Exam 156-215.80 All QuestionsBrowse all questions from this exam
Go to Exam
Question 97

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

    Correct Answer: C

    To solve the problem of not being able to connect to the HR Web Server after moving to a different network segment, John should lock and unlock his computer. This process ensures that the identity awareness system updates the mapping of his identity to the new IP address assigned to his laptop in the new network segment. By doing so, the firewall rule allowing access based on his identity will function correctly regardless of the IP address changes within the organization.

Discussion
FC49

This example is in CP documentation: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62007.htm#o62003

ShabVj

Thanks FC49. Correct answer is C.

KurpOption: B

so many assumption in this question. B is defo valid. C is very possible since no security events were generated when the user changed its location (renewed IP). Security events only generated when user logs in or unlock screen

Ed_y

Security event needs to be generated, without that Identity Engine is unable to match machine(IP) with user

Mia12

Evan if he would push the policy it wouldn't work because the user has to lock/unlock the notebook first.

TallisOption: D

D. The IT department have forgotten to remove the static IP from his laptop so when he moves to a different segment, his IP won’t work. He’ll have issues way before he gets a chance to try and access HR system.

djreymixOption: C

I have 2 boss they are CSSM and the correct answer is "C". The answer explain by they. (Trust me they are like the Checkpoint TAC.) What AD Query does is precisely a query of the identities of the users, Check Point integrates with the AD through a windows component called WMI. Through this component, checkpoint consults the security event log in the AD. Within these events those that Check Point consults are the log in and log out events of the domain users. Those log in and logout events have the information just about the username, and it does the IP and username mapping to generate a login and logout event and once chkp does the query, get that updated info. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60301

Inovative23Option: C

The SmartView Tracker log shows that the system recognizes John Adams as the user behind IP 10.0.0.19. This log entry shows that the system maps the source IP to the user John Adams from CORP.ACME.COM. This uses the identity acquired from AD Query. Note - AD Query maps the users based on AD activity. This can take some time and depends on user activity. If John Adams is not identified (the IT administrator does not see the log), he should lock and unlock the computer. Ans : C

oluchecpointOption: B

B To make the rule effective, the policy require to be publish and to be install.

uttOption: B

Answer is B, cus ADMIN dont install policy yet

Cycy_miaOption: C

C Note - AD Query maps the users based on AD activity. This can take some time and depends on user activity. If John Adams is not identified (the IT administrator does not see the log), he should lock and unlock the computer.

Doris8000Option: C

User Idehttps://www.examtopics.com/exams/checkpoint/156-21580/view/17/#ntification in the Logs The logs in the Logs & Monitor view of SmartConsole show that the system recognizes James Wilson as the user behind IP 10.0.0.19. This log entry shows that the system maps the source IP to the user James Wilson from CORP.ACME.COM. This uses the identity acquired from AD https://dl3.checkpoint.com/paid/7a/7a3e8096043cfd7a0d0be488c326a4a8/CP_R80.10_IdentityAwareness_AdminGuide.pdf?HashKey=1675157903_6dac5eb631e9ee2c050258a46b61c0d5&xtn=.pdfQuery. Note - AD Query maps the users based on AD activity. This can take some time and depends on user activity. If James Wilson is not identified (the IT administrator does not see the log), he should lock and unlock the computer.

LevisOption: B

https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62007.htm#o62003 should install the policy

zoltar

None of these is the right answer. He should install an Endpoint Identity Agent on his laptop.

mauchi

It says it choses to use AD Query as the identity source, and according to the documentation its clientless and transparent to the user, so I think you are mistaken. https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_IdentityAwareness_AdminGuide/html_frameset.htm?topic=documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_IdentityAwareness_AdminGuide/101050