Check Point Certified Harmony Endpoint Specialist — Question 65

When a VPN tunnel is formed with a Maestro SGM,

Answer options

• A. The receiving SGM makes an encryption decision. The SGM then syncs the traffic to two backup SGMs: one for clear traffic and one for encrypted traffic.
• B. SGM 1 analyzes the policy and topology. If encryption is required, it calculates the tunnel owner's IP address. SGM 1 sends a clear packet to the tunnel owner. SGM 2 is now the connection and tunnel owner.
• C. The MHO handles the IKE before distributing the traffic to a SGM to handle all encrypted traffic. This helps to prevent any issues with the correction layer.
• D. The MHO distributes copies of the packets to two different SGMs because SGM 1 will handle the clear traffic IKE exchange packets, while SGM 2 handles encrypted packets.

Correct answer: B

Explanation

The correct answer is B because it accurately describes the role of SGM 1 in analyzing policy and determining the tunnel owner's IP before initiating communication. Options A, C, and D misrepresent the process, particularly in how traffic is managed and the responsibilities of the SGMs during the tunnel establishment.