Top 100+ Checkpoint Firewall Interview Questions And Answers
Question 1. What Is Anti-spoofing?
Answer :
Anti-Spoofing is the function of Checkpoint Firewall. That is protect from attacker who generate IP Packet with Fake or Spoof supply address. Its decide that whether visitors is valid or no longer. If site visitors is not valid then firewall block that traffic on interface of firewall.
Question 2. What Is Asymmetric Encryption?
Answer :
In Asymmetric Encryption there's two extraordinary key used for encrypt and decrypt to packet. Means that one key used for Encrypt packet, and second key used to for decrypt packet. Same key can't encrypt and decrypt.
Networking Interview Questions
Question 3. What Is Stealth Rule In Checkpoint Firewall?
Answer :
Stealth Rule Protect Checkpoint firewall from direct get admission to any traffic. Its rule must be area on the top of Security rule base. In this rule administrator denied all site visitors to get admission to checkpoint firewall.
Question 4. What Is Cleanup Rule In Checkpoint Firewall?
Answer :
Cleanup rule location at remaining of the security rule base, Its used to drop all visitors which no longer in shape with above rule and Logged. Cleanup rule in particular created for log cause. In this rule administrator denied all of the traffic and allow log.
Networking Tutorial
Question 5. What Is Nat?
Answer :
NAT stand for Network Address Translation. Its used to map non-public IP address with Public IP Address and Public IP cope with map with Private IP Address. Mainly its used for Provide Security to the Internal Network and Servers from Internet. NAT is likewise used to connect Internet with Private IP Address. Because Private IP no longer direction in a position on Internet.
Computer Hardware Interview Questions
Question 6. What Is Source Nat?
Answer :
Source NAT used to provoke traffic from internal community to outside network. In source NAT best supply IP will translated in public IP cope with.
Question 7. What Is Vpn (digital Private Network)?
Answer :
VPN (Virtual Private Network) is used to create comfortable connection between private network over Internet. Its used Encryption authentication to at ease facts for the duration of transmission. There are two type of VPN
Site to Site VPN.
Remote Access VPN.
CCNA Interview Questions
Question eight. What Is Ip Sec?
Answer :
IP Sec (IP Security) is a hard and fast of protocol. That is liable for make at ease conversation between two host device, or community over public community such as Internet. IPSec Protocol offer Confidentiality , Integrity, Authenticity and Anti Replay safety. There is two IPSec protocol which offer protection
ESP (Encapsulation Security Payload)
AH (Authentication Header).
Question nine. What Is Difference Between Esp And Ah Ipsec Protocol?
Answer :
ESP:ESP Protocol is a part of IPsec fit , Its provide Confidentiality, Integrity and Authenticity. Its utilized in mode Transport mode and Tunnel mode.
AH:Its is likewise part of a IPsec in shape, Its offer best Authentication and Integrity, Its does no longer provide Encryption. Its also used to 2 mode Transport mode and Tunnel mode.
Hardware and Networking Interview Questions
Question 10. What Is Explicit Rule In Checkpoint Firewall?
Answer :
It's a rule in ruse base that's manually created through network protection administrator that referred to as Explicit rule.
Question eleven. What Is Hide Nat?
Answer :
Hide NAT used to translate a couple of personal IP or Network with unmarried public IP deal with. Means many to at least one translation. Its can most effective be used in supply NAT translation. Hide NAT can not be used in Destination NAT.
MCSE Interview Questions
Question 12. What Is Destination Nat?
Answer :
When request to translate Destination IP deal with for connect with Internal Private network from Public IP cope with. Only static NAT can be utilized in Destination NAT.
Networking Interview Questions
Question 13. Difference Between Automatic Nat And Manual Nat?
Answer :
Automatic NAT:
Automatic created by way of Firewall Network Security Administrator
Can now not alter
Can now not create “No NAT” rule
Can now not create Dual NAT
Port forwarding not viable
Proxy ARP through default enabled
Manual NAT:
Manually Created via Network Security
Can be Modify
Can be Create “No NAT” rule
Can be Create Dual NAT
Port forwarding possible
Proxy ARP by way of default no longer allow
Question 14. What Is Difference Between Standalone Deployment Distributed Deployment?
Answer :
Standalone deployment : In standalone deployment, Security Gateway and Security control server mounted on identical Machine.
Distributed deployment: In Distributed deployment, Security Gateway and Security Management Server hooked up on exclusive machine.
Question 15. What Is Sic?
