When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security
Policy?
When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security
Policy?
When defining group-based access in an LDAP environment with Identity Awareness, the best object type to represent an LDAP group in a Security Policy is an Access Role. Access Role objects can include users and user groups, computers and computer groups, and networks. This allows for flexible and comprehensive definition of access rules based on user identities and groups, which is essential in an LDAP-integrated environment.
A is correct... check the page 595 CCSA book guide... From the guide.. After you enable Identity Awareness, you can create access role objects. You can use Access Role objects as source and/or destination parameter in a rule. Access role objects can include one or more of these objects: Users and user groups Computers and computer groups Networks
why isnt it B? in the first part of the question it says we want to define group-based access, fine, but then it actually asks about the object type to represent and LDAP GROUP - so not an access. The access can be then defined, after having created the LDAP group / user group, on the "Users" tab of the "New Access Role" menu
I absolutely agree with you.
No, A - Access Role is correct: https://www.checkpoint.com/training/ccsa/chapter7/
yes, for me is B
please take a look about best practice https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31841 on the page you can find only about creation LDAP group but in question we have: A. Access Role B. User Group C. SmartDirectory Group D. Group Template and one more thing: try to add user group from LDAP in your lab in object User group
In question 512 of this test, the answer is User Group... I would choose User Group here too (B).