ExamGecko
Search Search Login
Home Home / Checkpoint / 156-836

Checkpoint 156-836 Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What happens if you apply a hotfix using gClish?
What does the lldpctl command do?
What is the command 'asg diag' used for?
What is the purpose of RJ-45 connectors located at the front panel of the Orchestrator MHO-170?
For the MHO-175, which ports are Management ports?
The __________ command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.
In a dual MHO environment, MHO1 and MHO2 are connected to the SGM line cards in which way?
What is one benefit of a Dual MHO environment?
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
What type of license is required for an MHO?

Question 11

Report
Export
Collapse

What is an uplink interface used for?

A.
To connect in between appliances
A.
To connect in between appliances
Answers
B.
To connect appliances to customer's infrastructure
B.
To connect appliances to customer's infrastructure
Answers
C.
To connect Orchestrators to customer's infrastructure
C.
To connect Orchestrators to customer's infrastructure
Answers
D.
To connect in between Orchestrators
D.
To connect in between Orchestrators
Answers
Suggested answer: C

Explanation:

Uplink interfaces are used to connect Maestro Hyperscale Orchestrators (MHOs) to the customer's network infrastructure, such as switches, routers, or firewalls. They are also used to send and receive management and control traffic from the customer's network to the MHOs.

* Maestro Expert (CCME) Course - Check Point Software, page 41

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

Question 12

Report
Export
Collapse

What is a security group?

A.
A solution for Security Gateway redundancy and Load Sharing.
A.
A solution for Security Gateway redundancy and Load Sharing.
Answers
B.
A set of appliances of the same model that are collectively managed by the MHO.
B.
A set of appliances of the same model that are collectively managed by the MHO.
Answers
C.
A set of network interfaces and individual SGMs assigned to a logical group.
C.
A set of network interfaces and individual SGMs assigned to a logical group.
Answers
D.
A set of objects in SmartConsole that are responsible for enforcing an access policy.
D.
A set of objects in SmartConsole that are responsible for enforcing an access policy.
Answers
Suggested answer: A

Explanation:

Security groups are used to simplify management and policy enforcement across multiple devices or network segments, often offering redundancy and load balancing features

Question 13

Report
Export
Collapse

What is the Orchestrator?

A.
Network Switch
A.
Network Switch
Answers
B.
Manager of compute and network resources, load balancer and network switch
B.
Manager of compute and network resources, load balancer and network switch
Answers
C.
Load balancer
C.
Load balancer
Answers
D.
None of above
D.
None of above
Answers
Suggested answer: B

Explanation:

The Orchestrator is a Maestro component that manages the compute and network resources of the Security Group Modules (SGMs) in a Security Group. It also acts as a load balancer and a network switch, distributing traffic among the SGMs and connecting them to the customer's network infrastructure.

* Maestro Expert (CCME) Course - Check Point Software, page 41

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

Question 14

Report
Export
Collapse

What is the Correction Layer?

A.
Correction Layer is a daemon which corrects errors on Backplane interfaces
A.
Correction Layer is a daemon which corrects errors on Backplane interfaces
Answers
B.
Correction Layer is a mechanism which handles asymmetric connections in multi-appliance system. For example, in case of NAT
B.
Correction Layer is a mechanism which handles asymmetric connections in multi-appliance system. For example, in case of NAT
Answers
C.
Correction Layer is a mechanism which activated in case of asymmetric routing
C.
Correction Layer is a mechanism which activated in case of asymmetric routing
Answers
D.
Correction Layer is a Layer of GAIA OS which corrects misspelled commands and allows them to execute
D.
Correction Layer is a Layer of GAIA OS which corrects misspelled commands and allows them to execute
Answers
Suggested answer: B

Explanation:

The Correction Layer is a Maestro component that ensures that packets from the same connection are handled by the same Security Group Module (SGM) in a multi-appliance system. This is especially important when NAT is involved, as packets sent from the client to the server can be distributed to a different SGM than packets from the same session sent from the server to the client. The Correction Layer must then forward the packet to the correct SGM.

* NAT and the Correction Layer on a Security Gateway - Check Point Software1

* Solved: Maestro queries - Check Point CheckMates

Question 15

Report
Export
Collapse

What is the Correction Layer mechanism?

A.
Ensures asymmetric traffic is handled properly, especially in the case of NAT or VPNs.
A.
Ensures asymmetric traffic is handled properly, especially in the case of NAT or VPNs.
Answers
B.
The load-balancing mechanism used by the MHO.
B.
The load-balancing mechanism used by the MHO.
Answers
C.
The MHO's distribution algorithm which determines the handling SGM for a given connection.
C.
The MHO's distribution algorithm which determines the handling SGM for a given connection.
Answers
D.
Enforces the access policy on the SGMs and synchronizes the enforcement verdict to other SGMs in the SG.
D.
Enforces the access policy on the SGMs and synchronizes the enforcement verdict to other SGMs in the SG.
Answers
Suggested answer: A

Explanation:

The Correction Layer mechanism is a Maestro component that ensures that packets from the same connection are handled by the same Security Group Module (SGM) in a multi-appliance system. This is especially important when NAT or VPNs are involved, as packets sent from the client to the server can be distributed to a different SGM than packets from the same session sent from the server to the client. The Correction Layer must then forward the packet to the correct SGM.