Answer :
SIC stand for “Secure Internal Communication”. Its a checkpoint firewall feature that is used to make comfortable communication between Checkpoint firewall issue. Its used when Security Gateway and Security management server established in Distributed deployment. Its Authentication and Encryption for comfortable communication.
CCNP Interview Questions
Question sixteen. What Is three Tier Architecture Component Of Checkpoint Firewall?
Answer :
Smart Console.
Security Management.
Security Gateway.
Question 17. What Is The Packet Flow Of Checkpoint Firewall?
Answer :
SAM Database.
Address Spoofing.
Session Lookup.
Policy Lookup.
Destination NAT.
Route Lookup.
Source NAT.
Layer 7 Inspection.
VPN.
Routing.
Microsoft Certified Solutions Associate (MCSA) Interview Questions
Question 18. What Advantage Of Nat?
Answer :
Save Public IP to shop value.
Security with cover Internal Network.
Avoid Routing.
Publish Server over Internet.
Overlapping Network.
Access Internet from Private IP cope with.
Computer Hardware Interview Questions
Question 19. What Is Smart Dashboard?
Answer :
Its device of smart console. Its used to Configure Rule, Policy item, Create NAT Policy, Configure VPN and Cluster.
Question 20. Which Of The Applications In Check Point Technology Can Be Used To Configure Security Objects?
Answer :
SmartDashboard
Cisco Interview Questions
Question 21. Which Of The Applications In Check Point Technology Can Be Used To View Who And What The Administrator Do To The Security Policy?
Answer :
SmartView Tracker
Question 22. What Are The Two Types Of Check Point Ng Licenses?
Answer :
Central and Local licenses: Central licenses are the new licensing version for NG and are sure to the SmartCenter server. Local licenses are the legacy licensing version and are certain to the enforcement module.
Question 23. What Is The Main Different Between Cpstop/cpstart And Fwstop/fwstart?
Answer :
Using cpstop and then cpstart will restart all Check Point additives, consisting of the SVN foundation. Using fwstop after which fwstart will simplest restart VPN-1/FireWall-1.
Cisco Nexus switches Interview Questions
Question 24. What Are The Functions Of Cpd, Fwm, And Fwd Processes?
Answer :
CPD :CPD is a high inside the hierarchichal chain and helps to execute many services, inclusive of Secure Internal Communcation (SIC), Licensing and standing file.
FWM: The FWM technique is responsible for the execution of the database activities of the SmartCenter server. It is; therefore, responsible for Policy set up, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, and many others.
FWD:The FWD manner is liable for logging. It is completed when it comes to logging, Security Servers and conversation with OPSEC packages.
CCNA Interview Questions
Question 25. What Are The Types Of Nat And How To Configure It In Check Point Firewall?
Answer :
Static Mode and manually described
Question 26. How To Install Checkpoint Firewall Ngx On Secureplatform?
Answer :
1. Insert the Checkpoint CD into the computers CD Drive.
2. You will see a Welcome to Checkpoint SecurePlatform display screen. It will spark off you to press any key. Press any key to begin the set up,in any other case it'll abort the set up.
3.You will now receive a message saying that your hardware was scanned and found suitable for installing secureplatform. Do you desire to continue with the set up of Checkpoint SecurePlatform.
Of the four alternatives given, pick OK, to retain.
Four.You might be given a preference of these :
SecurePlatform
SecurePlatform Pro
Select Secureplatform Pro and enter ok to retain.
Five.Next it's going to provide you with the option to select the keyboard kind. Select your Keyboard kind (default is US) and enter OK to retain.
6.The next choice is the Networking Device. It will come up with the interfaces of your system and you may pick out the interface of your desire.
7.The subsequent option is the Network Interface Configuration. Enter the IP address, subnet mask and the default gateway.
For this tutorial, we can set this IP deal with as 1.1.1.1 255.255.255.0 and the default gateway as 1.1.1.2 with the intention to be the IP deal with of your upstream router or Layer three tool.
Eight.The next choice is the HTTPS Server Configuration. Leave the default and input OK.
Nine.Now you'll see the Confirmation screen. It will say that the subsequent level of the set up procedure will format your hard drives. Press OK to Continue.
10.Sit returned and relax as the tough disk is formated and the files are being copied.
Once it is completed with the formatting and copying of image documents, it will spark off you reboot the gadget and importantly REMOVE THE INSTALLATION CD. Press Enter to Reboot.
