This study plan is designed for optimal retention and effective preparation for the 156-315.81.20 Check Point CCSE R81.20 exam. It integrates the Pomodoro Technique and Forgetting Curve Learning to ensure focus and long-term memory retention. The plan spans 8 weeks and is divided into daily tasks and review cycles.

Study Plan Overview

Primary Goals:

1. Master Key Exam Topics:
   • Understand all exam domains deeply, focusing on objectives like configuration, optimization, and troubleshooting.
2. Retain Knowledge Efficiently:
   • Use active recall and spaced repetition to embed key concepts.
3. Simulate Exam Scenarios:
   • Practice with real-world scenarios and mock exams to improve problem-solving skills.

Key Methods:

1. Pomodoro Technique: Study in 25-minute focused sessions, followed by 5-minute breaks. After 4 sessions, take a 15–30 minute longer break.
2. Forgetting Curve: Schedule reviews at intervals of 1 day, 1 week, 2 weeks, and 4 weeks after initial learning.

Week 1: Foundations and Initial Setup

Goal: Understand the basics of Check Point systems, set up the lab environment, and practice foundational configurations.

Day 1: Exam Overview and Lab Setup

• Review the official 156-315.81.20 exam blueprint.
• Understand the exam's objectives and topics, writing them down for reference.
• Download Check Point R81.20 software and set up a virtual lab environment with the following:
  • Security Management Server.
  • Security Gateway.
  • Basic network topology (internal and external zones).

Day 2: SmartConsole Exploration

• Install SmartConsole on your workstation.
• Explore its interface, focusing on:
  • Navigation.
  • Security policy configuration.
  • Log and monitoring sections.
• Task: Create a sample policy to allow HTTP/HTTPS traffic and deploy it.

Day 3: Installing Security Gateways

• Install a Check Point Security Gateway in your lab environment.
• Configure SIC (Secure Internal Communication) between the gateway and the Management Server.
• Deploy a basic access control policy to allow internal network traffic to the internet.
• Task: Test the policy by simulating traffic from internal hosts.

Day 4: Backup and Restore

• Learn the difference between manual and scheduled backups.
• Practice creating backups using the backup CLI command and SmartConsole.
• Simulate a failure by restoring a backup to a fresh Management Server or Security Gateway installation.
• Task: Write down a step-by-step guide for backup and restore.

Day 5: Basic Policy Configuration

• Understand how to create rules for:
  • Allowing specific services (e.g., SSH, HTTP).
  • Blocking specific IP ranges.
  • Logging traffic for analysis.
• Task: Test these policies by generating traffic from your lab environment and analyzing logs.

Day 6: Practice and Review

• Consolidate everything learned so far:
  • Navigate SmartConsole confidently.
  • Create, deploy, and test basic policies.
  • Backup and restore configurations.
• Task: Solve practice questions on foundational topics.

Day 7: Weekly Review

• Review key takeaways:
  • SmartConsole navigation.
  • Gateway setup.
  • Policy deployment.
  • Backup and restore procedures.
• Create a mind map summarizing what you’ve learned and identify weak areas.

Week 2: Identity Awareness and Advanced Policy Management

Goal: Master Identity Awareness and advanced policy configuration.

Day 1: Enabling Identity Awareness

• Learn what Identity Awareness (IA) is and how it works.
• Enable IA on the Security Gateway and configure it to query Active Directory.
• Task: Test IA by creating a user-based policy allowing only specific AD groups access to certain resources.

Day 2: Using Dynamic and Updatable Objects

• Understand Dynamic Objects and their use cases.
• Configure Updatable Objects for cloud-based services and external IPs/domains.
• Task: Create a policy to allow access to Office365 services using Updatable Objects.

Day 3: Layered Policy Management

• Learn how to use layered policies for modular management.
• Create layers for:
  • Internet access.
  • Internal resource protection.
• Task: Implement layered policies in your lab environment and test their impact.

Day 4: Global Policy Management

• Explore the concept of Global Policies for multi-domain environments.
• Create a global policy template and customize it for a domain-specific use case.
• Task: Test global policies in a simulated environment.

Day 5: Policy Optimization and Log Analysis

• Use logs to identify inefficient or redundant rules.
• Reorder and optimize rules for better performance.
• Task: Document your optimization process and measure improvements.

