In this blog, we have combined the top-most important Check Point Interview Questions with answers for you. These questions have been put together from basic to advanced levels firewall. This way, it will be easy for you to grasp the concepts.
Let’s begin with the questions without further a do.
What is Check Point?
Check Point is the world-class leader in providing combined hardware and software products for IT security. It includes network security, cloud security, endpoint security data security and security management. You can land a number of security jobs with Check Point firewall. These include:
- Network Security Engineer
- System Engineer
- System Administrator
- Security Analyst
- Network Security Operations Engineer
- Network Security Specialist
- Network Security Administrator
- Technical Specialist
1. What is the 3-tier architecture of Check Point firewall?
The three-tier architecture tells us how checkpoint components are interrelated and how these components work together. Each component plays its own defined set of tasks.
The three components of the Check Point firewall are:
- Smart Center Server
- Security Gateway
- Smart Console
These components play various roles that can be placed together or independently.
The following are the roles and features of the Security Management Server:
- The Smart Center Server stores policies.
- It distributes policies to gateways or multiple gateways.
- It acts like a Log Server.
- It stores users, groups and permission database.
- It can be installed on Windows, Linux and GAiA OS.
- It maintains and stores the NGX databases.
- Certificates can be created for users and administrators for authentication purposes.
- It stores network-object definitions, user definitions, security policies and log files for firewalled gateways.
The following are the roles and features of the Security Gateway:
- NGX Security Gateway checks out for all inbound and outbound packets on a gateway.
- Packets are only processed by a higher protocol-stack layer when the security gateway verifies the packets according to the security policy.
- It is responsible to protect the network.
- Firewall is based on stateful inspection.
- Security Gateway Role can be installed on Windows, Linux and GAiA OS.
- NGX saves system resources and processing time.
- It saves time by processing packets in an operating system’s kernel.
The following are the roles and features of the Smart Console:
- Smart Console is a GUI package.
- It comes in .exe format.
- It can be installed on Windows. It is not for GAiA OS.
- It is available for clients in GUI packages such as Smart Dashboard, SmartView Tracker, SmartView Monitor, and Smart Update.
2. What are the main components of the Check Point solution?
The following are the components of the Check Point solution:
- Internal and External Networks
- Security Gateway
- Security Dashboard
- Security Management Server
- Internal Network
3. What is anti-spoofing?
Anti-spoofing is an important feature of the Check Point firewall. It protects the users from the attackers who generate IP Packet with a fake or spoof source address. It tells whether the traffic is legal or not. If the traffic is not legal the firewall blocks that traffic at the interface of the firewall.
4. What is the difference between Stand-alone Deployment and Distributed Deployment.
Check Point firewall can be deployed as a standalone system or a distributed system. The difference between the two is as follows:
Both Security Management Server and Security Gateway are installed on the same platform.
Each component is installed on a separate platform.
Degree of recommendation
Check Point does not recommend this deployment, except for small businesses.
Check Point highly recommends such deployments.
Each stand-alone server node is set up through Profile Management Tool or zpmt command. Additional servers are added through the administrative console or scripting.
Each deployment management node is set up through Profile Management tool or zpmt command. Additional servers are added through Profile Management Tool or the zpmt command.
Each standalone server node is a separate administrative domain.
All nodes in the cell are in the same administrative domain.
Multiple servants with application servers
It is not available
It is available
You can start and stop servers independently. Each server has an independent, unshared Java Naming and Directory Interface (JNDI) namespace.
You can start and stop servers independently. The Java Naming and Directory Interface (JNDI) is shared among all servers in the cell.
5. What is Stealth Rule in Check Point firewall?
Stealth Rule protects Check Point firewall from any direct access traffic. Its rule should be placed on the top of the Security rule base. The administrator denies all the traffic to access the Check Point firewall.
6. What is the Cleanup rule in the Check Point firewall?
The cleanup rule is the last of all the security rules. It is used to drop all traffic that does not match with above rule and logged. This rule is mainly created for log purposes. The administrator denies all the traffic and enables log in this log.
Check Point Interview Questions and Answers for Experienced:
7. What is VPN?
Most of the Internet traffic does not include encryption. An attacker can break in and change data as it flows over a network. Here comes the role of the Virtual Private Networks (VPNs). The role of the VPNs is as follows:
- VPNs provide a private, encrypted connection between two points.
- They do not state those two points.
- They mask your device’s IP address.
VPN can be used for the following purposes:
- Site-to-Site VPN:
This type of VPN allows secure communication between two geographically different sites. For example, Intranet-based site-to-site, and multiple connected LANs that make a WAN.
- Remote Access VPN:
This type of VPN connects remote users to a corporate network securely. For example, a large company with hundreds of salespersons in the field need a Remote Access VPN.
- Cloud VPN (VPN-as-a-Service):
This type of VPN is hosted on a cloud-based infrastructure. This cloud infrastructure allows the packets from the client to enter the Internet rather than using the client’s local address. For example, a secure VPN for WFH (work from home) environments.
8. What is the difference between ESP and AH IPSec Protocol?
Authentication Header (AH) Protocol
Encapsulating Security Payload (ESP) Protocol
AH provides confidentiality, authenticity and integrity.
It also provides integrity protection except for the outermost IP header.
It authenticates the outer IP header and the IP packet as a whole.
It authenticates only the IP datagram portion of the IP packet.
It does not provide encryption options.
It provides an encryption option.
AH is faster than ESP as it does not perform encryption.
ESP is slower than AH.
It will not work through a NATed network as it hashes both the payload and header of a packet.
It uses a hash algorithm for data integrity. It works normally through a NATed device.
It provides a mechanism for Sender Data Origin Authentication. It can’t provide data Confidentiality/Encryption.
It provides Data Authentication and Data Privacy/Encryption. It ensures both confidentiality and integrity for Packet Payload.
9. What is Asymmetric Encryption?
Asymmetric encryption, which is also known as public-key cryptography is a process that makes use of a pair of related keys -a public key and a private key. It uses these keys to encrypt and decrypt a message and protect it from unauthorized access or use.
There are two types of keys in asymmetric encryption. These are:
- Public keys:
The public key can be exchanged securely with communication partners. It is used to encrypt data.
- Private keys:
The private key must be confidential. It is used to decrypt data.
10. What is NAT?
- NAT stands for Network Address Translation.
- NAT is a Firewall Software Blade’s feature.
- It provides greater security by replacing/translating IPv4 and IPv6 addresses.
- It hides internal IP addresses from the Internet to protect the identity of a network.
- A firewall can change both the source and destination IP addresses of a packet.
- Firewall translates the new IP addresses back to the original IP addresses as packets return from the external computer.
11. What types of connections does a firewall allow on the perimeter?
The following are the types of connections that a firewall allows on the perimeter:
- Particular external connections
- Outgoing connections to the Internet
- Connections to DNS Server
- Connections from the Internal networks to the external network
- Outgoing connections to the Internet
12. What is the Security Zone?
- Security Zone helps you to create a strong Access Control Policy that controls the traffic between parts of the network.
- It represents a part of the network. For example, the internal network or external network.
- Different security zones are used by networks to protect resources and stop malware on networks.
- The following are the pre-defined security zones:
- Wireless Zone: The network is accessible through wireless connections by users and applications.
- External Zone: Unsecured networks. For example, the Internet and external networks.
- DMZ Zone: Demilitarized Zones (DMZ) are also called perimeter networks. It contains servers accessible from insecure sources (Internet/ external sources).
- Internal Zone: The sensitive data that needs protection and is accessed only by authenticated users.