15+ Must-Know CheckPoint Interview Questions & Answers
Last updated on 04th Jul 2020, Blog, Interview Questions
These CheckPoint Interview Questions have been designed specially to get you acquainted with the nature of questions you may encounter during your interview for the subject of CheckPoint. As per my experience good interviewers hardly plan to ask any particular question during your interview, normally questions start with some basic concept of the subject and later they continue based on further discussion and what you answer.we are going to cover top 100 CheckPoint Interview questions along with their detailed answers. We will be covering CheckPoint scenario based interview questions, CheckPoint interview questions for freshers as well as CheckPoint interview questions and answers for experienced.
Q1.What is Asymmetric Encryption.
In Asymmetric Encryption there is two different key used for encrypt and decrypt to packet. Means that one key used for Encrypt packet, and second key used to for decrypt packet. Same key can not encrypt and decrypt.
Q2.How Checkpoint Component communicate and Sync with each other?
Secure Internal Communications (SIC) is the Check Point feature that ensures components, such as Security Gateways, SmartCenter Server, SmartConsole, etc. can communicate with each other freely and securely using a simple communication initialization process.
Q3.What is Anti-Spoofing?
Anti-Spoofing is the feature of Checkpoint Firewall. which is protect from attacker who generate IP Packet with Fake or Spoof source address. Its determine that whether traffic is legitimate or not. If traffic is not legitimate then firewall block that traffic on interface of firewall.
Q4.What is Stealth Rule in checkpoint firewall?
Stealth Rule Protect Checkpoint firewall from direct access any traffic. Its rule should be place on the top of Security rule base. In this rule administrator denied all traffic to access checkpoint firewall.
Q5.What is Cleanup rule In Checkpoint Firewall?
Cleanup rule place at last of the security rule base, It is used to drop all traffic which not match with above rule and Logged. Cleanup rule mainly created for log purpose. In this rule administrator denied all the traffic and enable log.
Q6.What are the functions of CPD, FWM, and FWD processes?
CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as Secure Internal Communication (SIC), Licensing and status report.
FWM – The FWM process is responsible for the execution of the database activities of the SmartCenter server. It is; therefore, responsible for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.
FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security Servers and communication with OPSEC applications.
Q7.What are the two types of Check Point NG licenses?
- Central License
- Local Licenses
Central licenses are the new licensing model for NG and are bound to the SmartCenter server. Local licenses are the legacy licensing model and are bound to the enforcement module.
Q8.What are the major differences between SPLAT and GAIA?
Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here are some benefits of Gaia as compare to SPLAT/IPSO.
- Web-Based user interface with Search Navigation
- Full Software Blade support
- High connection capacity
- Role-Based administrative Access
- Intelligent Software updates
- Native IPv4 and IPv6 Support
- ClusterXL or VRRP Clusters
- Manageable Dynamic Routing Suite
- Full Compatibility with IPSO and SecurePlatform.
Q9.What is Checkpoint Architecture?
Check Point has developed a Unified Security Architecture that is implemented throughout all of its security products. This Unified Security Architecture enables all Check Point products to be managed and monitored from a single administrative console and provides a consistent level of security.
The Check Point Unified Security Architecture is comprised of four main components:
Core Technologies: Check Point uses a common set of core technologies, such as INSPECT for security inspection, across multiple layers of security.
Central Management: All Check Point products can be managed and monitored from a single administrative console.
Open Architecture: Check Point has built its security architecture to be open and interoperable in a heterogeneous environment. For example, Check Point products can interoperate with other network and security equipment from third-party vendors to enable cooperative enforcement of Security Policies.
Universal-update Ability: Check Point has consolidated multiple security-alert and update functions to ease update procedures and help Administrators ensure that security is always up-to-date.
Q10. What Is Nat?
NAT stand for Network Address Translation. here private IP address are mapped with Public IP Address and Public IP address map with Private IP Address. Mainly its used for offer Security to the private Network and Servers from Internet. NAT is also for to connect Internet with Private IP Address. Because Private IP not route able on Internet.
