Checkpoint Interview Questions

To view the live version of the

page, click here.

© Copyright by Interviewbit
Contents

Checkpoint Interview Questions for Freshers

1.   Write the main components of the Checkpoint solution.
2.   What is the 3-tier architecture component of Checkpoint Firewall?
3.   State differences between Stand-alone Deployment and Distributed Deployment.
4.   What are different types of Checkpoints?
5.   What do you mean by Checkpoint SecureXL, ClusterXL and CoreXL?
6.   What is Checkpoint IPS (Intrusion Prevention System)?
7.   What do you mean by Checkpoint so ware blades?
8.   Explain the usage of SmartLog and SmartEvent So ware Blade.
9.   State difference between SPLAT and GAIA.
10.   What is the Checkpoint Firewall rule base?
11.   How do you manage the Firewall Rule Base?
12.   What is Order of Rule Enforcement in Rule Base?
13.   Explain the Stealth rule and Cleanup rule in Checkpoint firewall.
14.   What are the explicit and implied rules in Checkpoint Firewall?
15.   What is SIC (Secure Internal Communication)?

Checkpoint Interview Questions for Experienced

16.   Explain VPN (Virtual Private Network).
17.   Explain IKE and IPSec.
18.   State difference between ESP and AH IPSec Protocol.

Page 1 © Copyright by Interviewbit

 Checkpoint Interview Questions

Checkpoint Interview Questions for

Experienced (.....Continued)

19.   How do you prevent IP Spoofing?

20.   Can you explain what is anti-spoofing in Checkpoint?
21.   What do you mean by Asymmetric Encryption?
22.   Explain Security Zone.
23.   What is the Demilitarized Zone (DMZ)?
24.   What do you mean by perimeter? What kind of connections does the firewall
permit on the perimeter?
25.   Explain NAT (Network Address Translation).
26.   What do you mean by Source NAT, Hide NAT, and Destination NAT?
27.   State difference between Automatic NAT and Manual NAT.
28.   Explain the functions of CPD, FWM, and FWD processes.
29.   Explain Checkpoint DLP (Data Loss Prevention).
30.   What is Granular Routing Control?
31.   In what way are Cpstop/cpstart and Fwstop/fwstart different?

Page 2 © Copyright by Interviewbit

Let's get Started
Checkpoint is a world-renowned leader in security solutions that offers top-of-the-
line cybersecurity solutions to corporations and governments worldwide. Several
corporations use it for internal network security, cloud security, endpoint security,
data security, etc. You can use it to protect your system against cyberattacks such as
ransomware, malware, and other threats. Following the influx of recent cyberattacks,
organizations are implementing prevention strategies for cybersecurity, which
accounts for the high demand for Check Point's security solutions. Therefore, a wide
array of CheckPoint positions are available in the market, including Network
Security Engineer,  System Engineer, System Administrator, Security Analyst, IT
Analyst, Network Security Administrator, Network Security Specialist, Technical
Specialist, etc.

Page 3 © Copyright by Interviewbit

 Checkpoint Interview Questions

Are you preparing for a CheckPoint job now? If so, you've come to the right place. Our
team at InterviewBit has compiled a list of 30+ Checkpoint interview questions and
answers that will help you prepare for your next Checkpoint interview.
Before we get started, let's take a closer look at Checkpoint.

What is Checkpoint Firewall? 

CheckPoint Firewall is a leading provider of Cyber Security solutions worldwide to

companies and governments. It provides the best protection against cyberattacks,
including ransomware, malware, and other types of threats. The device enables
multiple networks to communicate with one another in accordance with defined
security policies. It is a barrier that sits between private internal networks and the
public Internet. Checkpoint offers an architecture that secures all networks and
clouds against any targeted attack. 
With Check Point Firewall, you can enjoy next-generation firewall (NGF) functionality
that includes:
Mobile device and VPN (Virtual Private Network) connectivity
Identification and computer awareness
Providing internet access and filtering
Monitoring and controlling an application
Security threats and intrusion prevention
Security measures to prevent data loss
Check Point has cemented its position as a leader in the next-generation firewall
space through a broad range of on-premises and virtual products, targeting small
and midsize businesses as well as large corporations and telecom carriers. There are
over one million companies protected by Checkpoint around the world.

