ExamGecko
Login
Home / Checkpoint / 156-836 / List of questions
Ask Question

Checkpoint 156-836 Practice Test - Questions Answers, Page 3

List of questions

Question 21

Report Export Collapse

What happens if the SMO Master fails?

The next SGM with the current lowest SGM ID assumes the role of the SMO Master.
The next SGM with the current lowest SGM ID assumes the role of the SMO Master.
The Backup SMO Master will take over in the event of a failure with the SMO Master.
The Backup SMO Master will take over in the event of a failure with the SMO Master.
A failover will occur on the MHO and traffic will continue to pass.
A failover will occur on the MHO and traffic will continue to pass.
The Security Group will no longer pass traffic and the issue must be resolved with the SMO Master.
The Security Group will no longer pass traffic and the issue must be resolved with the SMO Master.
Suggested answer: B
Explanation:

The SMO Master is the SGM that is responsible for managing the Security Group and communicating with the MHO. If the SMO Master fails, the Backup SMO Master, which is the SGM with the next lowest SGM ID, will take over the role of the SMO Master and ensure the continuity of the Security Group operations.

Reference=Maestro Expert (CCME) Course - Check Point Software, page 14;Check Point Accredited Maestro Expert - New exam a... - Check Point CheckMates, page 1.

asked 16/09/2024
Ida Aasvistad
38 questions

Question 22

Report Export Collapse

What does the lldpctl command do?

Show all devices discovered by LLDP protocol on downlink ports
Show all devices discovered by LLDP protocol on downlink ports
Show all devices discovered by LLDP protocol on all ports
Show all devices discovered by LLDP protocol on all ports
Discover orchestrators
Discover orchestrators
Show all devices discovered by LLDP protocol on uplink ports
Show all devices discovered by LLDP protocol on uplink ports
Suggested answer: B
Explanation:

The lldpctl command is a tool to display information about the devices discovered by the Link Layer Discovery Protocol (LLDP) on all ports of the Maestro Orchestrator and the Security Group Members. LLDP is a protocol that enables devices to exchange information about their identity, capabilities, and configuration. LLDP can help to discover the topology and connectivity of the Maestro environment.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.2: LLDP, page 4-9

* Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: LLDP, page 3-9

asked 16/09/2024
FARIZA MANNAN
42 questions

Question 23

Report Export Collapse

What type of cluster can a Security Group can be compared to?

Load Sharing Active / Active
Load Sharing Active / Active
VSLS
VSLS
Active / Backup
Active / Backup
Active / Standby
Active / Standby
Suggested answer: A
Explanation:

A Security Group can be compared to a Load Sharing Active / Active cluster because it consists of multiple Security Group Members that share the traffic load and provide high availability and scalability. Each Security Group Member is an active firewall that processes traffic according to the Security Group policy and synchronizes its state with other members. The Maestro Orchestrator acts as a load balancer that distributes the traffic among the Security Group Members based on their capacity and availability.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.1: Introduction to Security Groups, page 2-4

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Group Overview, page 2-3

asked 16/09/2024
William Hyde
43 questions

Question 24

Report Export Collapse

What kinds of transceivers are supported on Orchestrator MHO-170?

SFP, QSFP, QSFP28
SFP, QSFP, QSFP28
SFP+, SFP28, QSFP
SFP+, SFP28, QSFP
SFP, SFP+, SFP28
SFP, SFP+, SFP28
QSFP, QSFP28
QSFP, QSFP28
Suggested answer: D
Explanation:

The Orchestrator MHO-170 supports QSFP and QSFP28 transceivers on its 32x 100 GbE ports. QSFP stands for Quad Small Form-factor Pluggable and QSFP28 is an enhanced version of QSFP that supports up to 28 Gbps per lane. These transceivers can provide high-speed and high-density connectivity for the Maestro environment.

Reference

* Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2

* Maestro Transceiver & DAC Inventory - Check Point CheckMates

asked 16/09/2024
Leandro Ruwer
50 questions

Question 25

Report Export Collapse

There are two 10Gbps dual-port NICs and one 40Gbps NIC installed on a 23800 Appliance in slots 1, 2 and 3 accordingly. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-

orchestrator redundancy when using two Orchestrators?

Port 1 in Slot 2 and Port 2 in Slot 1
Port 1 in Slot 2 and Port 2 in Slot 1
This configuration is not supported
This configuration is not supported
Any pair of available ports
Any pair of available ports
Port 1 in Slot 1 and Port 2 in Slot 1
Port 1 in Slot 1 and Port 2 in Slot 1
Suggested answer: D
Explanation:

This configuration likely provides balanced and redundant connectivity for orchestrator redundancy.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 3: Dual Orchestrator Environment, Lesson 3.1: Introduction to Dual Orchestrator Environment, page 3-7

* Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: Downlinks, page 3-8

* Check Point 23800 Appliance Datasheet - Check Point Software, page 2

asked 16/09/2024
Bryan Smith
45 questions

Question 26

Report Export Collapse

Which licenses should be issued for the Orchestrator?