Q 11. What Is Source Nat?
Source NAT is for initiate traffic from internal network to external network. In the source NAT only source IP will translated in public IP address.
Q12. What Is Vpn (virtual Private Network)?
VPN is used to create secure connection between two private network over Internet. It is for Encryption authentication to secure data while transmission. There are two type of VPN
- Site to Site VPN.
- Remote Access VPN.
Q13. What Is Ip Sec?
IP Sec (IP Security) is nothing but set of protocol. which is for make secure communication between two host machine, or network over public network such as Internet. IPSec is for Confidentiality , Integrity, Authenticity and Anti Replay protection. There is two IPSec protocol which provide security
- ESP (Encapsulation Security Payload)
- AH (Authentication Header).
Q14.Explain Esp And Ah Ipsec Protocol?
ESP:ESP Protocol is nothing but the part of IPsec suit , Its provide Confidentiality, Integrity and Authenticity. It is used in 2 mode
- Transport mode
- Tunnel mode.
AH: AH is the most important part of IPsec suit, Its provide only Authentication and Integrity, Its does not provide Encryption. It is also used to two mode Transport mode and Tunnel mode.
Q15. What Is Explicit Rule In Checkpoint Firewall?
Explicit rules are the rules which are created manually by network security administrator .
Q16.Which environment are supported by Test Checkpoint?
Text Checkpoint are supported all add-in environments
Recommended Training : Checkpoint.
Q17. Whats the Image Checkpoint?
Image Checkpoint check the value of an image in your application or web page.
Q18.Whats the Standard Checkpoint?
Standard Checkpoints checks the property value of an object in your application or web page.
Q19.What is 3 trier architecture component of Checkpoint Firewall.
- Smart Console.
- Security Management.
- Security Gateway.
Q20. What is Check Point Firewall?
- A : The Check Point Firewall is part of the Software Blade architecture that supplies next-generationfirewall features, including:
- VPN and mobile device connectivity
- Identity and computer awareness
- Internet access and filtering
- Application control
- Intrusion and threat prevention
- Data Loss Prevention
Q21. Whats the Table Checkpoints?
Table Checkpoint checks the information with in a table.
Q22.What are the primary components of the Check Point solution?
These are the primary components of a Check Point solution:
Security Gateway – The engine that enforces the organizations security policy, is an entry point to the LAN and is managed by the Security Management Server.
Security Management Server – The application that manages, stores, and distributes the security policy to Security Gateways.
SmartDashboard – A Check Point client used to create and manage the security policy.
Q23.What is the use of Firewall Rule Base?
The firewall is the core of a well-defined network security policy. The goal of the Check Point Firewall Rule Base is to create rules that only allow the specified connections.
Q24.What are the Basic Access Control Rules for all Rule Bases?
These are basic access control rules we recommend for all Rule Bases:
1. Stealth rule that prevents direct access to the Security Gateway.
2. Cleanup rule that drops all traffic that is not allowed by the earlier rules.
3. There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.
Q25.How do you define Security Zones?
Networks use different security zones to protect very important resources and to defend against malware. Create rules that allow only the applicable traffic in and out of a security zone. Make sure that there are different rules in the Firewall Rule Base that define traffic to and from the security zones.
Q26.How do you prevent IP Spoofing?
Attackers use IP spoofing to make the IP address of a packet appear to be from a trusted source. This can bypass the Firewall to introduce malicious content and actions (malware and bot downloads, DoS attacks, unauthorized access, and so on) to your network.
Anti-Spoofing detects if a packet with an IP address that is, according to the topology, behind one interface, actually arrives from a different interface. For example, if a packet from an external network has an internal IP address, Anti-Spoofing blocks the packet.
Q27.Whats the Bitmap Checkpoint?
Bitmap Checkpoint checks the bitmap images in your web page or application.
Q28.What kind of connections are allowed by a firewall on the perimeter?