Checkpoint Interview Questions for Freshers

1.   Write the main components of the Checkpoint solution.
The Checkpoint solution has the following main components:

Page 4 © Copyright by Interviewbit

 Checkpoint Interview Questions

Item Description

1 Internal and External Networks

2 Security Gateway

3 SecurityDashboard

4 Security Management Server

5 Internal Network

2.   What is the 3-tier architecture component of Checkpoint

Firewall?
Checkpoint components are based on a 3-tier technology architecture as follows:

Page 5 © Copyright by Interviewbit

 Checkpoint Interview Questions

Security Gateway (FW): A device that acts as a cyberbarrier, preventing the

entry of unauthorized traffic into an organization's network. It enforces an
organization's security policy, functions as an entry point for a LAN (Local area
network), and is managed by the Security Management Server.
Security Dashboard: This is a Smart Console GUI (Graphical User Interface)
application that system administrators can use to create and manage security
policies.
Security Management Server (SMS):  The server that system administrators use
to manage security policies. The security management system stores databases,
security policies, and event logs of the organization. This component stores,
manages and distributes security policies to Security Gateways.

3.   State differences between Stand-alone Deployment and

Distributed Deployment.
You can deploy CheckPoint firewalls as a standalone system or as a distributed
system. Here's how they differ:-
Stand-alone deployment:

Page 6 © Copyright by Interviewbit

 Checkpoint Interview Questions

As part of a stand-alone deployment, both Security Management Server and Security

Gateway are installed on the same platform. In this scenario, Smart Console will be
installed or deployed on a separate platform with access to the Security Management
Server for creating policies and pushing them to the Security Gateway. Check Point
does not recommend this deployment, except for small businesses, because it
defeats the whole purpose of their three-tiered architecture.
Distributed deployment:

Distributed deployments are most commonly known as Three-Tier architectures,

where each component is installed on a separate platform, and such deployments
are highly recommended by Check Point. The Smart Console is generally installed on
Windows so that it can be used easily. Depending on the requirements, Security
Management Server can be installed on Windows, Linux, or FreeBSD. 

4.   What are different types of Checkpoints?

The following are some types of Checkpoints:

Page 7 © Copyright by Interviewbit

 Checkpoint Interview Questions

Standard Checkpoint: This verifies a property value of an object in an

application under test. All add-in environments support it.
Bitmap Checkpoint: It can be used to check a bitmap of an image or the entire
web page. Actual and expected images are compared pixel by pixel.
Image Checkpoint: It is used to check the properties of a web image such as the
source file location. Image Checkpoint does not check pixels as Bitmap
Checkpoint does.
Table Checkpoint: This allows you to dynamically check the contents of cells
within a table (grid) that is displayed in your environment. Various table
properties, such as row height and cell width, can also be checked. 
Text Checkpoint: This is used to check expected text in web pages and
applications. It could be a small portion of text displayed or a specific
area/region of the application.

5.   What do you mean by Checkpoint SecureXL, ClusterXL and

CoreXL?

Page 8 © Copyright by Interviewbit

 Checkpoint Interview Questions

SecureXL (Secure acceleration): With SecureXL, you can maximize the

performance of the Firewall without compromising security. Using SecureXL on
a Security Gateway, several CPU-intensive operations can be processed or
handled by virtualized so ware rather than the firewall kernel. In this manner,
the Firewall can better inspect and process connections more efficiently, as well
as accelerate the throughput and connection rate.
ClusterXL (Smart load balancing): ClusterXL involves a set (cluster) of identical
Check Point Security Gateways which can be connected in a way that if one
(Security Gateway) fails, another replaces it immediately. ClusterXL maintains
business continuity through high availability and load sharing. Whenever the
gateway or network goes down, the connection is seamlessly redirected to the
backups, which ensures business continuity. ClusterXL distributes traffic among
clusters of redundant gateways, thereby combining the processing power of
multiple machines to increase overall performance or throughput.
CoreXL (Multicore acceleration): When CoreXL is enabled on a Security
Gateway, the Firewall kernel is replicated multiple times and each replica
(instance) runs on a single processor core. All instances are complete firewall
kernels that handle and inspect traffic concurrently, thereby enhancing security
gateway performance. Each Firewall instance processes traffic through the same
interfaces and applies the same gateway security policies. High security and high
performance are achieved simultaneously with CoreXL.

