ExamGecko
Search Search Login
Home Home / Checkpoint / 156-836
Ask QuestionAsk Question

Checkpoint 156-836 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What happens if you apply a hotfix using gClish?
What does the lldpctl command do?
For the MHO-175, which ports are Management ports?
What type of license is required for an MHO?
What is an uplink interface used for?
What is the command 'asg diag' used for?
The __________ command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
What cannot be a reason for 'Failed to get remote orchestrator interfaces' error message, when clicking on 'Orchestrator' in WebUI
What is one benefit of a Dual MHO environment?

Question 1

Report
Export
Collapse

Logs without a dedicated log file can be found in

A.
/var/log/junk.log.dbg
A.
/var/log/junk.log.dbg
Answers
B.
/var/log/messages
B.
/var/log/messages
Answers
C.
$RTDIR/log/junk.log
C.
$RTDIR/log/junk.log
Answers
D.
$FWDIR/log/fw.log
D.
$FWDIR/log/fw.log
Answers
Suggested answer: B

Explanation:

The /var/log/messages file is a general system log file that contains information about various system events, such as booting, shutdown, cron jobs, kernel messages, and other system services. Logs without a dedicated log file can be found in this file, as well as some Maestro Gaia Clish commands that are not saved in the /var/log/command_logger.log file.

Reference

* Maestro Audit Logs - Where are they? - Check Point CheckMates1

* sk172923: The /var/log/messages file does not save Maestro Gaia Clish commands2

* Maestro Expert (CCME) Course - Check Point Software, page 33

asked 16/09/2024
Velmurugan P
42 questions

Question 2

Report
Export
Collapse

The drop_monitor command is useful for

A.
Monitoring Check Point code drops
A.
Monitoring Check Point code drops
Answers
B.
Viewing all interface drops such as RX-ERR, RX-DRP, and RX-OVR
B.
Viewing all interface drops such as RX-ERR, RX-DRP, and RX-OVR
Answers
C.
Viewing all drops by Check Point code or the Gaia OS, such as RX-DRP, RX-ERR, and Gaia OS drops.
C.
Viewing all drops by Check Point code or the Gaia OS, such as RX-DRP, RX-ERR, and Gaia OS drops.
Answers
D.
Showing the system temperature in real-time for multiple components, such as CPU, fan, and SSDs.
D.
Showing the system temperature in real-time for multiple components, such as CPU, fan, and SSDs.
Answers
Suggested answer: C

Explanation:

The drop_monitor command is a tool that monitors and displays the packets that are dropped by the Check Point code or the Gaia OS on the orchestrator and the appliances. It can help troubleshoot network issues and optimize performance. The command shows the drop reason, source, destination, protocol, and port of the dropped packets, as well as the interface and the module that dropped them.

Reference

* R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates1

* Support, Support Requests, Training ... - Check Point Software2

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge

asked 16/09/2024
AshokBabu Kumili
43 questions

Question 3

Report
Export
Collapse

Possibilities for a failure in a single SGM of a Security Group include.

A.
A change was made with clish instead of gClish, causing the SGM to handle traffic differently than the other SGMs.
A.
A change was made with clish instead of gClish, causing the SGM to handle traffic differently than the other SGMs.
Answers
B.
SecureXL is not enabled on the SGM.
B.
SecureXL is not enabled on the SGM.
Answers
C.
An administrator imported a hotfix into the CPUSE repository of a single SGM.
C.
An administrator imported a hotfix into the CPUSE repository of a single SGM.
Answers
D.
There are too many active SGMs in the SG.
D.
There are too many active SGMs in the SG.
Answers
Suggested answer: C

Explanation:

One of the possible causes of a failure in a single SGM of a Security Group is that an administrator imported a hotfix into the CPUSE repository of a single SGM, instead of using the orchestrator to distribute the hotfix to all the SGMs in the Security Group. This can create a mismatch in the software versions and configurations of the SGMs, and lead to unexpected behavior and errors.