These are some of the connections that are usually allowed by a Firewall on the perimeter:
1. Outgoing connections to the Internet
2. Connections to the DNS server
3. Specified external connections
4. Connections to servers in the DMZ
5. Connections from the internal network to the internal network
6. VPN connections
Q29.Where you can view the results of the checkpoint?
You can view the results of the checkpoints in the Test Result Window.
Q30.Explain How do virtual corporations maintain confidentiality?
Get JOB Oriented Checkpoint Certification Course with Industry Standard ModulesWeekday / Weekend BatchesSee Batch Details
Q31.Which of the applications in Check Point technology can be used to configure security objects?
Q32.Difference between Automatic NAT and Manual NAT.
Automatic created by Firewall
- Can not modify
- Can not create No NATrule
- Can not create Dual NAT
- Port forwarding not possible
- Proxy ARP by default enabled
- Manual NAT
- Manually Created by Network Security Administrator
- Can be Modify
- Can be Create No NATrule
- Can be Create Dual NAT
- Port forwarding possible
- Proxy ARP by default not enable
Q33.What are the types of firewalls?
- Packet Filtering Firewall: This type of Firewall detects packets and block unnecessary packets and makes network traffic release.
Screening Router Firewalls: It’s a software base firewall available in Router provides only light filtering.
- Computer-based Firewall : It’s a firewall stored in server with an existing Operating System like Windows and UNIX.
- Hardware base Firewall: Its device like box allows strong security from public network. Mostly used by big networks.
- Proxy Server: Proxy server allows all clients to access Internet with different access limits. Proxy server has its own firewall which filters the all packet from web server.
Q34.What can’t a firewall protect against?
Firewalls can’t protect against attacks that don’t go through the firewall. Many corporations that connect to the Internet are very concerned about proprietary data leaking out of the company through that route. Unfortunately for those concerned, a magnetic tape can just as effectively be used to export data. Many organizations that are terrified (at a management level) of Internet connections have no coherent policy about how dial-in access via modems should be protected.
Q35.Will IPSEC make firewalls obsolete?
IPSEC (IP Security) refers to a set of standards developed by the Internet Engineering Task Force (IETF). There are many documents that collectively define what is known as “IPSEC” . IPSEC solves two problems which have plagued the IP protocol suite for years: host-to-host authentication (which will let hosts know that they’re talking to the hosts they think they are) and encryption (which will prevent attackers from being able to watch the traffic going between machines).
Q36.What is a network firewall?
A firewall is a system or group of systems that enforces an access control policy between two networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic.
Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don’t have a good idea of what kind of access you want to allow or to deny, a firewall really won’t help you.
It’s also important to recognize that the firewall’s configuration, because it is a mechanism for enforcing policy, imposes its policy on everything behind it. Administrators for firewalls managing the connectivity for a large number of hosts therefore have a heavy responsibility.
Q37.What is synchronization and why is it important?
With respect to multithreading, synchronization is the capability to control the access of multiple threads to shared resources. Without synchronization, it is possible for one thread to modify a shared object while another thread is in the process of using or updating that object’s value. This often leads to significant errors.
Q38.What are the critical resources in a firewall?
- Service Critical Resource
- Disk I/O
- Netnews Disk I/O
- Web Host
- OS Socket Performance
- IP Routing Host OS Socket Performance
- Web Cache
- Host OS Socket Performance, Disk I/O
Q39.What are some common attacks, and how can I protect my system against them?
Each site is a little different from every other in terms of what attacks are likely to be used against it. Some recurring themes do arise, though.
Q40.What is the difference between gateway and firewall?
A network gateway joins two networks together through a combination of hardware and software. A network firewall guards a computer network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.
Q41.What is the difference between router ACLs and Firewall ACLs?
Routers are designed to route traffic, not stop it.
Firewalls are designed to examine and accept/reject traffic. But the both ACL are do the same job. Depending upon our requirements we do our ACL configuration on it.
