CCSA questions

JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
I'm thinking of taking the CCSA exam.. it's not that I need it or anything it's just that I believe I could learn a lot from the material and be better at my job. We have a Check Point firewall at work and I've been using it regularly for the past 6 months.

Do I have to attend a training class to be able to pass the exam (like what VMware does)? or I can just read a book and practice on my own?

What is the best study material for this exam?

How much does the exam cost?


  • mrkdiskmrkdisk Member Posts: 18 ■■■□□□□□□□
    I used to be certified in Checkpoint. I'm thinking of revisiting it after the CISSP but not sure. The last time I checked the exam was about $200 US. Years. There are many different versions of the CCSA now, if not mistaken most people are recommending the R76 exam. I took a week long course at Verisign which included books. I'm probably going to look for some Checkpoint books and do CBTNuggets.
  • netstatnetstat Member Posts: 65 ■■□□□□□□□□
    Exam costs around Euro85 in Europe. You can grab the books and study however material is expensive when new. I recommend searching for second hand material.

    I have done the R75 CCSA and CCSE over the past year and a half. The R76 is just out and there are some changes in the R75 exam as is based on SPLAT while the R76 is based on GAiA. I haven't worked with GAiA yet but from what i saw it seems to be a Cisco CLI clone so this makes things somethat easier if you are cisco familiar. SPLAT is based on redhat. Check Point offer some mock tests on their websites too.

    As a side note, I would also say that the official books are not very useful unfortuntely though. I guess if you download all the blade manuals from their website and study them you will pass. There is a lot of material but either away you have to read those manuals and run some labs.
  • atechatech Member Posts: 17 ■□□□□□□□□□
    i'm currently studying for the R76 CCSA exam. You can self study (personally i find this much better) and then pay the exam fee via Pearson Vue to sit the exam! Exam cost for me is AU$225 but if you're in the US or EU it will almost certainly be cheaper!

    GAiA = RHEL 6 - now you can take advantage of the 2.6 kernal :)
    SPLAT =RHEL 2 or 3?
    IPSO = BSD

    Below is the list of study material that I'm using:

    • R76 Security Administration - Student Manual
    • R76 Security Administration - Lab Manual
    • CBT Nuggets CCSA Gaia 156-215.76 Videos - excellent!
    • Check Point Security Administration - Study Guide - 2013 Edition

    Lab setup:
    Although I had initially intended to use XenServer 6.2 and XenCenter, it has been initially scrapped as it just didnt play nicely with the Realtek 8111E onboard NIC. XS installs but the networking on it is horrid for this board that I have… I’ve chosen to download and install VMWare ESXi 5.1 U1 as it has much better support for my hardware and so far I havent run into any trouble. With all that said here is the hardware list:

    Physical ESXi Host: ~$800 but can be reused for a gaming machine or anything else really!

    • MB: Asrock 970 Extreme 4 - Supports AMD-V (AMD’s equivilent of VT-x)
    • CPU: AMD FX(tm)-4300 Quad-Core Processor - this lab isnt CPU intensive, so something basic
    • RAM: 16GB generic
    • PSU: Corsair 860 Plat
    • GFX: Old AMD 3450 as MB doesnt have onboard
    • Drives: 1xSeagate Constellation 1tb - enterprise class drive. This will have ESXi installed on it and will also be used as the main Datastore. If I find a SSD in the future I may add it in to speed things up.
    • OS: ESXi 5.1
    I’ll be using my current media server (HP N54L) to access the ESXi host with the vSphere client.

    Virtual Hosts:
    2 x R76 Gaia Gateway Firewalls. Each has 3 interfaces (see topology below)
    1 x R76 Gaia Management Server. 1 interface
    2 x Windows 7 “HQ” and “Branch” VM’s. 1 Interface each
    2 x W2K8 R2 “DMZ” servers. 1 interface each

    Anyway, bit of a rant but I hope this helps! Good Luck!

  • sojournsojourn Member Posts: 61 ■■□□□□□□□□
    What have you been doing on the firewall? Sometimes you learn more by doing than by reading about it. The issue is that you learn real-world problems rather than what Check Point put into their exams.

    The Check Point Administration Manual for whichever version you are running is a good source of information.

    Don't buy the course books, they are horrendously expensive, Check Point are genuinely ripping everyone off who purchases them. They are also insufficient for passing the exam if used as the only piece of material. $600 for a glorified admin manual is ridiculous.

    It sounds like the CBT Nuggets are definitely worth a look, their stuff is always pretty good!

    In my ~5 years of CP experience, Check Point software is generally buggy enough to keep you on your toes. A way to learn is to upgrade to latest releases when they come out to resolve an existing bug, and then deal with the bugs that come out of them. For example, on R76 I learnt a lot more about "routed" issues than I would've liked, and now on R77.10, to resolve the "routed" problems, I have unwittingly become an expert in how poorly Check Point handles NAT when associated with DHCP Relay. So, if they have a spare firewall around, see if you can lab that up and play with it.
Sign In or Register to comment.