Reference

* Maestro Expert (CCME) Course - Check Point Software, page 251

* sk172923: The /var/log/messages file does not save Maestro Gaia Clish commands2

* sk180418: Security Gateway Member (SGM) is stuck after it is added to a Security Group with image auto cloning enabled on the Single Management Object (SMO)

asked 16/09/2024
Sebastian van de Zweerde
43 questions

Question 4

Report
Export
Collapse

There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?

A.
Any pair of available ports
A.
Any pair of available ports
Answers
B.
Port 1 in Slot 1 and Port 1 in Slot 2
B.
Port 1 in Slot 1 and Port 1 in Slot 2
Answers
C.
Port 1 in Slot 1 and Port 2 in Slot 1
C.
Port 1 in Slot 1 and Port 2 in Slot 1
Answers
D.
Port 1 in Slot 2 and Port 2 in Slot 1
D.
Port 1 in Slot 2 and Port 2 in Slot 1
Answers
Suggested answer: B

Explanation:

The correct interfaces to connect to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators are Port 1 in Slot 1 and Port 1 in Slot 2. This is because each slot represents a different NIC, and each port represents a different physical link. By connecting two ports from different slots, the appliance can have redundant connections to the same orchestrator, and avoid a single point of failure in case of a NIC or link failure.

Reference

* Check Point 156-835 Certification Flashcards | Quizlet1

* Maestro Expert (CCME) Course - Check Point Software, page 182

* Maestro Technical Training, Module 2: Maestro Security Groups and the Single Management Object, slide 163

asked 16/09/2024
Vito Ranieri
44 questions

Question 5

Report
Export
Collapse

What is one benefit of a Dual MHO environment?

A.
Dual MHOs provide redundancy to the Maestro environment by increasing throughput by at least 50 percent.
A.
Dual MHOs provide redundancy to the Maestro environment by increasing throughput by at least 50 percent.
Answers
B.
Dual MHOs allow better synchronization to occur between SGMs.
B.
Dual MHOs allow better synchronization to occur between SGMs.
Answers
C.
Dual MHOs allow additional SGMs to be added to the SG.
C.
Dual MHOs allow additional SGMs to be added to the SG.
Answers
D.
Dual MHOs can be used to achieve increased scalability and redundancy. .
D.
Dual MHOs can be used to achieve increased scalability and redundancy. .
Answers
Suggested answer: D

Explanation:

One of the benefits of a Dual MHO environment is that it can provide both scalability and redundancy to the Maestro system. Scalability means that the system can handle more traffic and SGMs as the demand grows, and redundancy means that the system can survive the failure of one or more components without losing functionality or performance. Dual MHOs can achieve these benefits by distributing the load and the management tasks among two orchestrators, and by providing backup and failover mechanisms for each other.

Reference

* Maestro Expert (CCME) Course - Check Point Software, page 251

* CheckPoint Certified Maestro Expert (CCME) - Skillzcafe, page 22

* Check Point Certified Maestro Expert (CCME) R81.X, page 23

asked 16/09/2024
Christina Lanaski
38 questions

Question 6

Report
Export
Collapse

What cannot be a reason for 'Failed to get remote orchestrator interfaces' error message, when clicking on 'Orchestrator' in WebUI

A.
Remote orchestrator has no empty interfaces
A.
Remote orchestrator has no empty interfaces
Answers
B.
Single orchestrator environment, but configured Orchestrator amount is 2
B.
Single orchestrator environment, but configured Orchestrator amount is 2
Answers
C.
One orchestrator only, but Orchestrator amount is 2 or no Sync in between orchestrators
C.
One orchestrator only, but Orchestrator amount is 2 or no Sync in between orchestrators
Answers
D.
No Sync between orchestrators
D.
No Sync between orchestrators
Answers
Suggested answer: A

Explanation:

One of the possible reasons for the ''Failed to get remote orchestrator interfaces'' error message, when clicking on ''Orchestrator'' in WebUI, is that the remote orchestrator has no empty interfaces that can be assigned to a security group. This can happen if all the interfaces on the remote orchestrator are already part of configured security groups, or if the remote orchestrator has no physical interfaces at all. In this case, the WebUI cannot display the unassigned interfaces of the remote orchestrator, and shows the error message.

