With the retirement of the R81.10 versions of the CCSA and CCSE exams upcoming November 30th, as someone who has taught both the old and new classes I thought it would be helpful to provide some general tips and a comparison of the CCSA/CCSE R81.10 content vs. the updated CCSA/CCSE R81.20 content. The goal here is to highlight content differences, so that those who have attended an older CCSA/CCSE R81.10 class or not worked with R81.20 at all yet can assess their preparation options for challenging the R81.20 exams.
First off, some general CCSA/CCSE Check Point exam tips regardless of version (I shared these during a CCTE exam prep session I hosted for CPX 360 2022):
1) You have 90 minutes to complete 100 multiple choice questions (2-day specialist exams have 75 questions) with one correct answer for each. There used to be fill-in-the-blank questions but those seem to have gone away recently.
2) Pass is a 70%.
3) You are allowed to back up and return to prior questions (unlike say Cisco exams). You also have the ability to flag a question you are not sure about, then at the end of the exam if there is time left, jump back through all the questions you flagged. My suggestion is to always answer every question on the first run-through even if it is a wild guess, as a question will be marked equally wrong regardless of whether you selected an incorrect answer or left it unanswered.
4) If the context of the question is unclear, try to remember how that topic was presented in the lecture and labs during class.
5) I still personally struggle with this one: For those with extensive Check Point experience try to take the questions at face value and not overthink, or start pondering "well that depends on...". Generally the questions are pretty straightforward and are not asking you about some obscure situation you vaguely remember seeing 10 years ago at 3am on a Saturday night.
6) Check Point exams are not adaptive and will not try to beat you over the head with the same topic if you have answered an earlier question on that topic incorrectly. Questions are drawn from a pool at the start of the exam and do not change during the course of the exam. By the same token you may draw two questions that are extremely similar or even identical; do not automatically assume you answered the first instance incorrectly when the second instance appears.
7) 80% of the exam questions are taken right from the courseware lecture and labs, the remaining 20% are "real-world" questions so having at least some real-world experience with Check Point (and not just the class) will be helpful. Do not panic if you face one of those 20% questions that were not mentioned/covered at all in the class, and initially draw a complete blank.
😎 Refer to sk163417: Check Point Learning & Training FAQ for any questions about certification length, renewals, expired certs renewal, etc.
9) Online practice exams for CCSA and CCSE are available from PearsonVue and are well worth the $50 USD they cost, as they draw their practice questions directly from the live exam pool. There aren't really any other legit exam prep guides available other than the official course material, and there are most certainly NOT any out there that are worth forking over money for. The courses are to some degree based on portions of the official documentation administration guide PDFs, which can be accessed for free at the Check Point Support Center if you need to bone up on a covered topic or feature you aren't familiar with.
10) If you can't or don't want to physically show up at a Pearson VUE testing center to take the exam, online proctoring options are offered.
11) Check the exam numbers carefully when booking:
Check Point Certified Security Administrator (CCSA) R81.20 – Exam #: 156-215.81.20
Check Point Certified Security Expert (CCSE) R81.20 – Exam #: 156-315.81.20
CCSA R81.20 updates from CCSA R81.10 course:
1) Work with SmartConsole's Demo Mode
2) Learn about the new SmartWorkflow/Session Approval Cycle feature in R81.20 (you can easily preview and work with this in the R81.20 SmartConsole's Demo Mode)
3) Ordered vs. Inline Layers are covered much more heavily in CCSA R81.20
4) Fully understand Proxy ARP for Manual NATs
5) Identity Awareness and HTTPS Inspection are no longer covered, moved to CCSE R81.20
6) Brush up on working with snapshots & backups from both clish and Gaia Web UI, also CPUSE and JHFA application
7) Autonomous Threat Prevention is still covered, but Custom TP coverage was moved to CCSE R81.20
CCSE R81.20 updates from CCSE R81.10 course:
1) Custom Threat Prevention, Identity Awareness, and HTTPS Inspection were moved from CCSA to CCSE; extensive lab exercises for all these as well
2) Code upgrades via CPUSE/Advanced Upgrade/migrate_server for SMS/Gateways are still extensively covered but not performed in labs anymore
3) Advanced CLI options for clish and expert mode are no longer covered
4) Get familiar with the new External Network Feed SmartConsole object introduced in R81.20
5) Accelerated Policy Installs are much more heavily covered
6) Get familiar with the new IoT and SSH Deep Packet Inspection features
7) Make sure you understand the difference between domain-based vs. route-based VPNs (VTIs), and IKE P1 External Certificate Authentication
😎 Learn about the new Hyperflow feature (pipeline paths) introduced in R81.20
9) SmartEvent and especially view/report customization is much more heavily covered
10) Get familiar with the new SmartConsole-based Central Deployment Tool options (code upgrades, JHFA application, etc.)
11) ClusterXL advanced deployment options are much more heavily covered, such as IP addresses on different subnets and cluster hide/fold
Good luck!
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com