* NAT and the Correction Layer on a VSX Gateway - Check Point Software1

* Solved: Maestro queries - Check Point CheckMates

Question 16

Report
Export
Collapse

What is the maximum number of Appliances within Security group in Dual-Site configuration?

A.
28
A.
28
Answers
B.
31
B.
31
Answers
C.
15
C.
15
Answers
D.
16
D.
16
Answers
Suggested answer: A

Question 17

Report
Export
Collapse

At a minimum, how many management and Uplink ports does a SG require?

A.
Only one of the two interfaces is needed for the Security Group.
A.
Only one of the two interfaces is needed for the Security Group.
Answers
B.
Neither are required.
B.
Neither are required.
Answers
C.
Two of each.
C.
Two of each.
Answers
D.
One each.
D.
One each.
Answers
Suggested answer: D

Explanation:

A Security Group (SG) requires at least one management port and one uplink port to function properly. The management port is used to connect the SG to the Maestro Hyperscale Orchestrator (MHO) and the customer's management infrastructure, such as SmartConsole or SmartDomain Manager. The uplink port is used to connect the SG to the customer's network infrastructure, such as switches, routers, or firewalls. The uplink port is also used to send and receive traffic from the customer's network to the SG.

* Maestro Expert (CCME) Course - Check Point Software, page 41

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

Question 18

Report
Export
Collapse

What is the maximum number of Appliances within the same Security Group?

A.
31
A.
31
Answers
B.
8
B.
8
Answers
C.
52
C.
52
Answers
D.
16
D.
16
Answers
Suggested answer: A

Explanation:

The maximum number of appliances within the same security group is 31. This is because a security group can have up to 31 Security Group Modules (SGMs) of the same or different models, and each SGM is an appliance that runs the Check Point software. A security group can span across multiple chassis, and each chassis can have up to 16 SGMs. However, the total number of SGMs in a security group cannot exceed 31.

* Maestro Expert (CCME) Course - Check Point Software, page 51

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

Question 19

Report
Export
Collapse

For the MHO-175, which ports are Management ports?

A.
Ports 49 - 55 are Management ports.
A.
Ports 49 - 55 are Management ports.
Answers
B.
Ports 1 - 4 are Management ports.
B.
Ports 1 - 4 are Management ports.
Answers
C.
Ports 27 - 47 are Management ports.
C.
Ports 27 - 47 are Management ports.
Answers
D.
Ports 5 - 26 are Management ports.
D.
Ports 5 - 26 are Management ports.
Answers
Suggested answer: B

Explanation:

According to the Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-175 document1, ports 1 - 4 are Management ports that are used to connect the MHO to the customer's management infrastructure, such as SmartConsole or SmartDomain Manager. Ports 5 - 26 are Uplink ports that are used to connect the MHO to the customer's network infrastructure, such as switches, routers, or firewalls. Ports 27 - 47 are Downlink ports that are used to connect the MHO to the Security Group Modules (SGMs) in the Security Group. Ports 49 - 55 are Backplane ports that are used to connect the MHO to another MHO in a Dual Orchestrator environment.

* Maestro Expert (CCME) Course - Check Point Software, page 42

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline3

* Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-1751

Question 20

Report
Export
Collapse

What kinds of transceivers are supported on Orchestrator MHO-140?

A.
SFP, QSFP, QSFP28
A.
SFP, QSFP, QSFP28
Answers
B.
SFP+, SFP28, QSFP
B.
SFP+, SFP28, QSFP
Answers
C.
SFP, SFP+, SFP28
C.
SFP, SFP+, SFP28
Answers
D.
SFP, SFP+, QSFP, QSFP28
D.
SFP, SFP+, QSFP, QSFP28
Answers
Suggested answer: C

Explanation:

According to the Maestro Hyperscale Orchestrator Datasheet1, the Orchestrator MHO-140 supports the following transceiver types: SFP, SFP+, SFP28. These transceivers can be used for the management, uplink, and downlink ports of the Orchestrator. The SFP transceivers support 1 GbE, the SFP+ transceivers support 10 GbE, and the SFP28 transceivers support 25 GbE.

* Maestro Expert (CCME) Course - Check Point Software, page 42

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline3

* Maestro Hyperscale Orchestrator Datasheet - Check Point Software, page 2

Total 94 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms