Security Expert
(CCSE R81.2)
This course is recommended for Security Experts and other technical professionals with prior training and/or practical experience with Check Point Management Servers and Security Gateways that run on the Gaia operating system.
Learn How To
- Use the management API to modify the Security Environment.
- Deploy a Secondary Security Management Server and Distributed Log Server.
- Use advanced techniques to configure dynamic objects, verify accelerated policy installation, and elevate security with HTTPS Inspection.
- Deploy Site-to-Site, Remote Access, and Mobile Access VPN solutions.
- Use SecureXL, CoreXL, Multi-Queue, and HyperFlow to optimize traffic flow through the Security Gateway.
Prerequisites
Before taking this course, the following prerequisites are strongly encouraged:
- Knowledge Base:
- Working knowledge of :
- Unix-like and/or Windows operating systems
- Networking Fundamentals
- Networking Security
- CP/IP Networking
- Working knowledge of :
- Check Point Training Certification:
- Check Point Certified Security Administrator (CCSA)
How You Will Benefit
- Implement Check Point Management High Availability to ensure environment stability and integrity.
- Use advanced techniques to manage user access, customize Threat Protection, and configure Remote Access solutions.
- Use tuning techniques to optimize the best Security Gateway performance.
Exam
- Exam #156-315.81.20
Objectives
- Identify basic interfaces used to manage the Check Point environment.
- Identify the types of technologies that Check Point supports for automation.
- Explain the purpose of the Check Management High Availability (HA) deployment.
- Identify the workflow followed to deploy a Primary and solution Secondary servers.
- Explain the basic concepts of Clustering and ClusterXL, including protocols, synchronization, connection stickyness.
- Identify how to exclude services from synchronizing or delaying synchronization.
- Explain the policy installation flow.
- Explain the purpose of dynamic objects, updatable objects, and network feeds.
- Understand how to manage user access for internal and external users.
- Describe the Identity Awareness components and configurations.
- Describe different Check Point Threat Prevention solutions.
- Articulate how the Intrusion Prevention System is configured.
- Obtain knowledge about Check Point’s IoT Protect.
- Explain the purpose of Domain-based VPNs.
- Describe situations where externally managed certificate authentication is used.
- Describe how client security can be provided by Remote Access.
- Discuss the Mobile Access Software Blade.
- Explain how to determine if the configuration is compliant with the best practices.
- Define performance tuning solutions and basic configuration workflow.
- Identify supported upgrade and migration methods and procedures for Security Management Servers and dedicated Log and SmartEvent Servers.
- •Identify supported upgrade methods and procedures for Security Gateways.
Exercises
- Navigating the Environment and Using the Management API
- Deploying Secondary Security Management Server
- Configuring a Dedicated Log Server
- Deploying SmartEvent
- Configuring a High Availability Security Gateway Cluster
- Working with ClusterXL
- Configuring Dynamic and Updateable Objects
- Verifying Accelerated Policy Installation and Monitoring Status
- Elevating Security with HTTPS Inspection
- Deploying Identity Awareness
- Customizing Threat Prevention
- Configuring a Site-to-Site VPN with an Interoperable Device
- Deploying Remote Access VPN
- Configuring Mobile Access VPN
- Monitoring Policy Compliance
- Reporting SmartEvent Statistics
- Tuning Security Gateway Performance
