Examice

Exam 156-31581 All QuestionsBrowse all questions from this exam

Question 47

The admin is connected via ssh to the management server. He wants to run a mgmt_cli command but got an Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue?

[Expert@SMS:0]# mgmt_cli show service-tcp name FTP

Username: admin -

Password:

message: "Error 404. The Management API service is not available. Please check that the Management API server is up and running." code: "generic_error"

[Expert@SMS:0]# netstat -anp | grep http

tcp00 0.0.0.0:800.0.0.0:*LISTEN18114/httpd

tcp00127.0.0.1:810.0.0.0:*LISTEN18114/httpd

tcp00 0.0.0.0:44340.0.0.0:*LISTEN9019/httpd2

tcp00 0.0.0.0:4430.0.0.0:*LISTEN 18114/httpd

Wrong Management API Access settings for the client IP. To correct it go to SmartConsole / Management & Settings / Blades / Management API and press 'Advanced Settings...' and choose GUI clients or ALL IP's.

The API didn't run on the default port check it with 'api status' and add '--port 4434' to the mgmt_cli command.

The management permission in the user profile is missing. Go to SmartConsole / Management & Settings / Permissions & Administrators / Permission Profiles. Select the profile of the user and enable 'Management API Login' under Management Permissions.

The API is not running, the services shown by netstat are the Gaia services. To start the API run 'api start'.

Correct Answer: D

The error message indicates that the Management API service is not available, which typically means that the API server is not running. The 'netstat' command output shows active listening ports, but these are likely for other services. To resolve the issue, the administrator should start the Management API using the 'api start' command.

Discussion

loxodromeOption: B

I tested it on my management and B is correct

alfirmd

sorry, i think you wrong, the API Management port used 443 not 4434 https://community.checkpoint.com/t5/Security-Gateways/R81-x-Ports-Used-for-Communication-by-Various-Check-Point/td-p/38153 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156472 I think the correct answer is D

ruank

Port 4434 is used when you also have Endpoint management enabled. That said, correct answer is D.

MingFOption: D

i think D is correct To collect troubleshooting data, please run 'api status -s <comment>' If it has not started, execute the below command. > api start Alternatively, restart the API > api restart

DKangarooOption: C

C is the correct Answer. > api start is not a Valid command and if it would have been > api restart then D would be correct. However, in this case User needs to have the permission to access the Management API Login -Log in with the management API. https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Assigning-Permission-Profiles-to-Administrators.htm#Configur2

c0be09e

api start is indeed a valid command. Check your docs

sevasokol44Option: C

https://community.checkpoint.com/t5/API-CLI-Discussion/API-WebServices-show-access-layer-returning-404-Not-Found/td-p/102486

zutOption: D

I agree with MingF, answer is D

DKangarooOption: C

matfidOption: B

maybe loxodrome does not use R81.10 or higher because: Management commands fail when the Gaia portal does not use the standard port 443 If you do not wish to upgrade, the following workarounds are available: To make the Management commands work using the mgmt_cli tool, perform the following on the Security Management server: From the Expert mode, run [Expert@Hostname]# export MGMT_CLI_PORT=<port number> OR add the parameter "--port <port-number>" to the mgmt_cli command as an extra argument. Example: [Expert@Hostname]# mgmt_cli login --root true --port 4434 To make the Management commands work using the GUI, perform the following on the Security Management server from the Expert mode: Edit the /home/admin/.bash_profile file and add the line export MGMT_CLI_PORT=<port number> Save the file Run cpstop, cpstart to restart Check Point services.