Free 156-582 Exam Braindumps (page: 9)

Page 8 of 20

What is the port for the Log Collection on Security Management Server?

  1. 18191
  2. 443
  3. 258
  4. 257

Answer(s): D

Explanation:

Port 257 is used for log collection on the Security Management Server. This port facilitates the transmission of log data from Security Gateways to the Management Server, ensuring that logs are centralized for monitoring, analysis, and reporting.



What Check Point process controls logging?

  1. CPWD
  2. FWD
  3. CPD
  4. CPM

Answer(s): B

Explanation:

The FWD (Firewall Daemon) process is responsible for controlling logging in Check Point environments. It manages the creation, storage, and transmission of logs from Security Gateways to the Security Management Server, ensuring that all relevant security events are recorded and available for analysis.



As a security administrator/engineer in your company, you have noticed that your HQ Check Point Security Management Server is not receiving logs from your HQ Check Point Gateway/Cluster. To investigate this issue in the command line, you will need to verify which process is running?

  1. cpm
  2. cpd
  3. fwd
  4. fwm

Answer(s): C

Explanation:

To troubleshoot why the Security Management Server is not receiving logs from the Security Gateway or Cluster, you should verify the status of the FWD process. The fwd daemon handles log forwarding and ensures that logs are transmitted from the gateway to the management server. Checking if fwd is running and functioning correctly is essential for resolving log transmission issues.



How would you check the connection status of a gateway to the Log server?

  1. Run netstat -anp | grep :257 in CLISH on Log server
  2. Run netstat -anp | grep :257 in expert mode on Log server
  3. Run netstat -anp | grep :18187 in expert mode on Log server
  4. Run netstat -anp | grep :18187 in CLISH on Log server

Answer(s): B

Explanation:

To check the connection status between a gateway and the Log server, use the netstat -anp | grep :257 command in expert mode on the Log server. This command filters the network connections to display only those related to port 257, which is used for log collection. Running it in expert mode provides the necessary privileges to view detailed network information.






Post your Comments and Discuss Checkpoint 156-582 exam with other Community members:

156-582 Discussions & Posts