ExamTopics Logo
Mail Us[email protected]
Menu
Checkpoint Discussions
exam questions

Exam 156-215.80 All Questions

View all questions & answers for the 156-215.80 exam
Go to Exam

Exam 156-215.80 topic 1 question 3 discussion

Actual exam question from Checkpoint's 156-215.80
Question #: 3
Topic #: 1
[All 156-215.80 Questions]

Vanessa is firewall administrator in her company; her company is using Check Point firewalls on central and remote locations, which are managed centrally by
R80 Security Management Server. One central location has an installed R77.30 Gateway on Open server. Remote location is using Check Point UTM-1 570 series appliance with R71. Which encryption is used in Secure Internal Communication (SIC) between central management and firewall on each location?

  • A. On central firewall AES128 encryption is used for SIC, on Remote firewall 3DES encryption is used for SIC.
  • B. On both firewalls, the same encryption is used for SIC. This is AES-GCM-256.
  • C. The Firewall Administrator can choose which encryption suite will be used by SIC.
  • D. On central firewall AES256 encryption is used for SIC, on Remote firewall AES128 encryption is used for SIC.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Gateways above R71 use AES128 for SIC. If one of the gateways is R71 or below, the gateways use 3DES.
Reference:
http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement_AdminGuide.pdf?
HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
by chrissss at Feb. 19, 2019, 2:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rafaelrodroliveira1988
Highly Voted 1 year, 7 months ago
A is correct. https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/125443
upvoted 5 times
...
Hernan_Mella
Most Recent 5 months, 2 weeks ago
None valid ... Security Gateways R71 and higher use AES128 for SIC. If one of the Security Gateways is below R71, the Security Gateways use 3DES. So there is R71 and R77.30Gws, they must use 128 Both
upvoted 1 times
...
NLT
1 year, 10 months ago
Check Point platforms and products authenticate each other through one of these Secure Internal Communication (SIC) methods: Certificates. Standards-based TLS for the creation of secure channels. 3DES or AES128 for encryption. Security Gateways R71 and higher use AES128 for SIC. If one of the Security Gateways is below R71, the Security Gateways use 3DES. SIC creates trusted connections between Security Gateways, management servers and other Check Point components. Trust is required to install polices on Security Gateways and to send logs between Security Gateways and management servers.
upvoted 3 times
...
Levis
2 years, 5 months ago
A for sure https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_SecurityManagement_AdminGuide/Content/Topics-SECMG/Secure-Internal-Communication.htm?TocPath=Managing%20Gateways%7CSecure%20Internal%20Communication%20(SIC)%7C_____5
upvoted 1 times
...
CP_Trainee
3 years, 6 months ago
Testing in an environment as described (which I don't have access to) needs to be done to validate the answer being A, please see below; "Gateways above R71 use AES128 for SIC. If one of the gateways is below R71, the gateways use 3DES." The important note here is "if one of the gateways is below R71, the gateways use 3DES" this indicates that the lowest version dictates the encryption. If this is not the case the documentation should read "If one of the gateways is below R71, that gateway uses 3DES" Sadly this is indicative of Check Point documentation Source; https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/125443
upvoted 3 times
...
chrissss
3 years, 9 months ago
it should be D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago