A SecureClient configuration is being verified with Secure Configuration Verification (SCV) on an
Enforcement Module. Which of the following is NOT true?
A.
If users log off the Policy Server or disable the Security Policy, SecureClient will indicate a
Secure Configuration failure.
B.
The Enforcement Module checks the identity of users on specific machines, and verifies that
the machines are securely configured.
C.
SCV cannot be verified on an Enforcement Module.
D.
Access is denied to SecureClient machines that are accidentally or intentionally misconfigured.
E.
The default SCV policy requires users to log in to the Policy Server.
Explanation:
p360 Check Point Mgmt II Student Manual
Secure Configuration Verification (SCV)
Secure Configuration Verification (SCV)
is a mechanism that determines
whether the SecureClient machine is securely configured (clean) or not
securely configured (dirty). SCV makes sure SecureClient machines that are
attempting to VPN with the firewall are protected by the Policy Server’s policy
and their security is not being compromised.
The SCV process is done with an
SCV Manager
component running on
the Policy Server. The SCV Manager is responsible for configuration and
maintenance of the SCV state from all
SCV plug-ins
. SCV plug-ins are DLLs
registered with SecureClient; they contain functions that can notify the SCV
Manager of the DLL’s state. When the SCV Manager wants SCV status, it
queries all registered SCV plug-ins about the SCV state for which they are
responsible. If all SCV plug-ins indicate that the machine is securely configured,the SCV Manager sets the general SCV state to “securely configured.”
Otherwise, it considers the SecureClient machine to be not secure. One of the
files that carries the SCV information is
local.scv
; it is stored on the
SecureClient machine with its other configuration files.
Future versions of SCV will support Check Point NG and third-party SCV
plug-ins such as Open Platform for Security (OPSEC) products. Administrators
will be able to configure both the SCV plug-ins and the SCV checks.
Doing so will help the administrator customize the SCV operation and gain
more control over the SecureClient machine.
The next section discusses SecureClient, its deployment, and the SecureClient Packaging Tool.