Q42.A trace route command work across the firewall? why?
Trace route is based on ICMP type 30 under Windows and UDP under NIX; trace route packets that would hit the firewall should be dropped similarly any echo replay coming from inside the firewall should be restricted outbound.
Q43.Can you define Packet filtering ?
Packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols. The process is used in conjunction with packet mangling and Network Address Translation (NAT). Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT).
Q44.Can you explain circuit level gateway?
The circuit level gateway firewalls work at the session layer of the OSI model. They monitor TCP handshaking between the packets to determine if a requested session is legitimate. And the information passed through a circuit level gateway, to the internet, appears to have come from the circuit level gateway. So, there is no way for a remote computer or a host to determine the internal private ip addresses of an organization, for example. This technique is also called Network Address Translation where the private IP addresses originating from the different clients inside the network are all mapped to the public IP address available through the internet service provider and then sent to the outside world (Internet). This way, the packets are tagged with only the Public IP address (Firewall level) and the internal private IP addresses are not exposed to potential intruders.
Q45.Can you explain stateful inspection?
Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall. Stateful inspection has largely replaced an older technology, static packet filtering. In static packet filtering, only the headers of packets are checked — which means that an attacker can sometimes get information through the firewall simply by indicating “reply”in the header. Stateful inspection, on the other hand, analyzes packets down to the application layer. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter can.
Q46.Can you explain the concept of demilitarized zone?
The concept of the DMZ, like many other network security concepts, was borrowed from military terminology. Geopolitically, a demilitarized zone (DMZ) is an area that runs between two territories that are hostile to one another or two opposing forces’ battle lines. The DMZ likewise provides a buffer zone that separates an internal network from the often hostile territory of the Internet. Sometimes it’s called a “screened subnet”or a “perimeter network,”but the purpose remains the same.
Q47.What is Application level Gateway?
An application layer gateway (ALG) is a feature on ScreenOS gateways that enables the gateway to parse application layer payloads and take decisions on them. Although there are other ScreenOS features, such as deep inspection, in which the gateway inspects traffic at the application layer, ALGs are typically employed to support applications that use the application layer payload to communicate the dynamic Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports on which the applications open data connections. Such applications include the File Transfer Protocol (FTP) and various IP telephony protocols. The dynamic TCP, UDP, or other ports that are opened by the ScreenOS gateway to permit these data or secondary channels are referred to as pinholes, and are active strictly for the duration of activity on the data channel.
Q48.What is the meaning of bastion host?
A bastion host is a specialized computer that is deliberately exposed on a public network. From a secured network perspective, it is the only node exposed to the outside world and is therefore very prone to attack. It is placed outside the firewall in single firewall systems or, if a system has two firewalls, it is often placed between the two firewalls or on the public side of a demilitarized zone (DMZ).
The bastion host processes and filters all incoming traffic and prevents malicious traffic from entering the network, acting much like a gateway. The most common examples of bastion hosts are mail, domain name system, Web and File Transfer Protocol (FTP) servers. Firewalls and routers can also become bastion hosts
Q49.What are types of firewall architecture ?
- Screening Router Architecture
- Dual-Homed Host Architecture
- Screened Host Architecture
- Screened Subnet Architecture
Q50. What are the ASA security Levels?
In ASA security levels are nothing but the interfaces of firewalls. In the ASA firewall, we have 0 -100 security levels. The security level inside is 100 means it is more trusted. The security level on the outside interface is 0 means we can not trust because it is the untrusted mode.
Get Hands-on Experience From Checkpoint Training By Expert Trainers
- Instructor-led Sessions
- Real-life Case Studies
Q51. What is transparent Firewall? Explain the working as well.
Transparent firewalls can act as a layer 2 device. Transparent firewalls can be easily configured on existing networks. In transparent firewall layer 3 traffic, we can easily pass from higher security levels to the lower security levels without any access-list configuration.
Q52. If we have the same security levels on both the side can we connect?