6.   What is Checkpoint IPS (Intrusion Prevention System)?

An IPS (Intrusion Prevention System), also referred to as IDPS (Intrusion Detection
Prevention System), usually monitors a network in order to detect malicious
activities that attempt to exploit a known vulnerability. 

Page 9 © Copyright by Interviewbit

 Checkpoint Interview Questions

These technologies can help detect or prevent network security threats like Denial of
Service (DoS) attacks, brute force attacks, etc. A vulnerability can be viewed as a
weakness in a so ware system and an exploit can be referred to as an attack that
makes use of that weakness to gain control of the so ware system. It is common for
attackers to take advantage of newly disclosed exploits for a short period of time
before the security patch is applied. These attacks can be quickly blocked using an
Intrusion Prevention System.

7.   What do you mean by Checkpoint so ware blades?

It can be defined as an independent, modular, and centrally managed security
building block, which allows an organization to customize a security configuration
tailored to their needs in terms of protection and investment.  It is easy to enable and
configure So ware Blades on any gateway or management system simply by clicking
a mouse button - no additional hardware, firmware, or driver upgrade is needed. 

Page 10 © Copyright by Interviewbit

 Checkpoint Interview Questions

As the world's first and only security architecture, Check Point So ware Blade
provides total, flexible, and manageable security to companies of all sizes. The
solution enables organizations to tweak their security infrastructure easily and
efficiently in order to meet their critical and targeted business security requirements.

8.   Explain the usage of SmartLog and SmartEvent So ware

Blade.

Page 11 © Copyright by Interviewbit

 Checkpoint Interview Questions

SmartLog: Security systems typically track or monitor all activity within a

network and then generate log records that can be analyzed in real-time or
viewed in bulk later. However, traditional log management systems can take
hours to run queries and search millions of log records. SmartLog is basically a
log management tool that provides organizations with the ability to centrally
track all log records and security activities across all So ware Blades on Security
Gateways and Security Management servers, thereby providing instant visibility
into billions of log records. SmartLog provides the following monitoring
features:
Find logs quickly by using simple search strings.
Select from a variety of default search queries to find the relevant logs.
Real-time monitoring of logs.

Page 12 © Copyright by Interviewbit

 Checkpoint Interview Questions

SmartEvent: SmartEvent: A unified security event management and analysis

tool, SmartEvent So ware Blade provides real-time graphical threat
management information. Using SmartEvent, you can consolidate and display
all security events generated by the following So ware Blades:
Firewall
IPS
Application Control
Anti-Bot and Anti-Virus
It is possible for administrators to quickly identify critical security events and take the
necessary measures to prevent future attacks.

9.   State difference between SPLAT and GAIA.

Due to the influx of new incoming threats and requirements for protection,
companies must consolidate security to ensure an optimised security operation and
maximum efficiency. Check Point GAIA is a powerful, unified operating system that
delivers higher security and superior efficiency over its predecessors;  SPLAT
operating system and IPSO operating system. GAIA Operating Systems support the
full suite of CheckPoint Gateways, So ware Blades, and Security Management
products. Here are some advantages of GAIA over SPLAT/IPSO.
Web-Based user interface with Search Navigation
Support for So ware Blades
Easy and simple upgrade (full compatibility with IPSO and SecurePlatform)
Easy to use CLI (Command Line Interface)
High connection capacity (64-bit)
Native IPv4 and IPv6 Support (completely integrated into the operating system)
High availability (ClusterXL or VRRP Clusters), etc.

10.   What is the Checkpoint Firewall rule base?

Page 13 © Copyright by Interviewbit

 Checkpoint Interview Questions

The firewall is at the core of a comprehensive network security policy. A security

policy essentially consists of rules which define access control to/from networks that
are protected by a Check Point Security Gateway. In order to be an effective security
solution, Check Point Security Gateways need well-defined access policies. The basic
principle behind the Rule Base is that "connections that aren't explicitly allowed are
denied". You can create rules in Check Point Firewall Rule Base to only allow specified
connections.

