Internal Data

Internal Data
Master Certification Written-Exam Beta

Check Point Certified Master Architect

Computer-Based Certification Exam (156-100)
Things to Know

Introduction:
The following study points are organized by topic and objective. Each of the following is formed as a statement,
allowing you to formulate a reply. Each of these topics might be covered on the exam you take. Items are pooled by
topic and objective, and the exam engine picks random selections from each pool. There are over one million
versions of the exam, and it is unlikely that any two candidates will see all the same items. Based on the randomness
of the selection, you might not be tested on every topic in every objective.

Section 1:
1.

Define organizational risk and security requirements.

1.1. Design/plan a secure enterprise network, based on specific corporate vision statements, initiatives,
strategies, and operational requirements.

List the forms of data communication. What are the risks and security requirements for each? Which Check
Point products address each of these? Be specific.

List the common modes of attack. Which Check Point features address these attacks, and how would you
use those features in a secure enterprise network?

List the protocol layers. How might they support authentication?

List the critical components of a risk analysis. What are the functions of such an analysis? Where are the
greatest threats in any enterprise network? What are the controls that might be recommended as a result of
your risk-analysis activities?

Which IT security standards will impact your definition of risk and security requirements? How do these
impact your design?

How do various types of information and their associated protocols travel through the enterprise network?
At which strategic locations can you implement security safeguards to protect the information and intended
recipients?

Internal Data

1 of 7
Internal Data

Internal Data
Internal Data
Master Certification Written-Exam Beta
1.2. Design a secure enterprise-network compliance plan, based on documented organizational risk and
security requirements.

List how Security Gateways protect enterprise networks, meet security requirements, and mitigate
organizational risks.

List the common third-party attacks, their potential financial impacts, and how Check Point products can
protect against them.

Section 2:
2.

Propose integrated security architectures.

2.1. Create and implement a comprehensive security-architecture update plan, based on a review of existing
network architecture.
NOTE: One of the better ways to prepare for this objective is to review the detailed success stories
provided on the Web: http://www.checkpoint.com/corporate/success/index.html

Describe how various Check Point products fit into an existing architecture. What are the important pieces
for preventing intrusion detection, and how are they integrated?

Given any of the deployment scenarios you study, how do you develop a system of logging that enables
organizations to determine the attacks they are experiencing, evaluate possible strategies for improving
tracking, and evaluate potential resolutions?

Given that each solution in the online case studies is unique, apply one case-study solution to other case
studies. Will the second solution meet the customer requirements of the first? If not, why not?

2.2. Create and implement a disaster-recovery plan and supporting infrastructure to restore networked Security
Gateways, given corporate operational requirements.
NOTE: One of the better ways to prepare for this objective is to review the detailed success stories
provided on the Web: http://www.checkpoint.com/corporate/success/index.html

List the backup and restore requirements for all Check Point products.

List the requirements and protocols for adding any Check Point product into an existing network.

Section 3:
3.

Pilot and evaluate proposed security implementations.

3.1. Design a pilot network-security implementation plan, based on specific corporate security objectives.

Review best practices for dealing with network attacks, implementing secure telecommunications and
overall design objectives.

Review success stories on http://www.checkpoint.com/corporate/success/index.html. How would you

verify design proposals for the following?
o

Traffic restrictions

Penetration tests

Traffic-statistic compilations

Which Check Point tools and products support these tests?

Internal Data

2 of 7
Internal Data

Internal Data
Internal Data
Master Certification Written-Exam Beta
3.2. Test and verify functionality and achievement of stated objectives of a pilot network-security
implementation.

Outline the differences between authorization and authentication. How do these impact a security
implementation?

Which security best practices impact design considerations for implementing a VPN?

When executing a security implementation, under which conditions would it be appropriate to implement
Network Address Translation (NAT)? When would each form of NAT be most appropriate?

Which design trade-offs are required when balancing security with performance? Which security
implementations have the greatest impact on performance?

Which tools can a security architect use to debug pilot implementations?

Section 4:
4.

Install and configure complex security solutions.

