Exam 156-315.81.20 topic 1 question 116 discussion

To grant network access to an LDAP user group in a Check Point environment, you would use an Access Role object. Access Roles allow you to configure network access based on networks, users and user groups, computers and computer groups, and remote access VPN clients. Here's how you can use an Access Role for this purpose: Create an Access Role: Go to the object tree and select "New > More > Users > Access Role." Specify the User Group: In the "Users" pane, select "Specific users/groups" and choose the LDAP user group you want to grant access to. Configure Other Settings: You can also specify networks, machines, and remote access clients if needed. Apply in Policy: Use the Access Role in the Source or Destination columns of Access Control Policy rules to enforce the access control

In R81.20, Two ways can be applied 1. Legacy user ----Source will be users/groups@any , destination ---target network 2. Access role-----can contain * any user, * all identified user, * Specific users/ Groups (Internal users groups, LDAP Group, Guest, or identity tags). We need to think Identity Awareness blade is required to use Access Roles. In the new technology, checkpoint have Identity Awareness blade, so for remote users it is required, and access role is recommended than legacy user. Hence, Legacy user has limitation. There is a limitation in legacy user (user@location). It can only be used in layers with "firewall only", not on remote access user,

To grant network access to an LDAP user group in Check Point, you would typically use a User Group object. This User Group can be linked to an LDAP group (via SmartDirectory) to map LDAP users to a group in Check Point. Once the user group is created and associated with an LDAP group, you can apply specific access control policies based on this group for network access. So, the correct answer in the context of granting network access would be: D. User Group.