網絡保安的超級專家
Check Point CCSE Plus
在過往曾經為大家介紹過 Check Point Certified Security Administrator (CCSA) 和 Check Point Certified Security Expert (CCSE) 認證。各位朋友可能以為CCSE已經是最高級證書,但天外有天,其實在 Check Point 認證系列中還有一張名叫 CCSE Plus 的專業保安認證,大家又知不知呢?
| |
CCSE Plus 證書主要讓從事網絡保安的朋友能對 Check Point FireWall-1 有更深層的認識,要求的專業知識和技術比 CCSE 還要高很多。CCSE Plus的主要職責是設計及規劃整個網絡保安系統,負責 Check Point FireWall-1 的安裝及設定、範圍涉及懂得安裝 LDAP Server,CVP Server 然後將它們連結在 Check Point VPN-1/FireWall-1 系統上、對各種加密技術有深入的認識及能夠將它們混合使用、還有利用 ClusterXL 技術建立 Multiple Entry Point (MPE) 和 Single Entry Point (SEP) 的虛擬私人網絡 (VPN)、當然不能夠少知識的是運用Load-balancing技術在網絡閘口上建立多個 Check Point FireWall-1 來護內部網絡及執行公司所制的保安策略 (Security Policy)。
CCSE Plus 是不能夠直接考取,最基本的要求是你必須擁有 CCSA 和 CCSE 證書,然後才可參加考試,你可以在任何一間 VUE 考試中心或上 vue.com 登記考試,CCSE Plus 的考試以多項選擇為主,整個考試全長兩小時,在這段時間內必須完成 100 條試題,合格分數為70分,合格後便可以獲得由 Check Point 頒發證書。如果已經考取了 CCSE,而你想成為網絡保安專家中的專家,就快些試一試考取 CCSE Plus 這張超級證書。
大家可以到以下網址看看更多有關 CCSE Plus 的資料
http://www.checkpoint.com/services/education/certification/certifications/ccse_plus.html 以下有一些 CCSE Plus 的模擬試題,看看各位從事網絡保安或對Check Point FireWall-1有經驗的朋有又知道幾多? 1. Router are:
a. Another name for network interface card
b. Not used on modem networks
c. Layer 3 switching nodes
d. Network traffic hubs
e. Layer 2 switching nodes
2. A(n) ____________ is a globally unique name for an entry in a LDAP directory structure.
a. CN – Common Name
b. DCN – Distinguished Common Name
c. RDN – Relative Distinguished Name
d. DN – Distinguished Name
e. O – Organization
3. In Check Point’s VPN-1/FireWall-1 NG, where do you modify LDAP User Accounts?
a. Policy Editor GUI
b. Real Time Monitor
c. Log Viewer
d. FireWall-1 Manager
e. Enforcement Module
4. A _______ rule is designed as a catchall to eliminate all traffic unless specifically allowed.
a. Clean-Up
b. Reject
c. Drop
d. Stealth
e. All of the above.
5. When describing encryption domains, a Full Overlap implies that:
a. Gateway encryption domains are identical
b. Gateway encryption domains share one or more hosts, but each has at least one host that is NOT shared
c. One gateway encryption domain is fully contained within another gateway encryption domain
d. Tow or more gateway encryption domains are fully contained within another gateway encryption domain
e. Gateway encryption domains share the same firewall
6. Which product is used for content security to prevent end users’ access to specific URL’s?
a. UFP Server
b. CVP Server
c. FloodGate-1
d. Meta IP
e. LDAP Server
7. In a SEP High Availability configuration, which of the following will be true?
a. The internal state tables on two or more gateways are synchronized
b. If one gateway goes down, a second gateway takes over the failed gateway’s connection
c. You define synchronized gateways as members of a gateway cluster object
d. A and B only
e. A, B and C
8. Secure Internal Communication for Check Point SVN components uses:
a. Certificates for authentication
b. Standards-based SSL for encryption
c. Certificates for encryption
d. A and B only
e. B and C only
Answer:
1. C
2. D
3. A
4. A
5. A
6. A
7. E
8. D
| 
MCP
