Check Point Certified Security Expert (CCSE) R81 — Question 261

You had setup the VPN Community 'VPN-Stores' with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways.

Answer options

• A. action:"Key Install" AND 1.1.1.1 AND Main Mode
• B. action:"Key Install" AND 1.1.1.1 AND Quick Mode
• C. Blade:"VPN" AND VPN-Stores AND Main Mode
• D. Blade:"VPN" AND VPN-Stores AND Quick Mode

Correct answer: B

Explanation

The correct answer is B because IKE Phase 2 negotiations occur during Quick Mode, which is what we want to filter for in this scenario. Answers A and C refer to Main Mode, which is not relevant for Phase 2, while D, although it mentions Quick Mode, does not specify the necessary action of 'Key Install'.