We need to use one command for communication. Same-security-traffic permit inter-interface
Q53. What kind of information does the firewall maintain in Stateful Inspection?
- Stateful Table maintains the following type of information
- Source Ip address
- Destination Ip address
- IP protocol TCP &UDP
- IP protocol information we have which are nothing but TCP/UDP port numbers, TCP sequence number &TCP flags
Q54.Explain the packet flow in ASA?
When we receive a packet at the ingress interface it will check the existing entry in the state table. If it matches then the protocol inspection is going to take place on that packet.
If the packet doesnt match then it means that packet is TCP-SYN packet or UDP packet. Then it will send that packet for ACL check.
If the packet is allowed by ACL then it will be verified by translation rule, then the protocol inspection on the packet.
Ip header is translated through nat translation rule by egress interface.
Once the packet is translated through the egress interface then it will perform route lookup.
If we get the route that specifies the egress interface then the layer-2 header of the packet is re-written and then packet sent out of the egress interface.
Q55. What are the timeouts for TCP sessions, UDP sessions, and ICMP sessions?
- TCP session – 60 minutes
- UDP session- 2minutes
- Icmp session- 2sec
Q56. Which command will we use to check the connection table?
# show conn
Q57. Explain the working of ASA at the time of traceroute?
When ASA gets traceroute command then ASA does not decrease the TTL value because it does not want to give information about the ASA because of security reasons. It will share TTL value without any decrement in the TTL value.
Q58. What is Defense in Depth?
The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.
Q59.What is authentication?
The process of determining the identity of a user that is attempting to access a system.
authentication is a process that can verify pc identity(user name and pass etc).
Q60.What is Least Privilege?
Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach.
Q61.What is Cryptographic Checksum?
A one-way function applied to a file to produce a unique “fingerprint” of the file for later reference. Checksum systems are a primary means of detecting filesystem tampering on Unix.
Q62. Explain You are currently designing your own Desktop Publishing application, as you have not found any that?
You are currently designing your own Desktop Publishing application, as you have not found any that do exactly what you want with existing applications. As part of the design you are using a Controller to which you send all GUI requests. Not all objects can process the same commands. For example you can?t select the spell check tool when an image has the focus. To stop any possible errors you would like to filter out some of the messages as they are passed from these objects to.
Q63. What is DNS spoofing?
Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Q64.What is Log Retention?
How long audit logs are retained and maintained.
Q65. How SIC work? What are the different ports of SIC?
Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between gateways, management servers and other Check Point components. SIC is required to install polices on gateways and to send logs between gateways and management servers.
These security measures make sure of the safety of SIC:
1. Certificates for authentication
2. Standards-based SSL for the creation of the secure channel
3. 3DES for encryption
The Internal Certificate Authority (ICA)
The ICA is created during the Security Management server installation process. The ICA is responsible for issuing certificates for authentication. For example, ICA issues certificates such as SIC certificates for authentication purposes to administrators and VPN certificates to users and gateways.
Initializing the Trust Establishment Process
Communication Initialization establishes a trust between the Security Management server and the Check Point gateways. This trust lets Check Point components communicate securely. Trust can only be established when the gateways and the server have SIC certificates.
66.What is the main different between cpstop/cpstart and fwstop/fwstart?
- Using cpstop and then cpstart will restart all Check Point components, including the SVN foundation.
- Using fwstop and then fwstart will only restart VPN-1/FireWall-1.
Q67.What is the use of partner function in check point and Distribution?
Partner function allows you to identify which functions partner has to be perform in business process. Consider a simplest case, where all the customer functions are performed by partner customer. As these are mandate functions they has to be defined as obligatory functions in SD system.
Q68.What are the different Customer account groups that you can create in check point?
- Domestic customers
- Export Customers
- One Time Customers
Q69.What is a Sales activity? What are different sales activity that you perform in SD?
All Sales activities in check point SD system can be divided into presales and post sales activities. Presales activities are classified as activities which occurs before product is sold to customer and post sales activities are those which occurs after product is sold.
