In this blog, we have combined the top-most important Check Point Interview Questions with answers for you. These questions have been put together from basic to advanced levels firewall. This way, it will be easy for you to grasp the concepts.
Let’s begin with the questions without further a do.
What is Check Point?
Check Point is the world-class leader in providing combined hardware and software products for IT security. It includes network security, cloud security, endpoint security data security and security management. You can land a number of security jobs with Check Point firewall. These include:
The three-tier architecture tells us how checkpoint components are interrelated and how these components work together. Each component plays its own defined set of tasks.
The three components of the Check Point firewall are:
These components play various roles that can be placed together or independently.
The following are the roles and features of the Security Management Server:
The following are the roles and features of the Security Gateway:
The following are the roles and features of the Smart Console:
The following are the components of the Check Point solution:
Anti-spoofing is an important feature of the Check Point firewall. It protects the users from the attackers who generate IP Packet with a fake or spoof source address. It tells whether the traffic is legal or not. If the traffic is not legal the firewall blocks that traffic at the interface of the firewall.
Check Point firewall can be deployed as a standalone system or a distributed system. The difference between the two is as follows:
Stand-alone Deployment | Distributed Deployment | |
Installation location | Both Security Management Server and Security Gateway are installed on the same platform. | Each component is installed on a separate platform. |
Degree of recommendation | Check Point does not recommend this deployment, except for small businesses. | Check Point highly recommends such deployments. |
Configuration | Each stand-alone server node is set up through Profile Management Tool or zpmt command. Additional servers are added through the administrative console or scripting. | Each deployment management node is set up through Profile Management tool or zpmt command. Additional servers are added through Profile Management Tool or the zpmt command. |
Administrative isolation | Each standalone server node is a separate administrative domain. | All nodes in the cell are in the same administrative domain. |
Multiple servants with application servers | Yes | Yes |
Clustering | It is not available | It is available |
Operational isolation | You can start and stop servers independently. Each server has an independent, unshared Java Naming and Directory Interface (JNDI) namespace. | You can start and stop servers independently. The Java Naming and Directory Interface (JNDI) is shared among all servers in the cell. |
Stealth Rule protects Check Point firewall from any direct access traffic. Its rule should be placed on the top of the Security rule base. The administrator denies all the traffic to access the Check Point firewall.
The cleanup rule is the last of all the security rules. It is used to drop all traffic that does not match with above rule and logged. This rule is mainly created for log purposes. The administrator denies all the traffic and enables log in this log.
Most of the Internet traffic does not include encryption. An attacker can break in and change data as it flows over a network. Here comes the role of the Virtual Private Networks (VPNs). The role of the VPNs is as follows:
VPN can be used for the following purposes:
This type of VPN allows secure communication between two geographically different sites. For example, Intranet-based site-to-site, and multiple connected LANs that make a WAN.
This type of VPN connects remote users to a corporate network securely. For example, a large company with hundreds of salespersons in the field need a Remote Access VPN.
This type of VPN is hosted on a cloud-based infrastructure. This cloud infrastructure allows the packets from the client to enter the Internet rather than using the client’s local address. For example, a secure VPN for WFH (work from home) environments.
Authentication Header (AH) Protocol | Encapsulating Security Payload (ESP) Protocol |
AH provides confidentiality, authenticity and integrity. | It also provides integrity protection except for the outermost IP header. |
It authenticates the outer IP header and the IP packet as a whole. | It authenticates only the IP datagram portion of the IP packet. |
It does not provide encryption options. | It provides an encryption option. |
AH is faster than ESP as it does not perform encryption. | ESP is slower than AH. |
It will not work through a NATed network as it hashes both the payload and header of a packet. | It uses a hash algorithm for data integrity. It works normally through a NATed device. |
It provides a mechanism for Sender Data Origin Authentication. It can’t provide data Confidentiality/Encryption. | It provides Data Authentication and Data Privacy/Encryption. It ensures both confidentiality and integrity for Packet Payload. |
Asymmetric encryption, which is also known as public-key cryptography is a process that makes use of a pair of related keys -a public key and a private key. It uses these keys to encrypt and decrypt a message and protect it from unauthorized access or use.
There are two types of keys in asymmetric encryption. These are:
The public key can be exchanged securely with communication partners. It is used to encrypt data.
The private key must be confidential. It is used to decrypt data.
The following are the types of connections that a firewall allows on the perimeter: