Which of the following statements is FALSE concerning Policy Servers?

A.
The Policy Server extends security to the desktop, by allowing administrators to enforce
Desktop Policies on clients connecting from the Internet.

B.
The Policy Server may be installed on an Enforcement Module.

C.
A Policy Server extends security to the desktop, by allowing administrators to enforce Desktop
Security Polices on clients connecting from an internal LAN.

D.
The Policy Server must be installed on the SmartCenter Server.

E.
The SecureClient machine obtains the Desktop Policy from the Policy Server.

Explanation:

p49 CCSE Study Guide
What Is the Policy Server?
A
Policy Server is a Check Point NG component that runs on a
VPN-1/FireWall-1 Module. It’s called a Policy Server because it allows
an administrator to centrally manage desktop security by issuing a Desktop
policy to SecureClient machines. The Desktop policy can be enforced on
machines inside and outside a LAN, to prevent authorized connections from
being compromised. In addition to enforcing a Desktop policy, the Policy
Server adds security by authenticating and authorizing users, verifying memberships
to user groups, and verifying secure configuration of SecureClient
machines.
Figure below provides an example of how machines with SecureClient are
protected from unauthorized connections. Once the SecureClient machines
connect to the Policy Server and download a Desktop policy, connections
that are unauthorized or not allowed by the Desktop policy will be dropped.
In Figure below, as the unauthorized user tries to connect to the other machines
on the network, the SecureClient machines can block the connection. Meanwhile,
the machine without SecureClient is open to the unauthorized attack.

Now that you understand what the Check Point NG Policy Server is and
what it does, let’s look further into its technical nature. We’ll discuss licensing
and configuration as well as the Policy Server daemon and the files that
make it work.
Licensing the Policy Server and SecureClient
It’s important to understand the licensing process for the Policy Server and
SecureClient. The SecureClient license is located on the SmartCenter Server
and is based on the number of SecureClient users you have. The Policy Server
license is located on each Policy Server and is independent of the number of users.
All SecureClient licenses contain one Policy Server license, so additional
Policy Server licenses are necessary only when multiple Policy Servers are
deployed. This arrangement is different from the way licensing worked in
VPN-1 4.1. The NG method is more scalable for Policy Server High Availability
implementations. NG includes another new feature: The Policy Server can run
on gateway clusters.
The Policy Server can be installed on a Windows, Solaris, Linux, or IPSO
platform. Just like the VPN-1/FireWall-1 package, the Policy Server must be
installed or uninstalled in a certain order. The Policy Server must be installed
on an existing FireWall Module. When you’re uninstalling the Policy Server,
it must be removed before the VPN-1/FireWall-1 package, which is removed
before the SVN Foundation package.