nerdexam
Check_Point

156-215.80 · Question #247

Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in

The correct answer is B. LDAP group. When users reside in an LDAP-backed Active Directory, an LDAP group object must be referenced in the Client Authentication rule so that the gateway can resolve and authenticate those directory users.

User Management and Authentication

Question

Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?

Options

  • AExternal-user group
  • BLDAP group
  • CA group with a genetic user
  • DAll Users

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    87% (27)
  • C
    3% (1)
  • D
    6% (2)

Why each option

When users reside in an LDAP-backed Active Directory, an LDAP group object must be referenced in the Client Authentication rule so that the gateway can resolve and authenticate those directory users.

AExternal-user group

An external-user group is used for users authenticated by external authentication schemes not tied to LDAP, such as RADIUS or TACACS, and would not correctly reference Active Directory accounts.

BLDAP groupCorrect

An LDAP group object in SmartDashboard maps directly to an organizational unit or group in Active Directory via the configured LDAP Account Unit. Referencing this group in the Client Authentication rule causes the Security Gateway to query the LDAP server to validate the authenticating user's membership, enabling proper authentication for AD-defined users.

CA group with a genetic user

A group with a generic user acts as a template-based wildcard and does not specifically bind to LDAP directory entries.

DAll Users

The 'All Users' group is a broad built-in group and does not enforce LDAP-specific lookups or restrict membership to Active Directory accounts.

Concept tested: LDAP group objects in Client Authentication rules

Source: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN1_AdminGuide/html_frameset.htm

Topics

#LDAP group#Active Directory#client authentication#user groups

Community Discussion

No community discussion yet for this question.

Full 156-215.80 Practice