Examice

Exam 156-215.80 All QuestionsBrowse all questions from this exam

Question 13

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret, the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?

IPsec VPN blade should be enabled on both Security Gateway.

Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.

Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.

The Security Gateways are pre-R75.40.

Correct Answer: C

Certificate-based Authentication is the only authentication method available between two Security Gateways managed by the same Security Management Server (SMS). Internally managed Security Gateways automatically receive a certificate from the internal CA, which makes pre-shared secret authentication unnecessary and therefore not configurable.

Discussion

ChinkSantanaOption: B

The answer is Correct: Use only shared secret for external members.

gordonFOption: C

correct There is nothing to configure on the IPsec VPN page, regarding certificates, because internally managed Security Gateways automatically receive a certificate from the internal CA.

JinalraoOption: B

And what's about B