Exam 156-315.81 topic 1 question 9 discussion

CCSA: Active Directory Query The AD Query is a clientless identity acquisition method that lets the Security Gateway seamlessly identify AD users and computers. It is based on AD integration and lets the Security Gateway correlate AD users and machines to IP addresses in a method that is completely transparent to the user. When using AD Query (ADQ), the Security Gateway connects to the AD Domain Controllers using Windows Management Instrumentation (WMI), a standard Microsoft protocol to get Security Event logs. By default, Security Event logs are generated on the Domain Controllers when users perform login. Using these event logs, the Security Gateway can correlate Active Directory users and machines to IP addresses and to enforce a user-based policy. NOTE: Security event logging must be enabled on the AD server.

A - "If you enable AD Query, the dedicated Security Gateway communicates with all Active Directory domain controllers over WMI."

Answer is A

A is correct. http://supportcontent.checkpoint.com/solutions?id=sk60301#Abstract

A is correct

I agree the answer is WMI. Option A

A is correct

A is correct

WMI option is correct ...it is not LDAP

Identity awareness R81.10 admin guide: In this technology, you make a query for the Active Directory Security Event Logs and extract the user and computer mapping to the network address from them. It works because of Windows Management Instrumentation (WMI), a standard Microsoft protocol. The Identity Awareness Gateway communicates directly with the Active Directory domain controllers and does not need a special server.