11.   How do you manage the Firewall Rule Base?

With SmartDashboard, it's easy to create and configure Firewall rules that ensure a
strong security policy. Listed below are some fields used to manage rules for Firewall
security policy: 

Field Description

No. 'No.' Refers to the rule number and indicates

how important it is. A rule with a higher
criticality is assigned a higher place in the Rule
Base.

Hits The number of connections for each rule

match.

Source Network object that initiates the

communication.

Destination Network object which completes the

communication.

Action Firewall action is taken when traffic matches a

rule.

Page 14 © Copyright by Interviewbit

 Checkpoint Interview Questions

12.   What is Order of Rule Enforcement in Rule Base?

Packets are inspected sequentially by Check Point Security Gateways. Upon receiving
a packet belonging to a connection, the Security Gateway compares the data
(destination, source, etc.) against the first rule, then the second rule, the third rule,
and so on. As soon as it finds a rule that matches, it stops checking and applies the
action of that particular rule to the packet. If the packet does not match any of the
rules, then it is denied. 

13.   Explain the Stealth rule and Cleanup rule in Checkpoint

firewall.
There are a few standard rules CheckPoint recommends you include in your rule base
for both security and management reasons. They are as follows:
Stealth Rule: Stealth is the first recommended rule to include in your rule base.
Using this rule, we can prevent direct access to the Security Gateway, thereby
providing protection against attacks. Normally, the stealth rule should be placed
near the top of the rule base, with only rules that allow or require access to the
firewall above it.
Cleanup Rule: Cleanup rules are placed at the end of the security Rulebase.
Furthermore, Check Point suggests adding a cleanup rule, which drops and logs
every packet that isn't matched by other rules. Logging dropped packets is
extremely useful for security and troubleshooting. 

14.   What are the explicit and implied rules in Checkpoint

Firewall?
In the Rule Base, you will find the following types of rules:
Explicit Rule: These are rules created by you to configure or specify which
connections the Firewall will allow. Because they were created explicitly, these
rules are called explicit rules. 
Implicit Rule: However, the firewall enforces many rules that are not visible to
you. These are called implicit rules or implied rules. Implicit rules allow
connections for different services that the Security Gateway generally uses. 

Page 15 © Copyright by Interviewbit

 Checkpoint Interview Questions

15.   What is SIC (Secure Internal Communication)?

SIC stands for Secure Internal Communication. As the name suggests, SIC allows
CheckPoint products and platforms to communicate securely. It establishes a trusted
connection or status between a gateway, management server, and other CheckPoint
components. A trust or SIC is required for the installation of policies on gateways and
the transmission (sending) of logs between management servers and gateways.
Check Point platforms and products authenticate each other using one of these SIC
methods:
Certificates for authentication.
Standard-based TLS (Transport Layer Security) for creating secure channels.
3DES (Data Encryption Standard) or AES128 (Advanced Encryption Standard) for
encryption.

Checkpoint Interview Questions for Experienced

16.   Explain VPN (Virtual Private Network).
Many network protocols include encryption, but not all Internet traffic does. An
attacker may therefore be able to intercept and change data as it flows over a
network. Fortunately, virtual private networks (VPNs) alleviate this issue. VPNs are
used to establish a safe and secure connection  (private connection) between two
points and allow them to communicate securely over a public network. In essence,
VPNs provide a private, encrypted connection between two points - without stating
which points they should be. As a result, VPN services can be used for a variety of
purposes:
Site-to-Site VPN: This type of VPN enables secure communication between two
geographically dispersed sites.
Remote Access VPN: This type of VPN connects remote users to a corporate
network in a secure way. 
VPN as a Service (Cloud VPN): This kind of VPN is hosted on a cloud-based
infrastructure. Packets from the client enter the Internet through that cloud
infrastructure rather than the client's local address.

