Checkpoint 156-215.81 Practice Test - Questions Answers, Page 37

The commandadd rba user <User Name> roles <List>is used to add users to or from existing roles.RBA stands for Role-Based Administration, which is a feature that allows administrators to assign different permissions and access levels to users based on their roles2.

The best way to restrict access to a network resource only allowing certain users to access it, and only when they are on a specific network, is to create an Access Role object, with specific users or user groups specified, and specific networks defined. Then, use this access role as the ''Source'' of an Access Control rule.This allows for granular control over network traffic based on user identity and location3.

A Security Policy is created in SmartConsole, stored in the Security Management Server, and distributed to the various Security Gateways. SmartConsole is a graphical user interface that allows administrators to create and edit security policies. The Security Management Server is a central server that stores and manages the security policies. The Security Gateways are devices that enforce the security policies on the network traffic.

The order of NAT priorities is Static NAT, IP pool NAT, and hide NAT. Static NAT has the highest priority because it is a one-to-one mapping of a private IP address to a public IP address. IP pool NAT has the second highest priority because it is a one-to-many mapping of a private IP address to a pool of public IP addresses.Hide NAT has the lowest priority because it is a many-to-one mapping of multiple private IP addresses to a single public IP address1.

While enabling the Identity Awareness blade, the Identity Awareness wizard does not automatically detect the Windows domain because the SmartConsole machine is not part of the domain.The SmartConsole machine needs to be a member of the Windows domain or have access to a domain controller in order to detect the domain automatically2.

If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, the administrator who locked the objects must publish or discard the session to make them available to other administrators.Publishing or discarding the session will save or discard the changes made by the administrator and unlock the objects for editing by others3.

The Internal Certificate Authority (ICA) is created during the primary Security Management Server installation process. The ICA is a component that issues and manages certificates for Check Point products. The ICA is automatically installed and initialized when installing the Security Management Server.

TheShared policiesfeature allows administrators to share a policy with other policy packages3. This can save time and effort when managing multiple gateways with similar security requirements.Shared policies can be applied to Access Control, Threat Prevention, and HTTPS Inspection layers4.

Reference:Check Point R81 Security Management Administration Guide,Check Point R81 SmartConsole R81 Resolved Issues

When dealing with rule base layers, two layer types can be utilized: Ordered Layers and Inline Layers5. Ordered Layers are executed sequentially according to their order in the policy. Inline Layers are embedded in a parent layer and are executed only if the parent rule matches.

Reference:Check Point R81 Firewall Administration Guide, [Check Point R81 Security Management Administration Guide]