Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Exam: 156-515


Register for an exam
Course:
Check Point Security Administration NGX III

Passing exams #156-215.1, #156-315.1, and #156-515 earns you Check Point Certified Security Expert NGX (CCSE Plus NGX).

Objectives

  • Test IP forwarding routing and connectivity, before installing VPN-1 NGX.
  • Monitor the Default Filter and Initial Policy’s effect on traffic through a Security Gateway, to demonstrate protection these offer.
  • Troubleshoot Secure Internal Communications and Internal Certificate Authority issues.
  • Troubleshoot Network Address Translation (NAT) issues.
  • Given an issue with a particular Check Point product, list the data required for troubleshooting.
  • Collect data using the cpinfo utility, for off-line viewing and troubleshooting using the InfoView utility.
  • Use DbEdit or GuiDBedit to view and manipulate *.c and *.def files and observe their impact on Security Gateway functionality.
  • Manage the fwauth.NDB file to maintain the user database.
  • Use log commands to observe and manipulate log files.
  • Use tcpdump to capture packets and analyze packet-header formats.
  • Use snoop to capture packets, and review three output modes.
  • Use fw monitor to capture packets.
  • Review fw monitor output using Ethereal.
  • Perform kernel debugging using the fw ctl debug command.
  • Use fwm debug to analyze SmartCenter Server issues.
  • Use fwd debug to analyze kernel-to-application layer issues.
  • Use cpd debug to analyze SIC issues.
  • Identify relevant fw commands to obtain critical information about NGX components’ status.
  • Use fw and fw advanced commands with proper options, to obtain critical information for troubleshooting.
  • Identify different stages in the folding process.
  • Troubleshoot Security Server issues.
  • Debug Security Servers.
  • Identify and explain the two phases of the IKE negotiation process.
  • Use VPN debugging tools for common troubleshooting practices.
  • Use VPN log files and the vpn debug command to troubleshoot VPN connections.
  • Use troubleshooting tables as general guidelines for troubleshooting VPN issues.
  • Identify necessary ports and their functions when VPN-1 SecuRemote/SecureClient connects to sites.
  • Identify packet flows during SecuRemote/SecureClient connection stages.
  • Use srfw monitor to capture traffic on SecureClient, and fw monitor on a Security Gateway.
  • Use ike debug to capture ike.elg data.
  • Analyze ike.elg in IKEview.
  • Identify differences between route-based VPNs and domain-based VPNs.
  • Configure VTI for route-based VPN Gateways.
  • Configure OSPF for dynamic VPN routing in a Community.
  • Identify the Wire Mode function by testing a VPN failover.
  • Configure Directional VPN Rule Match for route-based VPN.
  • Implement and test ClusterXL by following Check Point configuration recommendations.
  • Troubleshoot ClusterXL problems, using cphaprob and other related commands.

Register now for this or any Check Point exam at a Pearson VUE center near you.