This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alexey_Koprov
Explorer
‎2019-07-02 07:45 AM
Jump to solution

Question about CCSA practice test

Hello, Colleagues!

I just tryed to pass practice CCSA test on official site:

https://www.checkpoint.com/training/ccsa/chapter3/#

I think there is a mistake in 5th question, listed on the screen below.   Can anyone explain me, why 1st statement is incorrect?     About 4th statement, there is no option about implicit clean-up in Global Properties in R80.20.

 

WhatsApp Image 2019-07-02 at 17.40.41.jpeg

1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2019-07-03 07:31 AM
Jump to solution

I'd say that the last answer (Global Properties) would be more correct under R77.30 and earlier management as implied rules of any kind (which would include the implicit cleanup rule) could only be modified through the Global Properties, but the first answer (Policy Layer) would be more correct under R80+ management due to the ability to set the action of the implicit cleanup rule per-layer that was added in R80+.

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

View solution in original post

10 Replies
Danny
Champion Champion
Champion
‎2019-07-02 08:48 AM
Jump to solution

Good catch!

https://community.checkpoint.com/t5/Policy-Management/Layers-and-the-cleanup-rule/td-p/6553

0 Kudos
PhoneBoy
Admin
Admin
‎2019-07-02 04:53 PM
Jump to solution

Agree, this looks like an incorrect answer.
Paging @shay_solomon 

 

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-07-03 01:29 AM
Jump to solution

I think the question and the answers are not clear😀.

Security Management R80.20 Administration Guide:

CUT>>>

Implied rules

The default rules that are available as part of the Global properties configuration and cannot be edited. You can only select the implied rules and configure their position in the Rule Base:

     - First - Applied first, before all other rules in the Rule Base - explicit or implied
     - Last - Applied last, after all other rules in the Rule Base - explicit or implied, but before the Implicit Cleanup Rule
     - Before Last - Applied before the last explicit rule in the Rule Base

Implied rules are configured to allow connections for different services that the Security Gateway uses. For example, the Accept Control Connections rules allow packets that control these services:

      - Installation of the security policy on a Security Gateway
      - Sending logs from a Security Gateway to the Security Management Server
      - Connecting to third party application servers, such as RADIUS and TACACS authentication servers

Implicit cleanup rule

The default "catch-all" rule for the Layer that deals with traffic that does not match any explicit or implied rules in the Layer. It is made automatically when you create a Layer.

Implicit cleanup rules do not show in the Rule Base.

For R80.10 later version Security Gateways, the default implicit cleanup rule action is Drop. This is because most Policies have Whitelist rules (the Accept action). If the Layer has Blacklist rules (the Drop action), you can change the action of the implicit cleanup rule to Accept in the Layer Editor.

For R77.30 or earlier versions Security Gateways, the action of the implicit rule depends on the Ordered Layer:

Drop - for the Network Layer
Accept - for a Layer with Applications and URL Filtering enabled

Note - If you change the default values, the policy installation will fail on R77.30 or earlier versions Security Gateways.

<<<CUT

PS: I had two questions in my CCSM VUE exam with commands that no longer existed.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Timothy_Hall
Legend Legend
Legend
‎2019-07-03 07:31 AM
Jump to solution

I'd say that the last answer (Global Properties) would be more correct under R77.30 and earlier management as implied rules of any kind (which would include the implicit cleanup rule) could only be modified through the Global Properties, but the first answer (Policy Layer) would be more correct under R80+ management due to the ability to set the action of the implicit cleanup rule per-layer that was added in R80+.

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Alexey_Koprov
Explorer
‎2019-07-03 08:14 AM
In response to Timothy_Hall
Jump to solution

Thank you very much for explaination, it's clear now. So, I think, this question and 4th answer is a some kind of 77.30 legacy. But i still don't know, how should the one answer to the question like this in real exam? 🙂

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-07-03 10:34 AM
In response to Alexey_Koprov
Jump to solution

Can't really answer your question, only @Jason_Tugwell could...

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
Jason_Tugwell
Employee Employee
Employee
‎2019-07-03 01:20 PM
In response to Timothy_Hall
Jump to solution

For the purpose of the exam, the answer in the screen shot with the green check, is the correct answer.

This question will be one of ones that I am looking to have re-evaluated because as Heiko stated, it is not exactly clear, IMO.

Thanks,

Tug

 

PhoneBoy
Admin
Admin
‎2019-07-03 10:55 AM
In response to Timothy_Hall
Jump to solution

That doesn't even seem right for R77.x though, as all you can really modify in Global Properties is whether or not to log the implicit rules.
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-07-04 06:51 AM
In response to PhoneBoy
Jump to solution

Agreed Dameon, hence my use of the term "most correct" or its corollary "choose the BEST answer" as I believe it is stated on the exam.  🙂

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-07-04 08:43 AM
In response to Timothy_Hall
Jump to solution

Hi guys,

I agree with Dameon's and Timothy's answer.

I think the question and answer is not good for a learner. 

I'd make the answer clear😀.

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events