ExamGecko
Search Search Login
Home Home / Checkpoint / 156-836

Checkpoint 156-836 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is the command 'asg diag' used for?
What happens if you apply a hotfix using gClish?
What does the lldpctl command do?
For the MHO-175, which ports are Management ports?
The __________ command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.
In a dual MHO environment, MHO1 and MHO2 are connected to the SGM line cards in which way?
What is the purpose of RJ-45 connectors located at the front panel of the Orchestrator MHO-170?
What is one benefit of a Dual MHO environment?
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
What type of license is required for an MHO?

Question 21

Report
Export
Collapse

What happens if the SMO Master fails?

A.
The next SGM with the current lowest SGM ID assumes the role of the SMO Master.
A.
The next SGM with the current lowest SGM ID assumes the role of the SMO Master.
Answers
B.
The Backup SMO Master will take over in the event of a failure with the SMO Master.
B.
The Backup SMO Master will take over in the event of a failure with the SMO Master.
Answers
C.
A failover will occur on the MHO and traffic will continue to pass.
C.
A failover will occur on the MHO and traffic will continue to pass.
Answers
D.
The Security Group will no longer pass traffic and the issue must be resolved with the SMO Master.
D.
The Security Group will no longer pass traffic and the issue must be resolved with the SMO Master.
Answers
Suggested answer: B

Explanation:

The SMO Master is the SGM that is responsible for managing the Security Group and communicating with the MHO. If the SMO Master fails, the Backup SMO Master, which is the SGM with the next lowest SGM ID, will take over the role of the SMO Master and ensure the continuity of the Security Group operations.

Reference=Maestro Expert (CCME) Course - Check Point Software, page 14;Check Point Accredited Maestro Expert - New exam a... - Check Point CheckMates, page 1.

Question 22

Report
Export
Collapse

What does the lldpctl command do?

A.
Show all devices discovered by LLDP protocol on downlink ports
A.
Show all devices discovered by LLDP protocol on downlink ports
Answers
B.
Show all devices discovered by LLDP protocol on all ports
B.
Show all devices discovered by LLDP protocol on all ports
Answers
C.
Discover orchestrators
C.
Discover orchestrators
Answers
D.
Show all devices discovered by LLDP protocol on uplink ports
D.
Show all devices discovered by LLDP protocol on uplink ports
Answers
Suggested answer: B

Explanation:

The lldpctl command is a tool to display information about the devices discovered by the Link Layer Discovery Protocol (LLDP) on all ports of the Maestro Orchestrator and the Security Group Members. LLDP is a protocol that enables devices to exchange information about their identity, capabilities, and configuration. LLDP can help to discover the topology and connectivity of the Maestro environment.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.2: LLDP, page 4-9

* Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: LLDP, page 3-9

Question 23

Report
Export
Collapse

What type of cluster can a Security Group can be compared to?

A.
Load Sharing Active / Active
A.
Load Sharing Active / Active
Answers
B.
VSLS
B.
VSLS
Answers
C.
Active / Backup
C.
Active / Backup
Answers
D.
Active / Standby
D.
Active / Standby
Answers
Suggested answer: A

Explanation:

A Security Group can be compared to a Load Sharing Active / Active cluster because it consists of multiple Security Group Members that share the traffic load and provide high availability and scalability. Each Security Group Member is an active firewall that processes traffic according to the Security Group policy and synchronizes its state with other members. The Maestro Orchestrator acts as a load balancer that distributes the traffic among the Security Group Members based on their capacity and availability.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.1: Introduction to Security Groups, page 2-4

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Group Overview, page 2-3

Question 24

Report
Export
Collapse

What kinds of transceivers are supported on Orchestrator MHO-170?

A.
SFP, QSFP, QSFP28
A.
SFP, QSFP, QSFP28
Answers
B.
SFP+, SFP28, QSFP
B.
SFP+, SFP28, QSFP
Answers
C.
SFP, SFP+, SFP28
C.
SFP, SFP+, SFP28
Answers
D.
QSFP, QSFP28
D.
QSFP, QSFP28
Answers
Suggested answer: D

Explanation:

The Orchestrator MHO-170 supports QSFP and QSFP28 transceivers on its 32x 100 GbE ports. QSFP stands for Quad Small Form-factor Pluggable and QSFP28 is an enhanced version of QSFP that supports up to 28 Gbps per lane. These transceivers can provide high-speed and high-density connectivity for the Maestro environment.

Reference

* Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2

* Maestro Transceiver & DAC Inventory - Check Point CheckMates

Question 25

Report
Export
Collapse

There are two 10Gbps dual-port NICs and one 40Gbps NIC installed on a 23800 Appliance in slots 1, 2 and 3 accordingly. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-

orchestrator redundancy when using two Orchestrators?

