Check Point Certified Security Expert (CCSE) R81 — Question 318

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

Answer options

• A. Domain-based- VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.
• B. Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.
• C. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.
• D. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

Correct answer: C

Explanation

The correct answer is C because it inaccurately describes a VPN domain as a service or user, whereas a VPN domain actually refers to a host or network. Options A and D correctly describe the nature of VPN domains, while option B discusses route-based VPNs and is therefore unrelated to the question.