Solved: Re: Question about CCSA practice test

Alexey_Koprov · ‎2019-07-02

Hello, Colleagues!

I just tryed to pass practice CCSA test on official site:

https://www.checkpoint.com/training/ccsa/chapter3/#

I think there is a mistake in 5th question, listed on the screen below. Can anyone explain me, why 1st statement is incorrect? About 4th statement, there is no option about implicit clean-up in Global Properties in R80.20.

Timothy_Hall · ‎2019-07-03

I'd say that the last answer (Global Properties) would be more correct under R77.30 and earlier management as implied rules of any kind (which would include the implicit cleanup rule) could only be modified through the Global Properties, but the first answer (Policy Layer) would be more correct under R80+ management due to the ability to set the action of the implicit cleanup rule per-layer that was added in R80+.

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

View solution in original post

Danny · ‎2019-07-02

Good catch!

https://community.checkpoint.com/t5/Policy-Management/Layers-and-the-cleanup-rule/td-p/6553

PhoneBoy · ‎2019-07-02

Agree, this looks like an incorrect answer.
Paging @shay_solomon

HeikoAnkenbrand · ‎2019-07-03

I think the question and the answers are not clear😀.

Security Management R80.20 Administration Guide:

CUT>>>

Implied rules

The default rules that are available as part of the Global properties configuration and cannot be edited. You can only select the implied rules and configure their position in the Rule Base:

     - First - Applied first, before all other rules in the Rule Base - explicit or implied
     - Last - Applied last, after all other rules in the Rule Base - explicit or implied, but before the Implicit Cleanup Rule
     - Before Last - Applied before the last explicit rule in the Rule Base

Implied rules are configured to allow connections for different services that the Security Gateway uses. For example, the Accept Control Connections rules allow packets that control these services:

      - Installation of the security policy on a Security Gateway
      - Sending logs from a Security Gateway to the Security Management Server
      - Connecting to third party application servers, such as RADIUS and TACACS authentication servers

Implicit cleanup rule

The default "catch-all" rule for the Layer that deals with traffic that does not match any explicit or implied rules in the Layer. It is made automatically when you create a Layer.

Implicit cleanup rules do not show in the Rule Base.

For R80.10 later version Security Gateways, the default implicit cleanup rule action is Drop. This is because most Policies have Whitelist rules (the Accept action). If the Layer has Blacklist rules (the Drop action), you can change the action of the implicit cleanup rule to Accept in the Layer Editor.

For R77.30 or earlier versions Security Gateways, the action of the implicit rule depends on the Ordered Layer:

Drop - for the Network Layer
Accept - for a Layer with Applications and URL Filtering enabled

Note - If you change the default values, the policy installation will fail on R77.30 or earlier versions Security Gateways.

<<<CUT

PS: I had two questions in my CCSM VUE exam with commands that no longer existed.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Timothy_Hall · ‎2019-07-03

I'd say that the last answer (Global Properties) would be more correct under R77.30 and earlier management as implied rules of any kind (which would include the implicit cleanup rule) could only be modified through the Global Properties, but the first answer (Policy Layer) would be more correct under R80+ management due to the ability to set the action of the implicit cleanup rule per-layer that was added in R80+.

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

Alexey_Koprov · ‎2019-07-03

Thank you very much for explaination, it's clear now. So, I think, this question and 4th answer is a some kind of 77.30 legacy. But i still don't know, how should the one answer to the question like this in real exam? 🙂

Timothy_Hall · ‎2019-07-03

Can't really answer your question, only @Jason_Tugwell could...

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

Jason_Tugwell · ‎2019-07-03

For the purpose of the exam, the answer in the screen shot with the green check, is the correct answer.

This question will be one of ones that I am looking to have re-evaluated because as Heiko stated, it is not exactly clear, IMO.

Thanks,

Tug

PhoneBoy · ‎2019-07-03

That doesn't even seem right for R77.x though, as all you can really modify in Global Properties is whether or not to log the implicit rules.

Timothy_Hall · ‎2019-07-04

Agreed Dameon, hence my use of the term "most correct" or its corollary "choose the BEST answer" as I believe it is stated on the exam. 🙂

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

HeikoAnkenbrand · ‎2019-07-04

Hi guys,

I agree with Dameon's and Timothy's answer.

I think the question and answer is not good for a learner.

I'd make the answer clear😀.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Are you a member of CheckMates?

Question about CCSA practice test