Check Point Certified Security Administrator (CCSA) R80 — Question 215

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?

Answer options

• A. The Gateway is an SMB device
• B. The checkbox ג€Use only Shared Secret for all external membersג€ is not checked
• C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
• D. Pre-shared secret is already configured in Global Properties

Correct answer: C

Explanation

The correct answer is C because when two Security Gateways are managed by the same SMS, they typically use certificate-based authentication, eliminating the need for a pre-shared secret. Options A and B are irrelevant to the inability to specify a pre-shared secret, and option D is incorrect in this context as it does not pertain to the specific configuration issue at hand.