Logs can be stored on a: Management Server that receives logs from the managed Security Gateways / Clusters. This is the default. Log ServerClosed on a dedicated machine. This is recommended for organizations that generate a lot of logs. Security Gateways / Cluster Members. This is called local logging.

as https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Understanding-Logging.htm 1-Management Server that receives logs from the managed Security Gateways / Clusters. This is the default. 2-Security Gateways / Cluster Members. This is called local logging. so option D make sense.

Security Management Server and Security Gateway CAN both store logs, so D

the correct answer is A . Security logs created by gateways are sent to either management servers (if they are acting as log servers), dedicated log servers, or both if so configured. Additionally, logs can be stored locally and forwarded to the management/log servers on schedule.

I agree with Cedric567

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Understanding-Logging.htm#:~:text=Logs%20can%20be%20stored%20on,Log%20Server

I think is correct, security gateway has disk, those disk are for storing logs.

Wrong. Correct is A. The Gateway collects logs and sends them to the assigned Log Server, which is usually on the Management as long as there is no seperate Log Server deployed