Check Point Certified Security Administrator (CCSA) R81.20 — Question 138

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?

Answer options

• A. No, Certificate based VPNs are only possible between Check Point devices
• B. No, they cannot share certificate authorities
• C. Yes, but they have to have a pre-shared secret key
• D. Yes, but they need to have a mutually trusted certificate authority

Correct answer: D

Explanation

The correct answer is D because for a certificate-based Site-to-Site VPN to function between different vendors, both gateways must have a trusted certificate authority that they can rely on. Options A and B are incorrect as they misunderstand the interoperability of certificate authorities in VPN configurations, while option C incorrectly suggests that a pre-shared secret key is required for certificate-based VPNs.