156-587 · Question #106
156-587 Question #106: Real Exam Question with Answer & Explanation
The correct answer is D. via Windows API. Identity Collector connects to Windows Server using the Windows API (specifically WMI/Windows Management Instrumentation) to remotely read Security Event Logs on domain controllers, capturing logon events to map users to IP addresses in real time. Why the distractors are wrong: A
Question
Options
- AADQuery is needed for connection
- BLDAP connection
- CIt uses a PDP demon to connect
- Dvia Windows API
Explanation
Identity Collector connects to Windows Server using the Windows API (specifically WMI/Windows Management Instrumentation) to remotely read Security Event Logs on domain controllers, capturing logon events to map users to IP addresses in real time.
Why the distractors are wrong:
- A (ADQuery): ADQuery is a separate Check Point identity source that uses LDAP to query Active Directory objects - it's a different mechanism entirely, not a dependency of Identity Collector's connection method.
- B (LDAP): LDAP is used by AD Query and similar directory-browsing tools. Identity Collector doesn't browse the directory; it monitors event logs, which requires the Windows API, not LDAP.
- C (PDP daemon): The Policy Decision Point (PDP) is a Check Point internal component for policy enforcement - it plays no role in how Identity Collector establishes its connection to Windows Server.
Memory tip: Associate "Identity Collector + Windows Server = native language." Identity Collector reads Windows Security Event Logs, so it must speak Windows' own API - just as you'd use a native library to read OS-level data rather than a directory protocol like LDAP.
Topics
Community Discussion
No community discussion yet for this question.