Day 6: Practice and Troubleshooting

• Solve practical questions on:
  • Identity Awareness.
  • Dynamic Objects.
  • Policy layers.
• Troubleshoot common misconfigurations, such as:
  • Incorrect AD integration.
  • Overlapping rules.

Day 7: Weekly Review

• Revisit all tasks and configurations.
• Practice applying concepts in a lab environment:
  • Test Identity Awareness policies.
  • Analyze logs for improvements.
• Task: Write a summary of key learnings and areas to refine.

Week 3: Threat Prevention Basics

Goal: Configure and manage Check Point’s threat prevention features, including IPS and Anti-Bot.

Day 1: Configuring IPS

• Learn how Intrusion Prevention System (IPS) protects against common threats.
• Enable IPS on the gateway and apply an Optimized Profile.
• Fine-tune protections for high-risk zones.
• Task: Simulate an attack (e.g., SQL Injection) and observe IPS behavior.

Day 2: Threat Emulation and Threat Extraction

• Understand SandBlast technologies:
  • Threat Emulation for zero-day threats.
  • Threat Extraction for delivering clean content.
• Configure Threat Emulation for email and web traffic.
• Task: Test Threat Emulation with potentially malicious files.

Day 3: Configuring Anti-Bot and Anti-Virus

• Enable Anti-Bot to block communication with malicious command-and-control servers.
• Configure Anti-Virus for scanning web and email downloads.
• Task: Test by accessing a simulated malicious URL and reviewing logs.

Day 4: Threat Monitoring with SmartEvent

• Use SmartEvent to analyze threat events and create correlation rules.
• Configure alerts for specific threat types (e.g., repeated login failures).
• Task: Investigate and respond to a simulated brute-force attack.

Day 5: Reviewing Threat Prevention

• Solve scenario-based questions on IPS, Threat Emulation, and Anti-Bot.
• Analyze logs for patterns and identify potential configuration gaps.
• Task: Adjust threat prevention policies based on log findings.

Day 6: Practical Lab

• Implement a full threat prevention strategy for a sample network.
• Document every step, including:
  • IPS setup.
  • SandBlast configuration.
  • Anti-Bot and Anti-Virus policies.
• Task: Test your setup against simulated attacks.

Day 7: Weekly Review

• Revisit all threat prevention tasks and fine-tune configurations.
• Solve advanced practice questions to reinforce learning.
• Write a brief report summarizing your understanding of threat prevention.

Week 4: VPN Configurations

Goal: Master site-to-site and remote access VPNs, advanced routing, and troubleshooting techniques.

Day 1: Site-to-Site VPN Basics

• Learn the principles of Site-to-Site VPN, including encryption domains and IKE phases.
• Configure a basic Site-to-Site VPN between two Security Gateways.
• Verify the connection using SmartConsole logs.
• Task: Test connectivity between encrypted domains and simulate basic traffic.

Day 2: Advanced VPN Routing

• Understand the differences between Policy-Based VPN and Route-Based VPN.
• Configure Route-Based VPN using Virtual Tunnel Interfaces (VTIs).
• Use routing protocols (e.g., OSPF or BGP) to manage traffic over the VPN.
• Task: Test failover scenarios by modifying routes dynamically.

Day 3: Remote Access VPN

• Configure Remote Access VPN for SecureClient.
• Learn about Split Tunneling and how to balance security with user flexibility.
• Test endpoint compliance checks for remote devices.
• Task: Connect using SecureClient and verify compliance settings.

Day 4: VPN Troubleshooting

• Use tools like vpn tu and SmartView Tracker to identify VPN issues.
• Resolve common problems such as:
  • Phase 1 or Phase 2 negotiation failures.
  • Misconfigured encryption domains.
• Task: Simulate a broken VPN connection and troubleshoot the issue.

Day 5: Dead Peer Detection (DPD) and Rekeying

• Learn about Dead Peer Detection (DPD) to monitor VPN peer health.
• Configure rekeying intervals for VPN security.
• Task: Test DPD functionality by temporarily disabling one peer.

