Check Point Certified Security Administrator (CCSA) R80 — Question 224

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret, the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?

Answer options

• A. IPsec VPN blade should be enabled on both Security Gateway.
• B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
• C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
• D. The Security Gateways are pre-R75.40.

Correct answer: C

Explanation

The correct answer is C because when two Security Gateways are managed by the same Security Management Server, they exclusively use Certificate-based Authentication. Options A, B, and D are incorrect because enabling the IPsec VPN blade is not the issue, pre-shared secrets can be used for Check Point to Check Point connections, and the version R75.40 does not affect the authentication method in this context.