ExamGecko
Search Search Login
Home Home / Checkpoint / 156-836

Checkpoint 156-836 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What happens if you apply a hotfix using gClish?
What is the command 'asg diag' used for?
What does the lldpctl command do?
For the MHO-175, which ports are Management ports?
The __________ command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.
In a dual MHO environment, MHO1 and MHO2 are connected to the SGM line cards in which way?
What is the purpose of RJ-45 connectors located at the front panel of the Orchestrator MHO-170?
What is one benefit of a Dual MHO environment?
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
What type of license is required for an MHO?

Question 1

Report
Export
Collapse

Logs without a dedicated log file can be found in

A.
/var/log/junk.log.dbg
A.
/var/log/junk.log.dbg
Answers
B.
/var/log/messages
B.
/var/log/messages
Answers
C.
$RTDIR/log/junk.log
C.
$RTDIR/log/junk.log
Answers
D.
$FWDIR/log/fw.log
D.
$FWDIR/log/fw.log
Answers
Suggested answer: B

Explanation:

The /var/log/messages file is a general system log file that contains information about various system events, such as booting, shutdown, cron jobs, kernel messages, and other system services. Logs without a dedicated log file can be found in this file, as well as some Maestro Gaia Clish commands that are not saved in the /var/log/command_logger.log file.

Reference

* Maestro Audit Logs - Where are they? - Check Point CheckMates1

* sk172923: The /var/log/messages file does not save Maestro Gaia Clish commands2

* Maestro Expert (CCME) Course - Check Point Software, page 33

Question 2

Report
Export
Collapse

The drop_monitor command is useful for

A.
Monitoring Check Point code drops
A.
Monitoring Check Point code drops
Answers
B.
Viewing all interface drops such as RX-ERR, RX-DRP, and RX-OVR
B.
Viewing all interface drops such as RX-ERR, RX-DRP, and RX-OVR
Answers
C.
Viewing all drops by Check Point code or the Gaia OS, such as RX-DRP, RX-ERR, and Gaia OS drops.
C.
Viewing all drops by Check Point code or the Gaia OS, such as RX-DRP, RX-ERR, and Gaia OS drops.
Answers
D.
Showing the system temperature in real-time for multiple components, such as CPU, fan, and SSDs.
D.
Showing the system temperature in real-time for multiple components, such as CPU, fan, and SSDs.
Answers
Suggested answer: C

Explanation:

The drop_monitor command is a tool that monitors and displays the packets that are dropped by the Check Point code or the Gaia OS on the orchestrator and the appliances. It can help troubleshoot network issues and optimize performance. The command shows the drop reason, source, destination, protocol, and port of the dropped packets, as well as the interface and the module that dropped them.

Reference

* R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates1

* Support, Support Requests, Training ... - Check Point Software2

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge

Question 3

Report
Export
Collapse

Possibilities for a failure in a single SGM of a Security Group include.

A.
A change was made with clish instead of gClish, causing the SGM to handle traffic differently than the other SGMs.
A.
A change was made with clish instead of gClish, causing the SGM to handle traffic differently than the other SGMs.
Answers
B.
SecureXL is not enabled on the SGM.
B.
SecureXL is not enabled on the SGM.
Answers
C.
An administrator imported a hotfix into the CPUSE repository of a single SGM.
C.
An administrator imported a hotfix into the CPUSE repository of a single SGM.
Answers
D.
There are too many active SGMs in the SG.
D.
There are too many active SGMs in the SG.
Answers
Suggested answer: C

Explanation:

One of the possible causes of a failure in a single SGM of a Security Group is that an administrator imported a hotfix into the CPUSE repository of a single SGM, instead of using the orchestrator to distribute the hotfix to all the SGMs in the Security Group. This can create a mismatch in the software versions and configurations of the SGMs, and lead to unexpected behavior and errors.

Reference

* Maestro Expert (CCME) Course - Check Point Software, page 251

* sk172923: The /var/log/messages file does not save Maestro Gaia Clish commands2

* sk180418: Security Gateway Member (SGM) is stuck after it is added to a Security Group with image auto cloning enabled on the Single Management Object (SMO)

Question 4

Report
Export
Collapse

There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?

A.
Any pair of available ports
A.
Any pair of available ports
Answers
B.
Port 1 in Slot 1 and Port 1 in Slot 2
B.
Port 1 in Slot 1 and Port 1 in Slot 2
Answers
C.
Port 1 in Slot 1 and Port 2 in Slot 1
C.
Port 1 in Slot 1 and Port 2 in Slot 1
Answers
D.
Port 1 in Slot 2 and Port 2 in Slot 1
D.
Port 1 in Slot 2 and Port 2 in Slot 1
Answers
Suggested answer: B

Explanation:

The correct interfaces to connect to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators are Port 1 in Slot 1 and Port 1 in Slot 2. This is because each slot represents a different NIC, and each port represents a different physical link. By connecting two ports from different slots, the appliance can have redundant connections to the same orchestrator, and avoid a single point of failure in case of a NIC or link failure.

Reference

* Check Point 156-835 Certification Flashcards | Quizlet1

* Maestro Expert (CCME) Course - Check Point Software, page 182

* Maestro Technical Training, Module 2: Maestro Security Groups and the Single Management Object, slide 163

Question 5

Report
Export
Collapse

What is one benefit of a Dual MHO environment?