A.
Port 1 in Slot 2 and Port 2 in Slot 1
A.
Port 1 in Slot 2 and Port 2 in Slot 1
Answers
B.
This configuration is not supported
B.
This configuration is not supported
Answers
C.
Any pair of available ports
C.
Any pair of available ports
Answers
D.
Port 1 in Slot 1 and Port 2 in Slot 1
D.
Port 1 in Slot 1 and Port 2 in Slot 1
Answers
Suggested answer: D

Explanation:

This configuration likely provides balanced and redundant connectivity for orchestrator redundancy.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 3: Dual Orchestrator Environment, Lesson 3.1: Introduction to Dual Orchestrator Environment, page 3-7

* Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: Downlinks, page 3-8

* Check Point 23800 Appliance Datasheet - Check Point Software, page 2

Question 26

Report
Export
Collapse

Which licenses should be issued for the Orchestrator?

A.
No licenses are required for Orchestrator
A.
No licenses are required for Orchestrator
Answers
B.
Depends on Software Blades enabled on connected appliances
B.
Depends on Software Blades enabled on connected appliances
Answers
C.
The Orchestrator is considered a Management server, hence it's licensed the same way
C.
The Orchestrator is considered a Management server, hence it's licensed the same way
Answers
D.
The Orchestrator requires NGTX license
D.
The Orchestrator requires NGTX license
Answers
Suggested answer: A

Explanation:

Orchestrators in many network environments do not require separate licenses, as they primarily function to manage and distribute network traffic.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 1: Introduction to Check Point Maestro, Lesson 1.2: Maestro Licensing, page 1-8

* Check Point R81 Maestro Administration Guide, Chapter 1: Introduction to Check Point Maestro, Section: Maestro Licensing, page 1-6

* Activation of a Quantum Maestro Orchestrator - Check Point Software

Question 27

Report
Export
Collapse

When security policy is installed

A.
All SGMs receive the security policy and one by one performs an independent policy verification. Then, all SGMs simultaneously install the policy.
A.
All SGMs receive the security policy and one by one performs an independent policy verification. Then, all SGMs simultaneously install the policy.
Answers
B.
The SMO Master receives the policy and performs a policy verification the policy is installed on the SMO Master, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master, then the non-SMO Master SGMs install the policy.
B.
The SMO Master receives the policy and performs a policy verification the policy is installed on the SMO Master, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master, then the non-SMO Master SGMs install the policy.
Answers
C.
All SGMs receive the security policy and simultaneous policy installation occurs.
C.
All SGMs receive the security policy and simultaneous policy installation occurs.
Answers
D.
The policy is installed on the SMO, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master and perform an independent policy verification, then the non-SMO Master SGMs install the policy.
D.
The policy is installed on the SMO, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master and perform an independent policy verification, then the non-SMO Master SGMs install the policy.
Answers
Suggested answer: B

Explanation:

This is the correct answer because it describes the security policy installation flow for a Maestro Security Group. The SMO Master is the Security Group Member that acts as the leader and the single point of contact for the Management Server. The SMO Master verifies the policy and installs it first, then notifies the other SGMs that a new policy is available. The other SGMs fetch the policy from the SMO Master and install it in parallel.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.3: Security Policy Installation, page 2-15

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Policy Installation, page 2-13

* Policy installation flow - Check Point Software

Question 28

Report
Export
Collapse

What cannot be learned from the output of asg monitor command?

A.
Uptime
A.
Uptime
Answers
B.
Port status
B.
Port status
Answers
C.
Security Policy status
C.
Security Policy status
Answers
D.
Appliances cluster status
D.
Appliances cluster status
Answers
Suggested answer: D

Question 29

Report
Export
Collapse

Maestro allows running commands globally in Expert mode by using global prefixes, such as:

A.
asg all
A.
asg all
Answers
B.
g_all
B.
g_all
Answers
C.
all
C.
all
Answers
D.
global
D.
global
Answers
Suggested answer: B

Explanation:

The g_all prefix is used to run commands globally in Expert mode on all Security Group Members of the current Security Group. For example, g_all cpstop will stop the Check Point services on all SGMs. The other prefixes are not valid for global commands in Expert mode.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-11

* Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-9

* Global Expert Mode Commands - Check Point CheckMates

Question 30

Report
Export
Collapse

The ______________ command will allow users to update the specified file on all SGMs.

A.
g_update_conf_file
A.
g_update_conf_file
Answers
B.
g_all'
B.
g_all'
Answers
C.
sed
C.
sed
Answers
D.
g_cat
D.
g_cat
Answers
Suggested answer: A

Explanation:

The g_update_conf_file command is a global command that allows users to update the specified file on all Security Group Members of the current Security Group. The command takes the file name and the parameter-value pair as arguments and updates the file accordingly. For example, g_update_conf_file fwkern.conf fwha_enable_arp=1 will add or modify the fwha_enable_arp parameter in the fwkern.conf file on all SGMs.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-12

* Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-10

* Maestro Commands for Security Groups - Check Point CheckMates

Total 94 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms