Back in March, I did Palo Alto’s PCNSA exam. Since then I’ve been working with Check Point firewalls, so I decided to do their CCSA exam (for R81.20).
Normally, I would start by looking at the exam objectives. However, in this case I can’t, because they’re behind a paywall! The nearest thing that’s publicly available is the course overview. This is unusual: I haven’t seen any other exams that do this. It’s also notable that Palo Alto give out a free study guide (pdf), whereas Check Point ask you to pay $3250 for their course; I’m not sure whether that includes the exam itself ($250). However, you can book the exam without doing their course, and that’s what I did.
As with any certification, it’s worth asking a couple of questions:
- If I’m applying for jobs, will this certification give me an advantage?
- If I’m recruiting for a job, should I favour people with this certification?
In other words, what does this certification actually measure? What does it tell you about the person who has it? In brief, I’d say that a lot of the questions will be very easy if you have hands-on experience, and very difficult if you’ve just seen someone else do it in a video.
I can’t discuss specific exam questions because of the Non-Disclosure Agreement (NDA), so I’ll use London Underground (aka the Tube) as an analogy. If you’ve lived or worked in central London for a while, you’ll probably be familiar with the tube map, e.g. you’ll know that the Central line is red and the Circle line is yellow. That isn’t something you’d specifically sit down and memorise, but you’ll pick it up by repeated exposure. So, if I asked you which line is green on the map, that should be pretty easy.
On the other hand, suppose that I asked you what time the last train runs each night (from a station that you use regularly). Some people will know the answer by heart, because they often end up running for that train. Other people might be in bed by 10pm every night, so they’ve never needed to know.
Coming back to Check Point, there are some situations which will come up on a daily basis, and other situations which are less common. So, you might need to go out of your way to practice those scenarios, e.g. in a lab environment.
Now that I’ve got the CCSA, I’m going to start studying for the Check Point Certified Security Expert (CCSE). This includes some additional topics, such as High Availability (ClusterXL).
NB You need to be CCSA certified before you can get the CCSE. (Cisco used to have a similar policy, e.g. you needed CCNA before CCNP, but they’ve relaxed that now to just say that you need equivalent knowledge.) I think the CCSE will be more useful, but the CCSA is a necessary step along the way.Continue reading “Check Point Certified Security Administrator (CCSA)”