CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: CCSA R71 Practice Exam Question

  1. #1
    Join Date
    2009-02-11
    Location
    FL
    Posts
    44
    Rep Power
    0

    Default CCSA R71 Practice Exam Question

    .
    Last edited by securitynewbie; 2011-03-22 at 08:23.

  2. #2
    Join Date
    2005-08-11
    Location
    San Francisco, CA
    Posts
    1,395
    Rep Power
    17

    Default Re: CCSA R71 Practice Exam Question

    Quote Originally Posted by securitynewbie View Post
    Here is a question from Checkpoint's practice exam I downloaded from their website.


    R71's INSPECT Engine inserts itself into the kernel between which two layers of the OSI model?

    Presentation and App

    Data and Net

    Physical and Data

    Session and Transport

    According to the exam the correct answer is Presentation and Application layer. Is this correct? I thought that the INSPECT engine resided between the Data and Network layers? From my understanding when packet reaches the NIC, it's intercepted by the INSPECT engine before it gets to the network layer. Am I missing something here?
    It's always between layer 2 and 3, Data and Net. This is the only place it can go because this is where the OS (at the bottom of layer 3) binds with the NIC driver (the top of layer 2). Upon installation, Firewall-1 unbinds these two, inserts itself in the middle, and then rebinds to both Data and Net.

    As for which answer will be scored "correct" on the actual exam, I don't know. It could either be the "right" answer, or this incorrect "Check Point" answer. Apparently the same Quality Assurance people who weren't hired to look at the code also weren't hired to look at the exam questions. Sigh.
    Barry J. Stiefel ("Stee-ful" or "Shtee-ful")
    B.S., MBA, CCSA/CCSE/CCSE+/CCSI
    Resilience RCSE/RCSI, Fortinet FCSE
    CISSP, MCSE, NSA ISM
    Founder of CPUG
    Founder of CPUG University

  3. #3
    Join Date
    2009-02-11
    Location
    FL
    Posts
    44
    Rep Power
    0

    Default Re: CCSA R71 Practice Exam Question

    Barry, thanks for the clarification and quick response!

  4. #4
    Join Date
    2011-02-15
    Posts
    9
    Rep Power
    0

    Default Re: CCSA R71 Practice Exam Question

    I think part of the confusion is that Check Point defines the INSPECT Engine differently from the Inspection Module.

    INSPECT Engine:

    Check Pointís INSPECT Engine is the mechanism used for extracting
    the state-related information from all application layers, and maintains
    this information in these dynamic state tables needed for evaluating
    subsequent connections.

    Inspection Module:

    Packets pass through the NIC, to the Inspection Module, and up through the network stack.
    Some packets are destined for an operating systemís local processes. In
    this case, the Inspection Module inspects the packets and passes them
    through the TCP/IP stack.

    http://www.checkpoint.com/services/e...s/ccsa-r70.pdf

Similar Threads

  1. CCSE R70 Practice Exam wrong answers
    By bogucki.michal@gmail.com in forum General Exam Topics
    Replies: 3
    Last Post: 2010-12-15, 11:42
  2. CCSA Practice Exam Question - SIC question
    By mcarey in forum CCSA R70 Exam 156-215.70 (No Longer Offered)
    Replies: 6
    Last Post: 2010-12-12, 18:15
  3. More Best Practice, different question
    By boldin in forum IPS Blade (Formerly SmartDefense)
    Replies: 3
    Last Post: 2009-10-26, 15:51
  4. [ Req Help ] CCSA 156.216.1 EXam Question Doubts .. Plz Clear
    By damiendevlon in forum General Exam Topics
    Replies: 0
    Last Post: 2008-09-15, 00:52
  5. Question about Checkpoint CCSA 156-215.1 exam
    By ItalianEngineer in forum CCSA NGX Exam 156-215.1 (No Longer Offered)
    Replies: 3
    Last Post: 2006-10-18, 05:32

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •