Clarify a few CCSE Plus test questions.

[EdinburghKev]

I am studying for the CCSE Plus at the moment and I have moved on from the Check Point document bundle for R60 to some practice questions I got from a friend. I wanted to review a couple of the questions with you to see what you think the answer should be as it is not immediately clear from the text.

1. What is NOT true when using MEP encryption technologies?
a. Gateways must use the same FW-1 build level
b. Gateways must use the same management module
c. You must use a distributed installation if VPN-1/FW-1
d. Gateways must run identical policies

I believe the answer is C but I cannot see anything about this in chapter 12 of the CheckPoint_NGX_VPN_Guide.pdf.

2. In a SEP HA environment not using load sharing, the external interfaces of each cluster must have the same IP address. True or False?

I believe this to be false as in my experience they must use a virtual IP address.

3. FW-1 does not support multi level proper subset encryption domains. True or False?

I am not sure here and will have to read more about this. Any comments?

4. Which parameter would you use on the "fw dbexport" command in order to specify that the exported users are to be added under the "o=Acme Corp, c=US" branch?
a. -s "o=Acme Corp, c=US"
b. -a "o=Acme Corp, c=US"
c. -k "o=Acme Corp, c=US"
d. -b "o=Acme Corp, c=US"

I cannot find an answer to this anywhere.

5. Which debug option will gather information about the input/output control messages, such as loading of FW-1 or kernal to daemon communications?
a. kbuf
b. ioctl
c. misc
d. driver

From what I have read on https://secureknowledge.checkpoint.com/ I believe the answer is b but I am not 100% sure.

Thanks for your comments on the above questions.

[northlandboy]

Without really looking these up properly, I would think:

1/ D

2/ Slightly oddly worded question - I agree with your answer

3/ I think True, but not sure.

4/ A. Read the CLI guide.

5/ Probably B. ioctl is I/O control, afterall. Check the Advanced Technical Reference for more info here.

[EdinburghKev]

I will check out the CLI reference to better understand the LDAP question and thanks for confirming the rest of the answers. I am taking the Management III NGX training in 8 weeks so hopefully I will touch on these subjects during the training week.

[northlandboy]

CCSE+ is a pretty easy certification I thought. Or maybe not easy, but I found it the most interesting.

You're lucky going on the course - by all accounts it is a good course. I managed to cadge the notes off a colleague, then studied them for a week before sitting the exam. If you've got the notes, they'll cover pretty much all you need to know for the exam. Don't worry too much about trying to find sample questions though, there won't be many out there.

If you can't get the course notes, the ATRG used to be a good reference for the exam. Can be a bit too much detail though. I haven't seen an NGX version of the ATRG yet though (hint hint Check Point, are you listening?)

[EdinburghKev]

Thanks Northlandboy, after reading the NGX CLI notes I see the answer for the question below is A.

4. Which parameter would you use on the "fw dbexport" command in order to specify that the exported users are to be added under the "o=Acme Corp, c=US" branch?
a. -s "o=Acme Corp, c=US"
b. -a "o=Acme Corp, c=US"
c. -k "o=Acme Corp, c=US"
d. -b "o=Acme Corp, c=US"

The notes say -s will specify the branch under which the users will be added.

-a specifies the attributes to export and -k specifies the groups IKE shared secret. No reference to -b.

[Mkabia]

Hello,
Thanks very much for your input. I am studying very hard for the 156-515 exams. I have looked at books on VPN on NGX on Amazon.com but I don't think the material presented in those books might be sufficient for me to pass.

I called Checkpoint for them to recommend a book for me to study from so that I could be able to take and pass the exams. They recommended one which I am waiting for my boss to buy.

Is it possible for you to email me your course notes? Or is there any other way you can help me to better prepare for this exams?

Please let me know and thanks in advance.

Milton
mkabia@gci.net

Quote:

Originally Posted by northlandboy

CCSE+ is a pretty easy certification I thought. Or maybe not easy, but I found it the most interesting.

You're lucky going on the course - by all accounts it is a good course. I managed to cadge the notes off a colleague, then studied them for a week before sitting the exam. If you've got the notes, they'll cover pretty much all you need to know for the exam. Don't worry too much about trying to find sample questions though, there won't be many out there.

If you can't get the course notes, the ATRG used to be a good reference for the exam. Can be a bit too much detail though. I haven't seen an NGX version of the ATRG yet though (hint hint Check Point, are you listening?)

[rizzledizzle]

Send me an Email. I will get you the NGX ATRG.

dc

[jarek1976]

I'v passed it on 13-th Feb. There were a lot of question about debug commands lik for exemple:
1.which command do you use to purge and crete ike.elg and vpnd.elg file??
I thing right answer is wpn debug trunc
2. Is the *def files could be modyfied if yes where do you should to do this??
I thin anwer is yes on the Smart Center Server
3. About monitoring traffic in fw monitor - learn command line
4. Learn about fw ctl debug
5. What fw lalogs commad is for??
6.Learn about log files which log files is temporary??

[dantro]

May I ask how many questions you had to answer? I'm taking my CSSE+ exam on February 23, 2007.
I'm training with these documents only:

CheckPoint_R62_CLI_UserGuide.pdf
Command Line Interface NGX (R62) / August 2006

ATRG_NGX.pdf
Advanced Technical Reference Guide NGX (R60) / May 11, 2006

[dantro]

Passed it today. The CCSE+ exam is the hardest one that I saw yet. You should have a few years of practical experience plus the right docs to read and study. The ATRG helped me preparing and understanding a few things. The whole exam is all about troubleshooting and debugging.

[adrian]

How have you obtained a copy of the ATRG_NGX.pdf file? It's not available on Check Point site...

[lkinhoe]

Yes agreed, i found that the ATRG_NGX.pdf is not in checkpoint website, can you please show me the documentation of ATRG_NGX.pdf?

[david]

Quote:

Originally Posted by lkinhoe

Yes agreed, i found that the ATRG_NGX.pdf is not in checkpoint website, can you please show me the documentation of ATRG_NGX.pdf?

yes it is, search securekb for sk31221