4.1. Perform installation and configuration of a complex security solution, integrating multiple devices and
global user populations.

Review the functions of IPSec and SecureXL.

Review the functions of InterSpect, Integrity, Eventia Reporter, Provider-1, VPN-1 VSX, and Connectra.

Section 5:
5.

Create a virtual-security infrastructure for vendors, partners, and customers.

5.1. Design/plan a virtual-security infrastructure for a widely dispersed organization with divergent security
requirements and implementations.

Describe a VLAN implementation. At which level does it communicate? How is VLAN Tagging
accomplished? How are ports managed?

List the capabilities of VPN-1 UTMs intrusion prevention system/intrusion detection system (Web
Intelligence, Application Intelligence, and SmartDefense).

Given a Check Point UTM deployment, how can you use other Check Point products to enhance the
implementation? Which combinations simplify logging, access to network resources, and Internet access?

How do Virtual Systems function within a Check Point solution? What happens when the topology
changes?

5.2. Perform initial installation and configuration of a virtual-security infrastructure for a widely dispersed
organization with divergent security requirements and implementations.

Describe VLAN memberships.

Describe the Check Point Packaging Tools Connect Mode function.

List the definition of the Virtual System commands and their functions.

Outline a variety of VSX configurations. Study the configurations suggested in the detailed success stories
provided on the Web: http://www.checkpoint.com/corporate/success/index.html

Internal Data

3 of 7
Internal Data

Internal Data
Internal Data
Master Certification Written-Exam Beta
5.3. Given a widely dispersed organization with divergent security requirements and implementations, design
and implement a plan that guarantees a secure network communication and minimizes downtime.
NOTE: One of the better ways to prepare for this objective is to review the detailed success stories
provided on the Web: http://www.checkpoint.com/corporate/success/index.html

Describe the process of User Authentication.

Review the Application Intelligence technologies. How does each feature protect/warn against internal and
external attacks? For which attack is each technology focused? For which attack is each feature not
suitable?

Section 6:
6.

Maintain complex security solutions.

6.1. Develop a maintenance plan for a complex security solution involving the integration of multiple devices,
complex VPN and High Availability deployments, and global remote-user and partner populations.

List the Internet protocols. Which protocol provides strong authentication for Web servers? What is the
standard for secure communication for each communication type?

Describe the functions of ClusterXL. What are the advantages? How does a cluster configuration respond
to various Internet demands?

How does Connectra function in a High Availability configuration?

Section 7:
7.

Evaluate existing, complex security-solution effectiveness.

7.1. Create a strategic plan for evaluating security-implementation effectiveness through penetration testing.

What are the strengths/weaknesses of intrusion detection systems and intrusion prevention systems?

What are the security concerns of each of the layers of the ISO/OSI model? Which security solution works
best at each layer?

7.2. Test a specific security implementations effectiveness through penetration testing.

What are the differences between network-level and application-level attacks? Which strategies would you
employ to protect against both types of attacks? Which Check Point product or feature aids in this
protection?

List the possible causes of a Management High Availability configurations synchronization failure.

How do you configure Eventia Analyzer to detect events?

7.3. Analyze logs to discover and plan the recovery of specific compromised systems.

List the various sources of logs within Check Point systems. What are the advantages of each? How does
each support intrusion-detection and intrusion-prevention functions?

If you are using Integrity as an intrusion prevention system, which logs provide the most useful
information, and where are they stored?

What are the components of Eventia Analyzer, and what are their jobs? Which queries can you initiate
within Eventia Analyzer?

List the Automatic Reactions that Eventia can provide when triggered by an event. What is the function of
each? What are the advantages and disadvantages of each?

Internal Data

4 of 7
Internal Data

Internal Data
Internal Data
Master Certification Written-Exam Beta

Section 8:
8.

Manage complex system upgrades.

8.1. Design/plan for managing system upgrades across specific complex network integration, to maintain
optimum network function.

Given complex network integration, what would you monitor to maintain optimum network function?

How does Integrity Client function? Where does it store its policies? Where do you store your
configuration?

