Check Point Certified Security Administrator (CCSA) R80 — Question 275

The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?

Answer options

• A. Add tcpdump to CLISH using add command. Create a new access role. Add tcpdump to the role. Create new user with any UID and assign role to the user.
• B. Add tcpdump to CLISH using add command. Create a new access role. Add tcpdump to the role. Create new user with UID 0 and assign role to the user.
• C. Create a new access role. Add expert-mode access to the role. Create new user with UID 0 and assign role to the user.
• D. Create a new access role. Add expert-mode access to the role. Create new user with any UID and assign role to the user.

Correct answer: A

Explanation

The correct answer is A because it allows the administrator to run tcpdump without granting expert mode access, which is the requirement. Options B, C, and D either provide expert mode access or suggest assigning UID 0, which is unnecessary for this scenario and could pose security risks.