Day 6: Lab Practice

• Create a multi-site VPN scenario in your lab environment:
  • Connect three gateways with Site-to-Site VPNs.
  • Add Remote Access VPN for external users.
• Task: Document all configurations and test traffic between sites and users.

Day 7: Weekly Review

• Review key concepts:
  • Encryption domains.
  • Troubleshooting tools.
  • Advanced routing configurations.
• Solve scenario-based practice questions focusing on VPN topics.

Week 5: Performance Tuning

Goal: Optimize gateway performance using SecureXL, CoreXL, and Quality of Service (QoS).

Day 1: SecureXL Basics

• Learn how SecureXL accelerates traffic flows by offloading processing.
• Verify SecureXL status using fwaccel stat and analyze accelerated connections.
• Task: Test SecureXL by enabling and disabling it for specific traffic.

Day 2: CoreXL Optimization

• Understand CoreXL and its role in multi-core processing.
• Configure CoreXL to optimize firewall and VPN performance.
• Task: Monitor CPU usage with and without CoreXL and observe performance improvements.

Day 3: Advanced Routing Optimization

• Fine-tune routing protocols like OSPF and BGP to improve efficiency.
• Learn about Policy-Based Routing (PBR) for critical applications.
• Task: Configure PBR to route VoIP traffic over a dedicated link.

Day 4: Traffic Shaping and QoS

• Enable the QoS Blade in SmartConsole.
• Create QoS rules to prioritize traffic for critical services like video conferencing.
• Task: Test QoS by simulating high traffic loads and observing the prioritized flow.

Day 5: Gateway Resource Management

• Monitor CPU, memory, and disk usage using SmartConsole and CLI tools.
• Identify resource bottlenecks and implement fixes, such as enabling log rotation.
• Task: Test resource management strategies by generating high traffic in the lab.

Day 6: Lab Practice

• Simulate a high-performance network with:
  • SecureXL for traffic acceleration.
  • CoreXL for parallel processing.
  • QoS for prioritized traffic.
• Task: Document and test configurations under various loads.

Day 7: Weekly Review

• Review all performance optimization techniques.
• Solve performance-related questions and refine weak areas.

Week 6: Advanced Security Monitoring

Goal: Master SmartEvent, log management, and real-time threat monitoring.

Day 1: SmartEvent Configuration

• Set up SmartEvent for monitoring security events in real time.
• Configure data sources and enable event correlation units.
• Task: Create a correlation rule to detect brute-force login attempts.

Day 2: Log Management

• Configure log servers for efficient storage and retrieval.
• Set up log retention policies and forwarding to external systems.
• Task: Test log searches for specific events, such as denied connections.

Day 3: Threat Analysis

• Use SmartEvent to analyze traffic patterns and detect potential threats.
• Correlate logs with Check Point ThreatCloud intelligence.
• Task: Investigate a simulated DDoS attack and document findings.

Day 4: Alerting Mechanisms

• Configure email and SMS alerts for critical events like resource outages or policy violations.
• Task: Test the alerting system by simulating a gateway failure.

Day 5: Advanced Use Cases

• Analyze historical logs to audit and improve security policies.
• Create custom dashboards for specific use cases.
• Task: Audit a week’s worth of logs and propose policy adjustments.

Day 6: Lab Practice

• Simulate a complete security monitoring scenario, including:
  • Real-time alerts.
  • Correlation rule testing.
  • Log analysis for post-incident forensics.
• Task: Document the workflow for responding to a major security incident.

Day 7: Weekly Review

• Summarize key concepts:
  • SmartEvent setup.
  • Log management strategies.
  • Threat detection and analysis.
• Solve questions focused on security monitoring scenarios.

Week 7: Comprehensive Review

Goal: Consolidate all learned topics, identify weak areas, and simulate real-world scenarios to build confidence.

Day 1: Review Identity Awareness and Advanced Policies

• Tasks:
  • Revisit Identity Awareness configuration, focusing on integrating Active Directory and Dynamic/Updatable Objects.
  • Create user-based policies and test access scenarios in the lab.
  • Use logs to troubleshoot issues related to misconfigured identity rules.
• Practice: Solve scenario-based questions involving Identity Awareness and policy layers.

