Exam 156-315.80 All QuestionsBrowse all questions from this exam
Question 214

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

    Correct Answer: D

    The Security Management Server IP-address cannot be changed without re-establishing the trust. When the IP address of the Security Management Server is changed, it affects the Internal Certificate Authority (ICA) and its interaction with the Security Gateway. SIC (Secure Internal Communications) depends on the IP configuration being consistent for certificate renewal and validation processes. If the IP address changes, the SIC would need to be reset to maintain trust.

Discussion
KurpOption: C

I think the correct answer is C. Doesn't matter what the OS level hostname is. Only smartDashboard/ smartconsole name is relevant. IP addresses do not matter as SIC is name based "SIC is completely NAT tolerant, as the protocol is based on Certificates and SIC names, not on IP addresses. A NAT device between the Security Management Server and Security Gateway will not have any effect on the ability of a Check Point enabled entity to communicate using SIC."

Anni_CCSA

"Change the name of the Management Server object to the desired setting in SmartDashboard. (Unlike Security Gateways, this can be done without making any changes to SIC)." , this can be found in sk42071. So it's not C.

dongayan

correct, should be D, if you change the ip address of the CMA new licenses also required, so reset SIC needed.

Amathai1803Option: C

Had this question today in exam. selected C

androsOption: C

I think C is correct. From CCSA pag 27. "Note: If the Security Management Server is renamed, trust will need to be reestablished as the certificate is reissued"

ChinkSantanaOption: C

Answer is C: CCSA Manual page 79: Once SIC is established, the management server and its components are identified by their SIC names rather than the IP address. If the Security Management Server is renamed, trust will need to be reestablished as the certificate is reissued.

Al789789Option: D

D is correct answer. IP Address of the Internal Certificate Authority (ICA) of Security Management Server / Domain Management Server is automatically added to Check Point Registry file ($CPDIR/registry/HKLM_registry.data) on Security Gateway when SIC is first established (between Security Gateway and Management Server). If the IP Address of Security Management Server / Domain Management Server is changed, and SIC is never manually reset (between Security Gateway and Management Server), then the AutoRenewal of the Certificate will fail. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103356

DrTeeOption: C

C is partially correct. based on sk40993, Notes, Notes: Since the hostname (name of the Security Management) has not been changed, SIC communication should not be affected, as long as the routing is correct. Make sure that there is connectivity between the Security Management and the managed Security Gateway(s), and that DNS resolution is to the new IP Address. 3. If the DNS does not resolve to the new IP, you will need to reset SIC to confirm the change.

Doris8000Option: D

D is confirmed here: https://quizlet.com/au/509819782/ccsa-study-notes-flash-cards/

Dako_DakarOption: C

C Because the hostname (name of the Security Management Server) has not been changed, SIC communication should not be affected, as long as the routing is correct

auburnuyOption: D

It's D. IP Address of the Internal Certificate Authority (ICA) of Security Management Server / Domain Management Server is automatically added to Check Point Registry file ($CPDIR/registry/HKLM_registry.data) on Security Gateway when SIC is first established (between Security Gateway and Management Server). If the IP Address of Security Management Server / Domain Management Server is changed, and SIC is never manually reset (between Security Gateway and Management Server), then the AutoRenewal of the Certificate will fail. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103356

mrnqazOption: C

SIC is dependent on the SMS name... If you look at the CN you will notice the SMS name. Hence, it is specific to name and not IP.