CheckPoint 156-315.81 Check Point Certified Security Expert - R81.20 Exam Practice Test

Answer : A

When configuring Terminal Servers with Identity Awareness, you must configure the same password as a shared secret in both the Terminal Servers Identity Agent on the application server that hosts the Terminal/Citrix services and on the Identity Awareness Gateway.This shared secret enables secure communication and allows the Security Gateway to trust the application server with the Terminal Servers functionality1.

Check Point Software - Configuring Terminal Servers

Check Point Identity Awareness Clients Admin Guide

Check Point Troubleshooting Expert - R81 (CCTE) Reference Materials

Check Point Certified Troubleshooting Expert R81.20 - CCTE

Check Point CCTE Certification Sample Questions and Practice Exam

Answer : B

Access roles are objects that define a set of users, machines, or networks that can access a specific network resource. You can create access roles based on any combination of the following criteria:

Users and user groups: You can use users and user groups from various sources, such as LDAP, RADIUS, local database, etc.

Computers or computer groups: You can use computers or computer groups that are identified by their IP address, MAC address, or hostname.

Networks: You can use networks that are defined by their IP address range, subnet mask, or gateway.

You can use access roles in the Source or Destination column of an Access Control rule to allow or deny network access based on the identity of the users, machines, or networks.

The references are:

Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 11

Check Point R81 Quantum Security Gateway Guide, page 139

Check Point R81 Identity Awareness Administration Guide, page 9

Answer : B

An Endpoint Identity Agent is a software component that runs on the user's device and communicates with the Check Point gateway to provide user identity information. An Endpoint Identity Agent can use different methods for user authentication, such as username/password, Kerberos ticket, or certificate. However, the most common and recommended method is username/password or Kerberos ticket, which allows the user to log in to the device with their domain credentials and automatically authenticate with the gateway without entering additional credentials. This method also supports Single Sign-On (SSO) and Multi-Factor Authentication (MFA) features.

The references are:

Check Point R81 Identity Awareness Administration Guide, page 15

Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 14

Endpoint Identity Agent - Check Point CheckMates

Answer : D

Browser-Based Authentication is an identity awareness method that enables you to identify users who are not authenticated by other methods, such as Active Directory or VPN. Browser-Based Authentication redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity.

Browser-Based Authentication is suitable for scenarios where users can use company issued or personal laptops, since it does not require any installation or configuration on the user's device. It also supports various operating systems and browsers, and can be customized to match the company's branding.

The references are:

Check Point R81 Identity Awareness Administration Guide, page 9

Configuring Browser-Based Authentication in SmartConsole

Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 13

Answer : D

A Distinguished Name (DN) is a unique identifier for an object in an LDAP directory, such as a user, a group, or an organization. A DN consists of a sequence of relative distinguished names (RDNs), which are attributes that describe the object. The most common RDNs are:

Common Name (CN): The name of the object, such as a user's full name or a group's name

Country : The two-letter ISO code of the country where the object is located, such as US or PK

User container (UC): The name of the container that holds the user objects, such as Users or People

Domain Component (DC): The name of the domain that the object belongs to, such as checkpoint.com or example.org

An Organizational Unit (OU) is not a component of a DN, but a type of object that can be used to organize other objects in a hierarchical structure. An OU can have its own DN, which includes the OU attribute as an RDN, such as OU=Sales,DC=checkpoint,DC=com.

The references are:

Check Point R81 Identity Awareness Administration Guide, page 14

LDAP Distinguished Names

What is a Distinguished Name?

Answer : C

Captive Portal is one of the authentication methods used for Identity Awareness, which is a feature of Check Point that enables you to identify users and apply security policy rules based on their identity. Captive Portal redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity.

The references are:

Machine Authentication & Identity Awareness - Check Point CheckMates

Check Point Certified Security Expert R81.20, slide 13

Check Point R81 Identity Awareness Administration Guide, page 9

Answer : B

Captive Portal is a feature of Identity Awareness Software Blade that enables you to identify users who are not authenticated by other methods, such as Active Directory or VPN. Captive Portal redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity.

The references are:

Check Point R81 Identity Awareness Administration Guide, page 9

Configuring Browser-Based Authentication in SmartConsole