No licenses are required for Orchestrator
No licenses are required for Orchestrator
Depends on Software Blades enabled on connected appliances
Depends on Software Blades enabled on connected appliances
The Orchestrator is considered a Management server, hence it's licensed the same way
The Orchestrator is considered a Management server, hence it's licensed the same way
The Orchestrator requires NGTX license
The Orchestrator requires NGTX license
Suggested answer: A
Explanation:

Orchestrators in many network environments do not require separate licenses, as they primarily function to manage and distribute network traffic.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 1: Introduction to Check Point Maestro, Lesson 1.2: Maestro Licensing, page 1-8

* Check Point R81 Maestro Administration Guide, Chapter 1: Introduction to Check Point Maestro, Section: Maestro Licensing, page 1-6

* Activation of a Quantum Maestro Orchestrator - Check Point Software

asked 16/09/2024
Gerson Rodrigo Menendez
43 questions

Question 27

Report Export Collapse

When security policy is installed

All SGMs receive the security policy and one by one performs an independent policy verification. Then, all SGMs simultaneously install the policy.
All SGMs receive the security policy and one by one performs an independent policy verification. Then, all SGMs simultaneously install the policy.
The SMO Master receives the policy and performs a policy verification the policy is installed on the SMO Master, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master, then the non-SMO Master SGMs install the policy.
The SMO Master receives the policy and performs a policy verification the policy is installed on the SMO Master, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master, then the non-SMO Master SGMs install the policy.
All SGMs receive the security policy and simultaneous policy installation occurs.
All SGMs receive the security policy and simultaneous policy installation occurs.
The policy is installed on the SMO, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master and perform an independent policy verification, then the non-SMO Master SGMs install the policy.
The policy is installed on the SMO, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master and perform an independent policy verification, then the non-SMO Master SGMs install the policy.
Suggested answer: B
Explanation:

This is the correct answer because it describes the security policy installation flow for a Maestro Security Group. The SMO Master is the Security Group Member that acts as the leader and the single point of contact for the Management Server. The SMO Master verifies the policy and installs it first, then notifies the other SGMs that a new policy is available. The other SGMs fetch the policy from the SMO Master and install it in parallel.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.3: Security Policy Installation, page 2-15

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Policy Installation, page 2-13

* Policy installation flow - Check Point Software

asked 16/09/2024
mark linde
38 questions

Question 28

Report Export Collapse

What cannot be learned from the output of asg monitor command?

Uptime
Uptime
Port status
Port status
Security Policy status
Security Policy status
Appliances cluster status
Appliances cluster status
Suggested answer: D
asked 16/09/2024
Jarrell John Garcia
49 questions

Question 29

Report Export Collapse

Maestro allows running commands globally in Expert mode by using global prefixes, such as:

asg all
asg all
g_all
g_all
all
all
global
global
Suggested answer: B
Explanation:

The g_all prefix is used to run commands globally in Expert mode on all Security Group Members of the current Security Group. For example, g_all cpstop will stop the Check Point services on all SGMs. The other prefixes are not valid for global commands in Expert mode.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-11

* Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-9

* Global Expert Mode Commands - Check Point CheckMates

asked 16/09/2024
Jason Siemens
41 questions

Question 30

Report Export Collapse

The ______________ command will allow users to update the specified file on all SGMs.

g_update_conf_file
g_update_conf_file
g_all'
g_all'
sed
sed
g_cat
g_cat
Suggested answer: A
Explanation:

The g_update_conf_file command is a global command that allows users to update the specified file on all Security Group Members of the current Security Group. The command takes the file name and the parameter-value pair as arguments and updates the file accordingly. For example, g_update_conf_file fwkern.conf fwha_enable_arp=1 will add or modify the fwha_enable_arp parameter in the fwkern.conf file on all SGMs.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-12

* Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-10

* Maestro Commands for Security Groups - Check Point CheckMates

asked 16/09/2024
Daniel Kuzmanovski
38 questions
Total 94 questions
Go to page: of 10
Open VPLUS File
Convert VPLUS to PDF

Related questions

What happens if you apply a hotfix using gClish?
What does the lldpctl command do?
For the MHO-175, which ports are Management ports?
What type of license is required for an MHO?
What is an uplink interface used for?
What is the command 'asg diag' used for?
The __________ command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
What cannot be a reason for 'Failed to get remote orchestrator interfaces' error message, when clicking on 'Orchestrator' in WebUI
What is one benefit of a Dual MHO environment?