Check Point Certified Security Administrator (CCSA) R80 — Question 12

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

Answer options

• A. John should install the identity Awareness Agent
• B. The firewall admin should install the Security Policy
• C. John should lock and unlock the computer
• D. Investigate this as a network connectivity issue

Correct answer: C

Explanation

The correct answer is C because locking and unlocking the computer can refresh the identity awareness and allow the access role to recognize him from different locations. Option A is incorrect as installing the Identity Awareness Agent does not directly resolve the issue since he has already been granted access. Option B is wrong because the Security Policy is already in place; thus it does not need to be installed again. Option D suggests a network issue, but the problem lies in identity recognition rather than connectivity.