Which of the following are TRUE about SecureClient? (Choose three)
A.
SecureClient cannot use Hybrid IKE for its encryption method.
B.
When SecureClient and Enforcement Module exchange keys, the user will be re-authenticated
if the password has been erased.
C.
Before you attempt to download a Security Policy, you must first define a site in which a Policy
Server is contained.
D.
SecureClient syntax checking can be used to monitor userc.C file parameters. This checking is
used to prevent errors causing the site to which it belongs from being deleted.
E.
SecureClient supports Desktop Policies issued by a Policy Server.
Explanation:
Understanding SecureClient
SecureClient is the same software as SecuRemote, with added functionality.
Just as with SecuRemote, the client-to-site VPNs created with SecureClient use IPSec-based encryption. The major difference in using the
SecureClient graphical interface (shown in Figure below) is the Policy menu,
which helps users interact with the Policy Server. Most of the other menu
options are the same as in SecuRemote and are defined in Chapter 9.
The only difference is the selection of the default
SecureClient with desktop security, instead of SecuRemote. However,
despite the similarity in the GUI interface and the installation, SecureClient
provides greater functionality than SecuRemote with its desktop security.As you can see in Figure above, an option in the Policy menu lets you log
on to a Policy Server. When you choose the Logon to Policy Server option,
a list of the installed Policy Servers is displayed as a submenu; you can then
choose a Policy Server to log on to. When the SecureClient user logs on to the
Policy Server, the Desktop policy is downloaded to the SecureClient
machine.
The logon occurs as either an
implicit logon or an explicit logon
. During an implicit logon, a Desktop policy is automatically installed on the SecureClient machine when the client authenticates. During an explicit logon, you
click the Update button to update the Desktop policy. The logon is considered
explicit because you initiate the download and are prompted to specify
whether you would like to download a Desktop policy. The policy is downloaded
only when you add or update a site that contains a Policy Server.
The Policy menu lets you disable a Desktop policy. If a Desktop policy isrequired by a Policy Server and you disable the policy, you will not be able
to VPN with the firewall until you log on again and a new policy is issued to
the client. If you disable the policy while participating in a VPN, the VPN
will continue, and the change will take effect after you restart SecureClient.
SecureClient does not support IP forwarding. IP forwarding may be enabled
to forward packets to another NIC on a machine. When IP forwarding is
detected, a warning message is shown to the user. If you are implementing
SecureClient, be sure you off turn IP forwarding.