Check Point Certified Security Expert (CCSE) R80 — Question 260

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.
Why does it not allow him to specify the pre-shared secret?

Answer options

• A. IPsec VPN blade should be enabled on both Security Gateway.
• B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
• C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
• D. The Security Gateways are pre-R75.40.

Correct answer: C

Explanation

The correct answer is C because when two Security Gateways are managed by the same Security Management Server, they must use certificate-based authentication instead of pre-shared secrets. Options A and D are incorrect as they do not pertain to the restriction on pre-shared secrets. Option B is also wrong because it incorrectly states the conditions under which pre-shared secrets can be used.