17.   Explain IKE and IPSec.

Page 16 © Copyright by Interviewbit

 Checkpoint Interview Questions

For managing encryption keys and sending encrypted packets, CheckPoint VPNs
(Virtual Private Networks) utilize two secure VPN protocols as follows:
IKE (Internet Key Exchange): It is a standard key management protocol that
establishes a secure, authenticated communication channel between two
devices. Using IKE, a secure VPN communication channel between VPN peers is
established over the Internet. 
IPSec: As part of "IPsec," "IP" stands for "Internet Protocol" and "sec" stands for
"secure". IPsec provides secure encrypted communication between two
computers over an IP network by authenticating and encrypting data packets. It
is commonly used in virtual private networks (VPNs).

18.   State difference between ESP and AH IPSec Protocol.

IPSec uses two different protocols defined by IETF (Internet Engineering Task Force):
AH (Authentication Header) and ESP (Encapsulating Security Payload)

Page 17 © Copyright by Interviewbit

 Checkpoint Interview Questions

AH Protocol ESP Protocol

As of now, the
With the ESP protocol, authentication
AH protocol
(data origin authentication, replay
only provides
protection, and data integrity) and data
authentication
confidentiality (encryption) are all
(data origin
provided. You can use ESP with
authentication,
confidentiality only, with authentication
replay
only, or with both confidentiality and
protection, and
authentication.
data integrity).

It
authenticates
the outer IP Only the IP datagram portion of the IP
header as well packet is authenticated by ESP
as the IP authentication.
packet as a
whole.

19.   How do you prevent IP Spoofing?

IP spoofing means the use of one’s IP address to appear as if it is a trusted IP address,
usually for DDoS attacks or to reroute communication. A hacker uses IP spoofing to
replace an untrustworthy source IP address with a fake, trusted one in order to hijack
connections to your network. Attackers can send malware and bots to your network,
execute DoS attacks, and gain unauthorized access to your systems.

IP Spoofing can be prevented with Anti-spoofing. Anti Spoofing aims to detect and
drop packets with a bogus (false) source address to prevent unauthorized access to
your systems and secure your network.

Page 18 © Copyright by Interviewbit

 Checkpoint Interview Questions

20.   Can you explain what is anti-spoofing in Checkpoint?

The concept of anti-spoofing aims to detect and drop packets with a bogus (false)
source address. By using Anti-Spoofing, we can determine if a packet with an IP
address concealed behind a certain interface is actually arriving from a different
interface. A packet from an external network with an internal IP address, for example,
would automatically be blocked by Anti-Spoofing. It ensures that packets are going
to and coming from the correct interfaces on the security gateway.
Example:
In the following diagram, a Security Gateway is shown with interfaces 2, 3, and 4, as
well as some example networks.

When Anti-Spoofing is enabled on the Security Gateway, it ensures that:

All incoming packets coming to interface 2 should be from the Internet (1)
All incoming packets coming to interface 3 should be from 192.168.33.0
All incoming packets coming to interface 4 should be from 192.0.2.0 or
10.10.10.0
Packets with source IP addresses in network 192.168.33.0 that arrive at interface 2 or
4 are blocked since the source address has been spoofed.

21.   What do you mean by Asymmetric Encryption?

Page 19 © Copyright by Interviewbit

 Checkpoint Interview Questions

There are two types of keys in asymmetric encryption i.e., public and private keys.
There is a pair of private and public keys for each party. The public key, as its name
implies, can be exchanged securely with communication partners, while the private
key must remain confidential (secret). The private key is typically used to decrypt
data, while the public key is used to encrypt data.

To encrypt traffic between Jessica and Monica, as depicted in the above figure, the
pair will exchange public keys.
In order to encrypt Jessica' message to Monica, Jessica will use Monica's public
key. Monica will need to use his own private key to decrypt Jessica' message.
When Monica replies to Jessica in the future, the same process will play out.
Monica will use Jessica's public key to encrypt his reply message to Jessica.
 Jessica will need to use his own private key to decrypt Monica's reply message.
Therefore, before any encrypted communication can take place, Jessica and Monica
must exchange public keys.

