Security Expert (CCSE R82)

This course provides students with the advanced knowledge, skills, and hands-on experience needed to deploy, manage, and monitor existing Quantum Security Environments. Students will learn how to deploy Management High Availability, provide advanced policy management, configure Site-to-Site VPN, provide advanced security monitoring, upgrade a Security Gateway, use Central Deployment tool to install hotfixes, perform an import of a Primary Security Management Server, and Deploy ElasticXL Cluster. 


Target Audience

  • Security Engineers
  • Security Analysts
  • Security Consultants
  • Security Architects 


Prerequisites

Base Knowledge

  • Unix-like and/or Windows OS
  • Internet Fundamentals
  • Networking Fundamentals
  • Networking Security
  • System Administration
  • TCP/IP Networking
  • Text Editors in Unix-like OS
  • Minimum of 6-months of practical experience with the management of a Quantum Security Environment.

Check Point Courses

  • Check Point Certified Security Administrator (required)
  • Check Point Deployment Administrator (suggested)


Duration

3 days


Certification

Exam: 156-315.82

Pokaz szczególy


Agenda

Module 1: Management High Availability

  • Explain the purpose of Management High Availability.
  • Identify the essential elements of Management High Availability.

Lab Tasks

  • Deploy and configure Management High Availability
  • Ensure the failover process functions as expected


Module 2: Advanced Policy Management

  • Identify ways to enhance the Security Policy with more object types.
  • Create dynamic objects to make policy updatable from the Gateway.
  • Manually define NAT rules.
  • Configure Security Management behind NAT.

Lab Tasks

  • Use Updatable Objects
  • Configure Network Address Translation for server and network objects
  • Configure Management behind NAT for Branch Office connections


Module 3: Site-to-Site VPN

  • Discuss site-to-site VPN basics, deployment, and communities.
  • Describe how to analyze and interpret VPN tunnel traffic.
  • Articulate how pre-shared keys and certificates can be configured to authenticate with third-party and externally managed VPN Gateways.
  • Explain Link Selection and ISP Redundancy options.
  • Explain tunnel management features.

Lab Task

  • Configure Site-to-Site VPN with internally managed Security Gateways


Module 4: Advanced Security Monitoring

  • Describe the SmartEvent and Compliance Blade solutions, including their purpose and use.

Lab Tasks

  • Configure a SmartEvent Server to monitor relevant patterns and events
  • Demonstrate how to configure Events and Alerts in SmartEvent
  • Demonstrate how to run specific SmartEvent reports
  • Activate the Compliance Blade
  • Demonstrate Security Best Practice settings and alerts
  • Demonstrate Regulatory Requirements Compliance Scores


Module 5: Upgrades

  • Identify supported upgrade options.

Lab Task

  • Upgrade a Security Gateway
  • Use Central Deployment tool to install Hotfixes


Module 6: Advanced Upgrades and Migrations

  • Export/import a Management Database.
  • Upgrade a Security Management Server by freshly deploying the new release or using a new appliance.

Lab Task

  • Prepare to perform an Advanced Upgrade with Database Migration on the Primary Security Management Server in a distributed environment
  • Perform an import of a Primary Security Management Server in a distributed Check Point environment


Module 7: ElasticXL Cluster

  • Describe the ElasticXL Cluster solution, including its purpose and use.

Lab Tasks

  • Deploy an ElasticXL Security Gateway Cluster