VPN-1/FireWall-1 allows a Security Administrator to define four types of Certificate Authorities.
Which of the following is NOT a type of Certificate Authority that can be defined in VPN-1/FirwWall-1?

A.
OPSEC PKI

B.
External SmartCenter Server

C.
Entrust PKI

D.
VPN-1 Certificate Manager

E.
Caching Only Certificate Manager

Explanation:

p208 Check Point Mgmt II Student Manual
As with any other object, a Name is given and you can define a Comment
and Color. The Certificate Authority pull-down menu lists the
four choices for creating a CA server object:
VPN-1 Certificate Manager This was Check Point’s proprietary
twist on Entrust’s Certificate Manager. This product line was dropped
in December 2001 but is listed to handle backward compatibility
requirements.
Entrust PKI This OPSEC partner offers a PKI solution. See
www.entrust.com for more details.
OPSEC PKI This option encompasses non-Entrust OPSEC PKI solutions.
For a listing of current OPSEC-certified PKI solutions, go to
http://www.opsec.com/solutions/sec_pki.html .
External Management Server This option is for Check Point certificates
that you import from other Check Point SmartCenter Servers.
NG’s implementation of IKE supports X.509 digital certificates from
these sources. Keep in mind that you can have only one certificate
from each CA, and each CA must have a unique DN.