Reference

* Not able to see unassigned interfaces on checkpoint Orchestrator

* Maestro 140 not detecting Interfaces

* Maestro Expert (CCME) Course - Check Point Software, page

asked 16/09/2024
Jess Kendrick Gamboa
35 questions

Question 7

Report
Export
Collapse

What Maestro component is automatically designated the SMO Master?

A.
The SGM with the lowest member ID (the first one added to the security group.)
A.
The SGM with the lowest member ID (the first one added to the security group.)
Answers
B.
The MDS that pushes policy to the SMO is considered the SMO Master.
B.
The MDS that pushes policy to the SMO is considered the SMO Master.
Answers
C.
The first MHO configured is considered the SMO Master.
C.
The first MHO configured is considered the SMO Master.
Answers
D.
The SGM with the highest member ID (the last one added to the security group.)
D.
The SGM with the highest member ID (the last one added to the security group.)
Answers
Suggested answer: A

Explanation:

The SMO Master is the SGM that is responsible for synchronizing the configuration and policy with the other SGMs in the security group. The SMO Master is automatically designated as the SGM with the lowest member ID, which is usually the first one added to the security group. The SMO Master can be changed manually if needed.

* Maestro Frequently Asked Questions (FAQ), under ''What is a Single Management Object (SMO)?''

* Check Point Jump Start Course: Maestro, under ''Maestro Security Groups''

asked 16/09/2024
Gale Morgan
45 questions

Question 8

Report
Export
Collapse

What is a downlink interface used for?

A.
To connect appliances to Orchestrators
A.
To connect appliances to Orchestrators
Answers
B.
To connect appliances to customer's infrastructure
B.
To connect appliances to customer's infrastructure
Answers
C.
To connect in between Orchestrators
C.
To connect in between Orchestrators
Answers
D.
To connect Orchestrators to customer's infrastructure
D.
To connect Orchestrators to customer's infrastructure
Answers
Suggested answer: B
asked 16/09/2024
Quoc Nguyen
43 questions

Question 9

Report
Export
Collapse

What type of license is required for an MHO?

A.
The MHO requires a NGTP license.
A.
The MHO requires a NGTP license.
Answers
B.
The MHO requires a VSX license.
B.
The MHO requires a VSX license.
Answers
C.
The MHO does not require a license.
C.
The MHO does not require a license.
Answers
D.
A license is needed for each attached SGM.
D.
A license is needed for each attached SGM.
Answers
Suggested answer: C

Explanation:

The MHO (Maestro Hyperscale Orchestrator) does not require a license by itself, but each SGM (Security Group Module) that is attached to the MHO needs a license. The license type depends on the features and blades that are enabled on the SGM. For example, if the SGM is running VSX, it needs a VSX license.

* Maestro Expert (CCME) Course - Check Point Software, page 71

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

asked 16/09/2024
Kenneth Joines
39 questions

Question 10

Report
Export
Collapse

What Maestro component acts as a load balancer and network switch?

A.
Security Switching Module (SSM)
A.
Security Switching Module (SSM)
Answers
B.
Maestro Hyperscale Orchestrator (MHO)
B.
Maestro Hyperscale Orchestrator (MHO)
Answers
C.
Security Group (SG)
C.
Security Group (SG)
Answers
D.
Security Gateway Module (SGM)
D.
Security Gateway Module (SGM)
Answers
Suggested answer: B

Explanation:

* The Quantum Maestro Orchestrator uses the Distribution Mode to assign incoming traffic to Security Group Members.

*

Reference: Working with the Distribution Mode

asked 16/09/2024
Aleh Patskevich
48 questions
Total 94 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium