ExamTopics Logo
Mail Us[email protected]
Menu
Checkpoint Discussions
exam questions

Exam 156-215.80 All Questions

View all questions & answers for the 156-215.80 exam
Go to Exam

Exam 156-215.80 topic 1 question 233 discussion

Actual exam question from Checkpoint's 156-215.80
Question #: 233
Topic #: 1
[All 156-215.80 Questions]

Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?

  • A. Bridge
  • B. Load Sharing
  • C. High Availability
  • D. Fail Open
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by mauchi at May 14, 2020, 9:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lukemikro
Highly Voted 1 year, 1 month ago
Correct is answer D FAIL MODE Allow all connections (Fail-open) - All connections are allowed in a situation of engine overload or failure (default). https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/101703.htm Identity Awareness can be deployed in Bridge mode or Route mode. In the Bridge mode, it can use an existing subnet with no change to the hosts' IP addresses. In the Route mode, the Security Gateway acts as a router with different subnets connected to its network interfaces. For redundancy, you can deploy a cluster of Identity Awareness Security Gateways in High Availability or Load Sharing modes. https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_IdentityAwareness_AdminGuide/html_frameset.htm?topic=documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_IdentityAwareness_AdminGuide/63005
upvoted 5 times
...
mauchi
Highly Voted 1 year, 2 months ago
why Bride? On the Identity Awareness Documentation it says this: "Identity Awareness can be deployed in Bridge mode or Route mode. • In the Bridge mode, it can use an existing subnet with no change to the hosts' IP addresses. • In the Route mode, the Security Gateway acts as a router with different subnets connected to its network interfaces." https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/62002 For redundancy, you can deploy a cluster of Identity Awareness Security Gateways in High Availability or Load Sharing modes." However, I haven't found any information about "Fail Open"
upvoted 5 times
...
rafaelrodroliveira1988
Most Recent 3 months, 1 week ago
D is correct. https://dl3.checkpoint.com/paid/7a/7a3e8096043cfd7a0d0be488c326a4a8/CP_R80.10_IdentityAwareness_AdminGuide.pdf?HashKey=1618374511_9fb3caaead1d8bec214cb56a4bb5de9a&xtn=.pdf
upvoted 1 times
...
kambata
8 months ago
So none of the answers are correct. Indeed it can be deployed in Bringe, HA (of course) and load sharing. Fail Open means when the IPS blade is down, that the firewall will continue to process traffic (it has nothing to do with identity awareness) ....
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago