I suppose this question should look this way and answer will be "B"
To enforce the Security Policy correctly, a Security Gateway requires:
A. a routing table
B. awareness of the network topology
C. a Demilitarized Zone
D. a Security Policy install
I hope this is not a real Checkpoint question because, it's beyond bad. The need for a routing table/network awareness to enforce policy rules correctly is very obvious, but so is the need for a policy install. If a policy isn't installed/pushed to the gateway it won't work either.
I think as lukemikro, according to CCSA manual page 108
The gateway must be aware of the network topology in order to correctly enforce the Security Policy, ensure the validity of IP addresses for inbound and outbound traffic and configure a special domain for VPNs.
B is correct. From the CCSA Manual. “Installation ensures that each Security Gateway enforces at least one rule. If none of the rules in the policy package apply to a Security Gateway, the Security Management Server does not install the policy package on the Security Gateway”. The Security Policy install is necessary, but it is not possible if the Security Gateway does not enforce at least one rule, and then it will enforce the default drop, thus making the enforcement not "correct".
I think the keywords are "CORRECTLY" and "REQUIRES".
To enforce a Security Policy CORRECTLY, a Security Gateway REQUIRES?
In order to setup a Security Policy CORRECTLY, the firewall REQUIRES a CORRECT network topology awerness. Otherwise it would be a big mess :P
agree with likemikro
from CCSA R80 guide:
The gateway must be aware of the network topology in order to correctly enforce the Security
Policy, ensure the validity of IP addresses for inbound and outbound traffic and configure a
special domain for VPNs.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
lukemikro
Highly Voted 2 years, 10 months agobabajana
2 years, 5 months agoHernan_Mella
10 months agoAnni_CCSA
Highly Voted 2 years, 5 months agoHernan_Mella
Most Recent 9 months, 3 weeks agodhccsa
1 year, 1 month agozorolo
1 year, 2 months agobardin2177
1 year, 11 months agojuvemerda
1 year, 11 months agoThaks
1 year, 6 months agosaicosocial
2 years, 2 months agoNikolas
2 years, 7 months agoDrTee
2 years, 8 months agoKurp
2 years, 12 months ago