John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR
servers to designated IP addresses to minimize malware infection and unauthorized access risks.
Thus, the gateway policy permits access only from John’s desktop which is assigned a static IP
address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the
organization. The IT department gave the laptop a static IP address, but that limits him to
operating it only from his desk. The current Rule Base contains a rule that lets John Adams
access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around
the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources
installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR
Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
A.
John should lock and unlock his computer
B. Investigate this as a network connectivity issue
C.
The access should be changed to authenticate the user instead of the PC
D.
John should install the Identity Awareness Agent
C)
A
C is correct.
A is incorrect, if you read the “2)” which clearly says John PC “…that let John PC access to the HR….”
why are questions 195-197 the same but with different answers. Check Point’s practice test on their website says it’s A also.
196 is his computer from different location. 197 is from a different PC, same user.
C is correct!
@Brad: Questions 195-197 are nearly the same but in each case there is a difference.
In 195 was about his computer having been assigned a static address of 10.0.0.19. If he moves to another network segment or wifi then he’ll need a different IP address. Setting his computer to DHCP will allow him to have the new IP address. Since Identity Awareness is now active he’ll still be able to access the server.
I can only assume that in 196 he has already logged into his computer before the change was installed on the gateways. By locking and unlocking his computer he authenticates himself, giving him access to the server.
In this question John is on another computer. Since the access is by the computer and not the user he cannot access the server; the new computer is not on the access list. By changing the access to the user he will be able to access the server from any computer he is authenticated on.
@Anders your thought process is right on, but in 196, admin has to install the policy for the change of changing the access role.
C
Finally passed 156-215.77 exam few days ago! Scored 90%!! ( The passing score is 70%. )
I had 100 questions, around 15 new questions, those new questions were mainly on Smartlog, VPN, Initial Setup, Identity Awareness and so on.
Some new Qs are not available here, and I got them from the newest PassLeader 156-215.77 dumps ( 420q VCE and PDF ), which are the most valid 156-215.77 dumps now!
Besides:
Part of that PassLeader 156-215.77 dumps are available on Google Drive for free now:
https://drive.google.com/open?id=0B-ob6L_QjGLpeGwwU2ZQbmZkZnM
( FYI! Good Luck!! )