Which backups allow you to restore a SmartCenter Server to a new machine with a different IP address?

How do you do a Provider-1 migration? Which files are required, and where are they stored?

Outline a variety of configurations suggested in the detailed success stories provided on the Web:
http://www.checkpoint.com/corporate/success/index.html
What is the best method to install the Eventia Reporter add-on?

Outline a variety of configurations suggested in the detailed success stories provided on the Web:
http://www.checkpoint.com/corporate/success/index.html
What is the best method to leverage a performance pack on a VPN-1 UTM device?

8.2. Analyze and validate results of an implemented upgrade on a specific, complex network integration.

How do you troubleshoot the latest version of Integrity and Integrity Client?

How do you implement and verify the effectiveness of a Hotfix Accumulator (HFA)?

Section 9:
9.

Troubleshoot security problems.

9.1. Given a specific internal or client problem, replicate the issues in a test environment.
NOTE: Troubleshooting is largely a function of knowing how critical processes work. If you know when and
where something is supposed to happen, you can trace the majority of faults to their sources.

State the proper sequence for computer- and network-access control.

Describe the process of dynamic mapping of an IP address to a physical hardware address.

Which error messages can you receive from SmartView Tracker? What is each telling you? Where should
you look to resolve these errors?

What are the limitations of troubleshooting Integrity Client?

Which commands are useful for troubleshooting VSX Gateways? What are their functions?

Where would you find the files to define the following macros: ip_src, ip_p, or ip_p6?

Internal Data

5 of 7
Internal Data

Internal Data
Internal Data
Master Certification Written-Exam Beta
9.2. Given a specific internal or client problem, troubleshoot and correct the issue.

Where do the following operate within the ISO/OSI layer model: Network Address Translation, Wide Area
Networks, Ethernet, MAC addresses, routers, and switches?

What is the most common cause of firewall vulnerabilities?

Which attacks are addressed by SmartDefense? Which settings are the default, and what happens if any
setting is cleared?

How do you import a configuration from your previous NG with Application Intelligence R55 SmartCenter
Server?

How can you troubleshoot dynamic-routing issues?

9.3. Given a specific internal or client need, analyze and apply the appropriate Hotfix, and evaluate its
effectiveness.

What are the key steps when updating a Security Gateway?

Which precautions should you follow to integrate Integrity Client with installed anti-virus software on a
client workstation?

When a Security Gateway is dropping packets, which troubleshooting steps would you follow? What
information would you look for in SmartView Tracker?

While troubleshooting a connection problem, you run fw tab -t connections on the Security
Gateway. What does the output tell you? How can you tell from the output which type of connection you
are observing?

9.4. Diagnose and solve specific routing issues in a network environment.

List common problems in site-to-site VPN tunnels. How do you troubleshoot each, and what is the
common solution?

How can you troubleshoot dynamic-routing issues?

In which context is it possible to configure a VSX Gateway interface as unnumbered?

What is the function of the fw vsx fetch command?

Section 10:
10. Create backup and recovery strategies.
10.1. Design/plan a strategy for backup and disaster recovery of a specific, complex network environment.

What is the best-practice backup strategy for Security Gateways?

What is the best-practice final step in a risk assessment?

List the prerequisites for developing a disaster-recovery plan.

What type of backup transmission medium would be the best choice to back up/restore security
components?

10.2. Implement a strategy for backup and disaster recovery of a specific, complex network environment.

What are the principle requirements of a fault-tolerant system?

When configuring a VSX Gateway for single Virtual System failover, which systems will not fail over?

Internal Data

6 of 7
Internal Data

Internal Data
Internal Data
Master Certification Written-Exam Beta
10.3. Analyze and validate the effectiveness of an implemented strategy for backup and disaster recovery in a
specific, complex network environment.

Which Check Point product features aid in your strategies for backup and disaster recovery?

What is the correct order to restore a SmartCenter Server configuration on SecurePlatform with an HFA
installed, due to a failed hard drive?

Internal Data

7 of 7
Internal Data