Check Point Certified Security Administrator (CCSA) R80 — Question 200

Your internal networks 10.1.1.0/24, 10.2.2.0/24 and 192.168.0.0/16 are behind the Internet Security Gateway. Considering that Layer 2 and Layer 3 setup is correct, what are the steps you will need to do in SmartConsole in order to get the connection working? Choose the BEST answer.

Answer options

• A. 1. Define an accept rule in Security Policy. 2. Define Security Gateway to hide all internal networks behind the gateway's external IP. 3. Publish and install the policy.
• B. 1. Define an accept rule in Security Policy. 2. Configure automatic NAT for each network to NAT the networks behind a public IP. 3. Publish the policy.
• C. 1. Define an accept rule in Security Policy. 2. Configure automatic NAT for each network to NAT the networks behind a private IP. 3. Publish and install the policy.
• D. 1. Define an accept rule in Security Policy. 2. Define Security Gateway to hide all internal networks behind the gateway's external IP. 3. Publish the policy.

Correct answer: C

Explanation

The correct answer is C because it involves defining an accept rule, configuring automatic NAT for the networks behind a private IP, and publishing the policy, which is necessary for internal network communication. Options A and D incorrectly suggest hiding networks behind the external IP, which is not suitable for this scenario, and option B incorrectly states that the networks should be NATed behind a public IP, which does not comply with the requirement.