Pre Sales Activities− Inquiry, quotation
Post Sales Activities− Support, Relationship management.
Q70.What is typically the MOST important reason to use risk to drive testing efforts?
Because testing everything is not feasible.
Q71. Which of the following are valid objectives for incident reports?
Provide developers and other parties with feedback about the problem to enable identification, isolation, and correction as necessary.
Provide ideas for test process improvement.
Provide a vehicle for assessing tester competence.
Provide testers with a means of tracking the quality of the system under test.
Q72. Consider the following techniques. Which are static and which are dynamic techniques?
- Equivalence Partitioning.
- Use Case Testing.
- Data Flow Analysis.
- Exploratory Testing.
- Decision Testing.
Q73. Why are static testing and dynamic testing described as complementary?
Because they share the aim of identifying defects but differ in the types of defect they find.
Q74. What are the phases of a formal review?
In contrast to informal reviews, formal reviews follow a formal process. A typical formal review process consists of six main steps:
Q75.What is the use of Sales support in check point SD module?
Sales support is one of the key component in Sales and Distribution SD module. It is also called computer Aided Selling SD-CAS.
This module helps organizations to create new sales, tracking of existing sales, and performance and eventually help in improving marketing and sales in an organization.
SAP SD Sales support module provides an option of creating email list for the customer and directly sending mails for new leads.
Q76.What do you understand by Sales Order processing?
Sales order processing describes a function related to whole sale part of an organizational business. Common functions under sales order processing −
Availability of the articles purchased
Checking for incomplete data
Checking the status of the sales transaction
Calculation of pricing and taxes
Schedule the deliveries of goods
Printing of documents or e-transfer of documents
Q77.What is the structure of Sales Order incheck point? How can you create, edit or display an existing sales order?
Structure of a Sales Order −
An inquiry from a customer consists one or more items that contains the quantity of a material or service entered in the order.
The quantity in a Sales order is further divided into business lines and comprise of various subsets and delivering dates.
Items in Sales order are combined in a hierarchy and allows to differentiate between batches or to use combinations of materials.
All the valid conditions on the items are mentioned in item conditions. These conditions for an item can be derived via a full condition and can be valid for entire sales order.
You can divide an item to multiple billing plan deadlines and each tells the time when a fixed amount of the item is to be billed.
VA02 − Edit a Sales Order
VA03 − Display a Sales Order
T-Code − VA01 Create a Sales Order
Q78. What is an inquiry under presales activity? How to create a new inquiry?
An Inquiry is not a legal document and is used to record the information about delivery or services from customers. The information that is captured using an inquiry is related to materials and quality of goods.
Menu Path − Logistics → Sales and Distribution → Sales → Inquiry → Create
T-Code − VA11.
Q79. What is an equivalence partition (also known as an equivalence class)?
An input or output ranges of values such that only one value in the range becomes a test case.
Q80. When should “Regression Testing”be performed?
After the software has changed or when the environment has changed Regression testing should be performed.
Q81.What is negative and positive testing?
A negative test is when you put in an invalid input and receives errors. While positive testing is when you put in a valid input and expect some action to be completed in accordance with the specification.
Q82. What is the purpose of a test completion criterion?
The purpose of test completion criterion is to determine when to stop testing
Q83. What can static analysis NOT find?
For example memory leaks.
Q84. What is the difference between re-testing and regression testing?
Re-testing ensures the original fault has been removed; regression testing looks for unexpected side effects.
Q85. What is the role of moderator in the review process?
The moderator (or review leader) leads the review process. He or she determines, in co-operation with the author, the type of review, approach and the composition of the review team. The moderator performs the entry check and the follow-up on the rework, in order to control the quality of the input and output of the review process. The moderator also schedules the meeting, disseminates documents before the meeting, coaches other team members, paces the meeting, leads possible discussions and stores the data that is collected.
Q86. Who is responsible for document all the issues, problems and open point that were identified during the review meeting?