Note: Secureplatform disables your Num Lock by means of over driving System BIOS settings, so that you press Num LOck to enable your Num Lock.
For the FIRST Time Login, the login name is admin and the password is likewise admin.
11.Start the firewall in Normal Mode.
12.Configuring Initial Login:
Enter the person call and password as admin, admin.
It will set off you for a brand new password. Chose a password.
Enter new password: test$123
Enter new password again: take a look at$123
You can also pick out a distinct person name:
Enter a user name:fwadmin
Now it will activate you with the [cpmodule]# set off.
Thirteen. The subsequent step is to launch the configuration wizard. To start the configuration wizard, kind “sysconfig”.
You need to input n for subsequent and q for Quit. Enter n for subsequent.
14.Configuring Host call: Press 1 to enter a host name. Press 1 again to set the host name.
Enter host name: checkpointfw
You can both input an ip cope with of leave it blank to accomplice an IP deal with with this hostname. Leave it clean for now.
Press 2 to show host call. It now displays the name of the firewall as checkpointfw.
Press e to get out of that section.
15.Configuring the Domain name.
Press 2 to go into the config mode for configuring the domain mode. Press 1 to set the area call.
Enter domain name:yourdomain.Com
Example:
Enter area call: checkpointfw.Com
You can press 2 to reveal the area call.
16. Configuring Domain Name Servers.
You can press 1 to add a brand new domain name server.
Enter IP Address of the area name srever to add: Enter your area name server IP Address HERE.
Press e to go out.
Network Connections.
17. Press 4 to go into the Network Connections parameter.
Enter 2 to Configure a new connection.
Your Choice:
eth0
eth1
eth2
eth3
Press 2 to configure eth1. (We will configure this interface because the internal interface with an IP address of 192.168.1.1 and a subnet masks of 255.255.255.Zero. The default gateway could be configured as 1.1.1.1.)
Press 1) Change IP settings.
Enter IP cope with for eth1 (press c to cancel): 192.168.1.1
Enter community Mask for interface eth2 (press c to cancel): 255.255.255.Zero
Enter broadcast cope with of the interface eth2 (depart empty for default): Enter
Pres Enter to preserve….
Similarly configure the eth2 interface, so one can be appearing as a DMZ in this example with 10.10.10.1 255.255.255.0.
Press e to exit the configuration menu.
18.Configuring the Default Gateway Configuration.
Enter 5 that's the Routing segment to enter records on the default gateway configuration.
Set default gateway.
Show default gateway.
Press 1 to go into the default gateway configuration.
Enter default gateway IP cope with: 1.1.1.2
19. Choose a time and date configuration object.
Press n to configure the timezone, date and local time.
This part is self explanatory so that you can do it your self.
The next set off is the Import Checkpoint Products Configuration. You can n for subsequent to bypass this part because it is not wanted for clean installs.
20. Next is the license agreement.You have the option of V for evaluation product, U for bought product and N for subsequent. If you input n for subsequent. Press n for next.
Press Y and take delivery of the license agreement.
21.The next phase could show you the product Selection and Installation choice menu.
Select Checkpoint Enterprise/Pro.
Press N to continue.
22. Select New Installation from the menu.
Press N to retain.
23. Next menu could display you the goods to be established.
Since that is a standalone installation configuration example, choose
VPN Pro and
Smartcenter
Press N for next
24.Next menu offers you the option to pick out the Smartcenter kind you would love to install.
Select Primary Smartcenter.
Press n for subsequent.
A validation screen will be visible showing the following merchandise:
VPN-1 Pro and Primary Smartcenter.
Press n for next to continue.
Now the set up of VPN-1 Pro NGX R60 will start.
25. The set of menu is as follows:
Do you need to feature license (y/n)
You can input Y that's the default and enter your license facts.
26. The subsequent spark off will ask you to add an administrator. You can upload an administrator.
27.The next prompt will ask you to add a GUI Client. Enter the IP Address of the device from in which you need to control this firewall.
28. The very last manner of set up is creation of the ICA. It will promtp you for the introduction of the ICA and observe the stairs. The ICA might be created. Once the random is configured ( you dont should do anything), the ICA is initialized.
After the ICA initialized, the fingerprint is displayed. You can shop this fingerprint due to the fact this will be later used whilst connecting to the smartcenter through the GUI. The two fingerprints ought to fit. This is a security feature.
The next step is reboot. Reboot the firewall.
Cisco Network Engineer Interview Questions
