonder why they ask such silly questions as "Mr X installed a new policy and an hour later, users complain about slow network rates. The Internet provider then asks this administrator how much memory his gateway has. => what tool can help him find this information ? ==> smartview monitor)

Conclusion :
- stupid questions
- Incomprehensible questions/answers
- too easy questions
==> this is CCSA... I am relieved since I passed it :)

[Whizzer]

Damn... Mamakos' memory is way better than mine!

I also had these questions in my exam...

[robori]

Mamakos,

Do you also agree that only 40% of the exam questions were on TK/ActualTests ?

Thanks for all your information ! You really have a good memory, hehe! :)


Thank u,
Robori

[mamakos]

Actually, I didn't use the Testking/actualtest stuff. I only had a training course in an official "CheckPoint Center".

Kidding !! The thing out of the 73 questions, maybe 40 to 50 were similar to the ActualTest stuff. This means the questions were the same but sometimes, the suggested answers were different from those presented in the ActualTest. And from time to time, the questions had a couple of word different, thus changing the meaning and the possible answers.

So, if you know CheckPoint well and have had some sample questions, have no fear, you will pass.

I also remember a question about the way to change the password of the admin created at the SmartCenter's installation.

QUESTION
========
How you you reset the password of the admin created at the installation of the SmartCenter server ?
A) On the SmartCenter, use the cpconfig tool the select administrators
B) From the Dashborad (I do not remember the sequel...)
C-D) See TK questions ;)
E) use fwm -a with the admin name then select "reset password" and provide the new password

=> the answer certainly was the fwm -a. Look in the cli command to confirm this is possible. The A) answer had no more precision than what I wrote here. Hence is it incomplete.

[robori]

If 50 questions out of 73 were similar, that means 70% which is already the passing score, hehehe ! :)

I've been working with Checkpoint for just 1 month so I don't know very much, that's why I still get confused with some simple questions.

This one regarding admin password reset has been discussed a lot in this forum and I still don't know the right answer.


Thanks !! : )

[BarryStiefel]

Quote:

Originally Posted by robori

If 50 questions out of 73 were similar, that means 70% which is already the passing score, hehehe ! :)

I've been working with Checkpoint for just 1 month so I don't know very much, that's why I still get confused with some simple questions.

This one regarding admin password reset has been discussed a lot in this forum and I still don't know the right answer.


Thanks !! : )

That's OK, some of us have been talking about it for two years and we still don't know the right answer.

[jvalenzuela]

Hi

I took the CCSA test two days ago with a pair of friends and we all passed the examn. I got 72%, and my friends 85% and 90%

I got about 35 questions from the TK. My friends had better luck than I, one got more tha 45 questions and the other about 60

I think the TK is the better options for this test.

Howevere, studying is another good option :p

Good luck

Jorge

[cyberbastion]

Quote:

Originally Posted by jvalenzuela

Hi

I took the CCSA test two days ago with a pair of friends and we all passed the examn. I got 72%, and my friends 85% and 90%

I got about 35 questions from the TK. My friends had better luck than I, one got more tha 45 questions and the other about 60

I think the TK is the better options for this test.

Howevere, studying is another good option :p

Good luck

Jorge

Hello,
Which TK version did you and your friend used ?
Thanks.

[jvalenzuela]

It was v19

[godspeedcapri]

Can you please upload the ver 19 TK for CCSA NGX to megaupload or rapidshare.com site?

Ta.

Godspeedcapri

[adslklop]

Send me TK V19, please.

adslklop@gmail.com

[rrc8516]

Quote:

Originally Posted by Dinesh

hi, i failed on 17th, i was looking @ acualtest(147), could u pls give me advice, i need to pass this asap.

ddindev@yahoo.com
thanks

if you have the NGX I training materials, it is already enough to pass ccsa. 2wks to 1month preparation/study is recommended.:)

[jvalenzuela]

Material for the NGX I is not enough for the test. There are several question that come from the second book. You better take a look on it.

About the TK, I cannot post it. I don't have the installer. Our company bought it. I'm sorry.


Whizzer: About the question you talk about. Remember: if you uncheck the "Nat on client side" you will need to create a route for the incomming traffic to the internal interface. If not, the traffic will never reach the server.

Ah!, something I remember, Eventia Analyzer is never an answer ^_^

And don't just memorize the answers. Some question on TK are not written as on the real test.

Good Luck

Jorge

[jesprile]

can you please send me testking latest version at


george.lachlan@gmail.com

[godspeedcapri]

Please do not post asking for testking latest version here. The user has mentioned that it is a corporate buy and hence cannot share it.

I am looking for the same at different torrent and under ground site. Will post as soon as i find it.

Cheers,
Godspeedcapri

[Andyl]

I had a bunch of questions some that I still don't know the anwsers for.

These are not exact but you get the idea.


Your install NGX on a new gateway you want it to talk to your smart center server however it won’t. What do you do with the certificates (SIC)

A new VPN user can not log an after 5:00. The user was created with a 5 instead of 24 etc

What type of encryption creates the largest packets. – in-place, tunnel?

What type of provides the best performance. – in-place transport mode, tunnel?

What is the disadvantage of a single server?


You create a database revision and a second you restore to the first now you want to restore the users from the second. How do you do it? Restore the database and select merge users to revised version

You want a customer to get to your system global you clear “translate at client destination” and something else and a static nat. “Allow Bidirectional nat. “

You create a NAT rule and an http server why does it not prompt your users for authentication?

You can’t get to a security gateway you do an fw unload now you can. What did the other administrator do to that gateway.

Ldap contains which settings – password, encryption and time.

Where do you display the logs and alerts you send to dsheild.org

What attack uses IP spoofing, LAND or SMURF

Your disk is set to 45 MB low what do you do with your logs