hi all,

i just knew that somebody wrote a good CCSA braindump, dated 16-sept. you guys can use that to
study for exam.

i hope the below info can help you. my advise is to read and understand the PDF files from checkpoint (see below). everything is
there! don't trust boson, or any previous dumps.

i took the exam a few days ago.

god bless!

Binuz/CG.

==========================
MUST-
READ LIST FOR CCSA NG

Student & Lab Guide: ALL
CCSA_study_guideI.PDF
Start pg. 24
Practice Test: pg 50
GettingStarted.PDF
VPN-1/Firewall-1
Architecture: pg 58
Enterprise Security Manager: pg 61
CP Management.PDF
SIC: pg 61
SecureUpdate: pg 83
GUI: pg 151
Network Objects: pg
175
Managing Users and Admis: pg 237
Global Property: pg 323 В– 329
Security Policy Rule Base: pg 353
System Status Viewer: pg 455
Log Viewer:
pg 485 В– 530
Firewall.PDF
NAT: pg 19
Authentication: pg 71


1. What does В“untrustedВ” mean
2. What does В“!В” mean
3. SIC:
a. Uses
certificate for authentication, issued by ICA in management server
b. SICВ’s certificate has nothing to do with VPN certificate (IKE)
4. SIC
benefits:
a. FW admin can confirm that the loaded security policy came from the authorized management server
b. FW admin can confirm policy editor
connect to the right management server
c. Maintain data privacy and integrity
5. SIC identify management server and module by their SIC name (also
known as Distinguished Name)
6. SecureUpdate capability in management module
7. Stateful inspection:
a. Examine every packet ?
b. Shutdown upper
range port ?
8. Which is not included in SVN foundation?
a. CPMAD ?
b. License utility ?
9. What are the internal CA components
10. Enforcement
module:
a. Is installed in host enforcement point ?
b. Can provide control authentication and security ?
11. Role of management module ?
Management client ?
12. Recover communication between management module and enforcement module
a. Fw unload?
b. Fw stop?
13. Central license
management
14. Advantage of central licensing -> can it be converted to local ?
15. Antispoofing is installed on what interface
16. What is
В“NodeВ” meant in Policy Editor ?
17. After initiate SIC for a workstation, what canВ’t we do ? Rename ?
18. Template modification
a. Is the
connection dropped if the user database is installed ?
b. All users subsequently created with that template will have new property ?
19. What
groups can be defined in rule base
20. Nested users and groups
21. Blocking default -> what happened when it is chosen ?
22. Logs are exportable
using: LEA ? ELA ?
23. User groups in authentication
24. Transparent authentication: what is it? How VPN-1/FW-1 behave ?
25. Does authentication
rules require a user group in source and destination field ?
26. Predefined server in user authentication -> http ?
27. FW-1 users -> all imported
users must use the same authentication ?
28. Steps of session authentication
29. Conflict between NAT vs anti spoofing -> it happened if performed
at client side or server side ?
30. Only auto NAT rules are enforced ?
31. Object that can be implemented in NAT
a. Domain? Workstation? OSE
Device?

---