Day 2: Review Threat Prevention

• Tasks:
  • Reconfigure IPS profiles for a simulated high-risk environment and test various attacks (e.g., SQL Injection).
  • Revisit Threat Emulation and Threat Extraction setups and test file handling for zero-day protection.
  • Analyze logs for Anti-Bot and Anti-Virus to identify and block malicious activity.
• Practice: Simulate an environment under attack and test your threat prevention strategy.

Day 3: Review VPNs

• Tasks:
  • Practice configuring Site-to-Site VPNs, focusing on troubleshooting common issues.
  • Revisit Remote Access VPN configurations, including endpoint compliance and split tunneling.
  • Test route-based VPNs with dynamic routing protocols like OSPF or BGP.
• Practice: Solve complex VPN troubleshooting scenarios.

Day 4: Review Security Monitoring

• Tasks:
  • Revisit SmartEvent and log management configurations.
  • Practice creating and refining correlation rules for real-time monitoring.
  • Simulate an incident (e.g., policy violation or intrusion attempt) and use SmartEvent to respond.
• Practice: Audit historical logs to identify patterns and propose policy improvements.

Day 5: Review Performance Tuning

• Tasks:
  • Test SecureXL and CoreXL optimizations under simulated high-traffic conditions.
  • Revisit QoS configurations and prioritize critical applications.
  • Monitor gateway resource usage (CPU, memory, disk) and resolve simulated bottlenecks.
• Practice: Configure performance tuning for a resource-constrained environment.

Day 6: Mock Exam

• Tasks:
  • Take a full-length mock exam, simulating the actual test environment.
  • Analyze incorrect answers and revisit weak areas.
  • Use your lab environment to practice configurations related to mistakes in the exam.

Day 7: Final Weekly Review

• Tasks:
  • Summarize key learnings from the week.
  • Focus on revising topics you struggled with during the mock exam.
  • Conduct a final review of lab configurations for Identity Awareness, VPNs, and Threat Prevention.

Week 8: Final Preparation

Goal: Polish exam readiness, focus on weak areas, and ensure confidence through practice exams and lab simulations.

Day 1: Full Mock Exam 1

• Tasks:
  • Take a timed full-length mock exam, simulating the actual exam conditions.
  • Analyze performance and categorize mistakes into:
    • Misunderstood concepts.
    • Configuration errors.
  • Revisit weak topics in the lab and test again.

Day 2: Identity Awareness and Policies

• Tasks:
  • Focus exclusively on Identity Awareness and policy-related configurations.
  • Test layered and global policy implementation in various scenarios.
• Practice: Solve practice questions on Identity Awareness and refine user-based policies.

Day 3: Threat Prevention and Monitoring

• Tasks:
  • Review Threat Prevention configurations, focusing on IPS and Anti-Bot.
  • Test SmartEvent correlation rules and analyze logs for a simulated DDoS attack.
• Practice: Solve real-world threat detection and prevention scenarios.

Day 4: VPNs and Routing

• Tasks:
  • Test Site-to-Site and Remote Access VPNs in different configurations (e.g., with and without split tunneling).
  • Revisit routing protocols like OSPF and configure route-based VPNs.
• Practice: Troubleshoot complex VPN connectivity issues.

Day 5: Performance and Resource Management

• Tasks:
  • Optimize SecureXL and CoreXL configurations in your lab environment.
  • Monitor gateway performance under simulated heavy traffic and resolve bottlenecks.
• Practice: Apply QoS to prioritize critical traffic while restricting non-essential traffic.

Day 6: Full Mock Exam 2

• Tasks:
  • Take another full-length mock exam, simulating exam conditions.
  • Review incorrect answers thoroughly and focus on high-priority weak areas.
  • Revisit related configurations in the lab for hands-on practice.

Day 7: Final Review

• Tasks:
  • Conduct a full review of all topics using summarized notes and lab configurations.
  • Focus on key areas:
    • Identity Awareness.
    • Threat Prevention.
    • VPNs.
    • Performance Tuning.
  • Perform light review of past mock exams and ensure readiness for the real exam.

Final Tips for Exam Day

• Ensure you get enough rest before the exam.
• Review key concepts and summaries, avoiding any new material.
• Stay calm and manage your time effectively during the test.

Good luck with your exam!