22.   Explain Security Zone.

Page 20 © Copyright by Interviewbit

 Checkpoint Interview Questions

With Security Zones, you can create a powerful Access Control Policy that controls
the flow of traffic between different parts of a network. Different security zones are
used by networks to protect resources and to combat malware on networks. Set up
rules so that only appropriate traffic can enter and leave a security zone. Listed below
are the predefined Security Zones, along with their intended purpose:
WirelessZone: The network that is accessible via wireless connections by users
and applications.
ExternalZone: Unsecured networks, such as the Internet and external networks.
DMZZone: Demilitarized zones (DMZ) are sometimes called perimeter networks.
It contains servers accessible from insecure sources, such as the Internet or
external sources.
InternalZone: Company networks containing sensitive data that needs to be
protected and accessed only by authenticated users.

23.   What is the Demilitarized Zone (DMZ)?

The DMZ network, also called a Demilitarized Zone, is a subnetwork within an
organization's network infrastructure that lies between the untrusted network
(Internet or external network) and the protected internal network. DMZ networks
contain the organization's public-facing services and are designed to protect the
internal network. A DMZ should contain any services that can be accessed by users
connecting from an external network. The most common services are Web servers,
mail servers, and FTP (File Transfer Protocol) servers.

Page 21 © Copyright by Interviewbit

 Checkpoint Interview Questions

For both individuals and large organizations, DMZs are crucial to network security.
 They offer an additional layer of security to a computer network by restricting
remote access to internal data and servers, which, if breached, can have devastating
effects.

24.   What do you mean by perimeter? What kind of connections

does the firewall permit on the perimeter?
Typically, a perimeter acts as a security boundary or border that provides the main
defence of an internal (private) network and other public networks (such as the
internet or external network). Firewalls on the perimeter of the network handle all
incoming/outgoing traffic. Firewalls on perimeters usually allow the following
connections:
Connections to DNS (Domain Name System) servers.
VPN (Virtual Private Network) connections.
Specified external connections.
Outgoing connections to the Internet.
Connections to servers in the DMZ (Demilitarized Zone).
Connections from the internal network to the internal network.

Page 22 © Copyright by Interviewbit

 Checkpoint Interview Questions

25.   Explain NAT (Network Address Translation).

NAT refers to network address translation.  NAT (Network Address Translation) is
Firewall So ware Blade's feature and ensures greater security by
replacing/translating IPv4 and IPv6 addresses. NAT hides internal IP addresses from
the Internet in order to protect the identity of a network. A firewall can alter both the
source and destination IP addresses of a packet.
The firewall, for example, translates the source IP address (to a new one) of packets
that go from an internal computer to an external computer. Firewalls translate the
new IP addresses back to the original IP addresses as packets return from the
external computer. When packets return from the external computer, they are routed
to the correct internal computer.
Example: Suppose a network has 1,000 computers but one internet connection.
What makes it possible that 1000 devices can access one internet connection, right?
This is made possible by NAT. A private IP address is assigned to each of the 1000
computers, i.e., (10.0._._), and they are all connected to the router. It is connected
directly to the internet and has NAT settings configured.

Page 23 © Copyright by Interviewbit

 Checkpoint Interview Questions

When PC 1 (which has an IP address of 10.0.0.1) attempts to access the internet

(www.google.com), it will first send a request to the router, and the router converts
the private IP address into a public IP address (10.0.0.1 - 12.0.0.1) and forwards the
request to the Google web server. This information is, however, saved in the NAT
forwarding table by the router before forwarding this request. So, when the response
comes from the web server, the router can convert the public IP back to the private IP
(12.0.0.1 - 10.0.0.1), and deliver the information back to the requested PC.

26.   What do you mean by Source NAT, Hide NAT, and Destination

NAT?
Security Gateways can use the following types of NAT (Network Address Translation)
to translate IP addresses:
Source NAT: It initiates traffic from an internal network to an external network.
When a source NAT is used, only the source IP address is translated into the
public address.
Hide NAT: It is used to translate multiple private IP addresses into a single public
IP address. In other words, many to one translations. This can only be used for
source NAT translation, not destination NAT.
Destination NAT: When connecting from a public IP address to a private IP
address, Destination NAT is used to translate the IP address of the destination. In
this, only static NAT is used. 

27.   State difference between Automatic NAT and Manual NAT.

NAT (Network Address Translation) can be configured in Checkpoint Firewall either
manually or automatically.

