What happens in relation to the CRL cache after a cpstop and cpstart have been initiated?

When you hide a rule in a Rule Base, how can you then disable the rule?

Multi-Corp must comply with industry regulations in implementing VPN solutions among multiple sites. The corporate Information Assurance policy defines the following requirements:

What is the most appropriate setting to comply with these requirements?

Portability Standard

Key management Automatic, external PKI

Session keys changed at configured times during a connection’s lifetime

Key length No less than 128-bit

Data integrity Secure against inversion and brute-force attacks

What is the most appropriate setting to comply with theses requirements?

[tagged]
Which item below in a Security Policy would be enforced first?

Why are certificates preferred over pre-shared keys in an IPsec VPN?

What are the two basic rules which should be used by all Security Administrators?

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

Which rule should be the Cleanup Rule in the Rule Base?

Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly.
How would you start such a migration?

You want to reset SIC between smberlin and sgosaka.

In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:

What is the reason for this behavior?