Check Point Certified Security Expert (CCSE) R81 — Question 258

After replacing a faulty Gateway the admin installed the new Hardware and want to push the policy. Installing the policy using the SmartConsole he got an Error for the Threat Prevention Policy. There is no error for the Access Control Policy. What will be the most common cause for the issue?

Answer options

• A. The admin forgot to reestablish the SIC for the new hardware. That is typically the case when configure only the interfaces of the replacement hardware instead restoring a backup.
• B. The IPS Protection engine on the replacement hardware is too old. Before pushing the Threat Prevention Policy use SmartConsole -> Security Policies -> Updates -> IPS 'Update Now' to update the engine.
• C. The admin forgot to apply the new license. The Access Control license is included by default but the service subscriptions for the Threat Prevention Blades are missing.
• D. The Threat Prevention Policy can't be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.

Correct answer: D

Explanation

The correct answer is D because the Threat Prevention Policy requires that the Access Control Policy has been installed first on the Gateway. Options A, B, and C are incorrect as they address potential issues related to SIC, outdated IPS engines, and licensing, none of which are the primary reason for the error experienced in this scenario.