Page 24 © Copyright by Interviewbit

 Checkpoint Interview Questions

Automatic NAT Manual NAT

The firewall automatically Administrators create this

creates this rule. rule manually.

You cannot modify it. It can be modified.

It cannot perform DUAL NAT

(if two or more routers on a It can perform DUAL NAT.
network perform NAT).

A proxy ARP (Address A proxy ARP (Address

Resolution Protocol) is Resolution Protocol) is
created automatically. It is created manually. It is not
enabled by default. enabled by default.

28.   Explain the functions of CPD, FWM, and FWD processes.

FWM (Firewall Management): It runs only on the SMS (Security Management
Server) and is responsible for handling SmartConsole GUI connections, policy
verification, and Management high availability (HA) synchronization.
FWD (Firewall Daemon): It runs on both SMS and Security Gateway devices.
Mostly, it is responsible for routing logs from Security Gateways to SMS, but it
also acts as a parent process (on security gateways) for many security server
processes that are performing advanced inspections outside of the kernel.
CPD (Check Point Daemon): It runs on both SMS and Security Gateway devices.
It is responsible for handling generic functions like SmartView Monitor,
SIC/certificates, licensing, and fetching/pushing policy between the SMS and
Security Gateway.

29.   Explain Checkpoint DLP (Data Loss Prevention).

Page 25 © Copyright by Interviewbit

 Checkpoint Interview Questions

Data loss prevention (DLP) is a cybersecurity methodology that combines technology

and best practices in order to help prevent sensitive data from being divulged
(disclosed) outside of an organization. In particular, the data may include regulated
information such as PII (Personally Identifiable Information) or compliance data such
as HIPAA (Health Insurance Portability and Accountability Act), PCI (Payment Card
Industry), SOX (Sarbanes-Oxley Act), etc.

Your business is protected against unintentional loss of sensitive and valuable

information by Check Point DLP. With DLP, businesses can monitor data movement
and empower employees to work confidently while staying compliant with industry
regulations.

30.   What is Granular Routing Control?

In the network, the Granular Routing Control (GRC) is used to granularly control VPN
(Virtual Private Network) traffic. Using this feature, you can enable the Security
Gateway to:

Page 26 © Copyright by Interviewbit

 Checkpoint Interview Questions

Choose the optimal route for VPN traffic.

Choose which interfaces to use for VPN traffic to internal and external networks.
Specify the IP addresses that will be used for VPN traffic.
Select VPN tunnels available using route probing (closely inquiring), etc.

31.   In what way are Cpstop/cpstart and Fwstop/fwstart

different?
Cpstart: Starts all CheckPoint applications and processes running on a machine.
Cpstop: Stops all CheckPoint applications and processes manually.
Fwstart: Start VPN-1/FireWall-1.
Fwstop: Stop VPN-1/FireWall-1.

Conclusion:

During your interview, a good interviewer will rarely plan ahead to ask you specific
questions. Usually, they begin with a basic concept of the subject and then continue
based on what you say and follow-up questions. These questions are intended to give
you an idea of the type of question you may encounter during your CheckPoint
interview.
Useful Resources:
Network Engineer Salary in India – For Freshers & Experienced
How To Become A Network Engineer
System Engineer Salary In India
Cyber Security Interview Questions

Page 27 © Copyright by Interviewbit

Links to More Interview
Questions

C Interview Questions Php Interview Questions C Sharp Interview Questions

Web Api Interview Hibernate Interview Node Js Interview Questions

Questions Questions

Cpp Interview Questions Oops Interview Questions Devops Interview Questions

Machine Learning Interview Docker Interview Questions Mysql Interview Questions

Questions

Css Interview Questions Laravel Interview Questions Asp Net Interview Questions

Django Interview Questions Dot Net Interview Questions Kubernetes Interview

Questions

Operating System Interview React Native Interview Aws Interview Questions

Questions Questions

Git Interview Questions Java 8 Interview Questions Mongodb Interview

Questions

Dbms Interview Questions Spring Boot Interview Power Bi Interview Questions

Questions

Pl Sql Interview Questions Tableau Interview Linux Interview Questions

Questions

Ansible Interview Questions Java Interview Questions Jenkins Interview Questions

Page 28 © Copyright by Interviewbit