Examice

Exam 156-315.80 All QuestionsBrowse all questions from this exam

Question 234

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.

Why does it not allow him to specify the pre-shared secret?

IPsec VPN blade should be enabled on both Security Gateway.

Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.

Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.

The Security Gateways are pre-R75.40.

Correct Answer: C

Certificate-based Authentication is the only authentication method available between two Security Gateways managed by the same Security Management Server. When both gateways are under the same management, the system defaults to using certificates for authentication to ensure stronger security and easier management. Pre-shared secrets are typically used for VPN connections involving third-party or externally managed gateways.

Discussion

Theo_19

Correct me if I am wrong, I believe answer B is a valid answer too

Learner23

No, it is not valid, because PSK(shared secret) can be used for externally managed VPN gateways too. (Another CP Security Gateway managed by a different Security Management Server)