156-215.81 Exam Results

Since Bob and Joe both have Administrator Roles on their Gaia Platform and they both are logged in on different interfaces, they will both be able to make changes. Gaia allows multiple administrators to log in simultaneously and perform different tasks without locking the database or logging out each other. References: Gaia R81.20 Administration Guide, page 18.

An Endpoint identity agent uses a username/password or Kerberos ticket for user authentication3, p. 28. An Endpoint identity agent is a lightweight client installed on endpoint computers that communicates with Identity Awareness gateways and provides reliable identity information. An Endpoint identity agent does not use a shared secret, a token, or a certificate for user authentication. References: Check Point CCSA - R81: Practice Test & Explanation, [Check Point Identity Awareness Administration Guide R81]

The best way to restrict access to a network resource only allowing certain users to access it, and only when they are on a specific network, is to create an Access Role object, with specific users or user groups specified, and specific networks defined. Then, use this access role as the “Source” of an Access Control rule. This allows for granular control over network traffic based on user identity and location3.

References: 3: Check Point R81 Security Gateway Administration Guide, page 13.

Suspicious Activity Monitoring (SAM) is the utility that is used to block activities that appear to be suspicious. SAM allows administrators to block connections from specific IP addresses or network objects for a specified period of time3. Penalty Box is a feature of SAM that automatically blocks connections from sources that generate too many log entries. Drop Rule in the rulebase is a firewall action that discards packets that match certain criteria. Stealth rule is a firewall rule that prevents direct access to the Security Gateway from external sources.