I think the correct answer is C. Doesn't matter what the OS level hostname is. Only smartDashboard/ smartconsole name is relevant. IP addresses do not matter as SIC is name based
"SIC is completely NAT tolerant, as the protocol is based on Certificates and SIC names, not on IP addresses. A NAT device between the Security Management Server and Security Gateway will not have any effect on the ability of a Check Point enabled entity to communicate using SIC."
"Change the name of the Management Server object to the desired setting in SmartDashboard. (Unlike Security Gateways, this can be done without making any changes to SIC)." , this can be found in sk42071. So it's not C.
C
Because the hostname (name of the Security Management Server) has not been changed, SIC communication should not be affected, as long as the routing is correct
It's D.
IP Address of the Internal Certificate Authority (ICA) of Security Management Server / Domain Management Server is automatically added to Check Point Registry file ($CPDIR/registry/HKLM_registry.data) on Security Gateway when SIC is first established (between Security Gateway and Management Server).
If the IP Address of Security Management Server / Domain Management Server is changed, and SIC is never manually reset (between Security Gateway and Management Server), then the AutoRenewal of the Certificate will fail.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103356
I think C is correct.
From CCSA pag 27.
"Note: If the Security Management Server is renamed, trust will need to be reestablished as the certificate is reissued"
Answer is C:
CCSA Manual page 79:
Once SIC is established, the management server and its components are identified by their SIC names rather than the IP address. If the Security Management Server is renamed, trust will need to be
reestablished as the certificate is reissued.
D is correct answer.
IP Address of the Internal Certificate Authority (ICA) of Security Management Server / Domain Management Server is automatically added to Check Point Registry file ($CPDIR/registry/HKLM_registry.data) on Security Gateway when SIC is first established (between Security Gateway and Management Server).
If the IP Address of Security Management Server / Domain Management Server is changed, and SIC is never manually reset (between Security Gateway and Management Server), then the AutoRenewal of the Certificate will fail.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103356
C is partially correct. based on sk40993, Notes, Notes:
Since the hostname (name of the Security Management) has not been changed, SIC communication should not be affected, as long as the routing is correct.
Make sure that there is connectivity between the Security Management and the managed Security Gateway(s), and that DNS resolution is to the new IP Address.
3. If the DNS does not resolve to the new IP, you will need to reset SIC to confirm the change.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Kurp
Highly Voted 4 years, 5 months agoAnni_CCSA
3 years, 1 month agodongayan
3 years agoDoris8000
Most Recent 1 year, 6 months agoDako_Dakar
1 year, 11 months agoauburnuy
2 years, 2 months agoAmathai1803
2 years, 8 months agoandros
2 years, 9 months agoChinkSantana
3 years agoAl789789
3 years, 2 months agomrnqaz
3 years, 5 months agoDrTee
4 years, 1 month ago