A.
Dual MHOs provide redundancy to the Maestro environment by increasing throughput by at least 50 percent.
A.
Dual MHOs provide redundancy to the Maestro environment by increasing throughput by at least 50 percent.
Answers
B.
Dual MHOs allow better synchronization to occur between SGMs.
B.
Dual MHOs allow better synchronization to occur between SGMs.
Answers
C.
Dual MHOs allow additional SGMs to be added to the SG.
C.
Dual MHOs allow additional SGMs to be added to the SG.
Answers
D.
Dual MHOs can be used to achieve increased scalability and redundancy. .
D.
Dual MHOs can be used to achieve increased scalability and redundancy. .
Answers
Suggested answer: D

Explanation:

One of the benefits of a Dual MHO environment is that it can provide both scalability and redundancy to the Maestro system. Scalability means that the system can handle more traffic and SGMs as the demand grows, and redundancy means that the system can survive the failure of one or more components without losing functionality or performance. Dual MHOs can achieve these benefits by distributing the load and the management tasks among two orchestrators, and by providing backup and failover mechanisms for each other.

Reference

* Maestro Expert (CCME) Course - Check Point Software, page 251

* CheckPoint Certified Maestro Expert (CCME) - Skillzcafe, page 22

* Check Point Certified Maestro Expert (CCME) R81.X, page 23

Question 6

Report
Export
Collapse

What cannot be a reason for 'Failed to get remote orchestrator interfaces' error message, when clicking on 'Orchestrator' in WebUI

A.
Remote orchestrator has no empty interfaces
A.
Remote orchestrator has no empty interfaces
Answers
B.
Single orchestrator environment, but configured Orchestrator amount is 2
B.
Single orchestrator environment, but configured Orchestrator amount is 2
Answers
C.
One orchestrator only, but Orchestrator amount is 2 or no Sync in between orchestrators
C.
One orchestrator only, but Orchestrator amount is 2 or no Sync in between orchestrators
Answers
D.
No Sync between orchestrators
D.
No Sync between orchestrators
Answers
Suggested answer: A

Explanation:

One of the possible reasons for the ''Failed to get remote orchestrator interfaces'' error message, when clicking on ''Orchestrator'' in WebUI, is that the remote orchestrator has no empty interfaces that can be assigned to a security group. This can happen if all the interfaces on the remote orchestrator are already part of configured security groups, or if the remote orchestrator has no physical interfaces at all. In this case, the WebUI cannot display the unassigned interfaces of the remote orchestrator, and shows the error message.

Reference

* Not able to see unassigned interfaces on checkpoint Orchestrator

* Maestro 140 not detecting Interfaces

* Maestro Expert (CCME) Course - Check Point Software, page

Question 7

Report
Export
Collapse

What Maestro component is automatically designated the SMO Master?

A.
The SGM with the lowest member ID (the first one added to the security group.)
A.
The SGM with the lowest member ID (the first one added to the security group.)
Answers
B.
The MDS that pushes policy to the SMO is considered the SMO Master.
B.
The MDS that pushes policy to the SMO is considered the SMO Master.
Answers
C.
The first MHO configured is considered the SMO Master.
C.
The first MHO configured is considered the SMO Master.
Answers
D.
The SGM with the highest member ID (the last one added to the security group.)
D.
The SGM with the highest member ID (the last one added to the security group.)
Answers
Suggested answer: A

Explanation:

The SMO Master is the SGM that is responsible for synchronizing the configuration and policy with the other SGMs in the security group. The SMO Master is automatically designated as the SGM with the lowest member ID, which is usually the first one added to the security group. The SMO Master can be changed manually if needed.

* Maestro Frequently Asked Questions (FAQ), under ''What is a Single Management Object (SMO)?''

* Check Point Jump Start Course: Maestro, under ''Maestro Security Groups''

Question 8

Report
Export
Collapse

What is a downlink interface used for?

A.
To connect appliances to Orchestrators
A.
To connect appliances to Orchestrators
Answers
B.
To connect appliances to customer's infrastructure
B.
To connect appliances to customer's infrastructure
Answers
C.
To connect in between Orchestrators
C.
To connect in between Orchestrators
Answers
D.
To connect Orchestrators to customer's infrastructure
D.
To connect Orchestrators to customer's infrastructure
Answers
Suggested answer: B

Question 9

Report
Export
Collapse

What type of license is required for an MHO?

A.
The MHO requires a NGTP license.
A.
The MHO requires a NGTP license.
Answers
B.
The MHO requires a VSX license.
B.
The MHO requires a VSX license.
Answers
C.
The MHO does not require a license.
C.
The MHO does not require a license.
Answers
D.
A license is needed for each attached SGM.
D.
A license is needed for each attached SGM.
Answers
Suggested answer: C

Explanation:

The MHO (Maestro Hyperscale Orchestrator) does not require a license by itself, but each SGM (Security Group Module) that is attached to the MHO needs a license. The license type depends on the features and blades that are enabled on the SGM. For example, if the SGM is running VSX, it needs a VSX license.

* Maestro Expert (CCME) Course - Check Point Software, page 71

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

Question 10

Report
Export
Collapse

What Maestro component acts as a load balancer and network switch?

A.
Security Switching Module (SSM)
A.
Security Switching Module (SSM)
Answers
B.
Maestro Hyperscale Orchestrator (MHO)
B.
Maestro Hyperscale Orchestrator (MHO)
Answers
C.
Security Group (SG)
C.
Security Group (SG)
Answers
D.
Security Gateway Module (SGM)
D.
Security Gateway Module (SGM)
Answers
Suggested answer: B

Explanation:

* The Quantum Maestro Orchestrator uses the Distribution Mode to assign incoming traffic to Security Group Members.

*

Reference: Working with the Distribution Mode

Total 94 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms