ExamGecko
Login
Home / Checkpoint / 156-836 / List of questions
Ask Question

Checkpoint 156-836 Practice Test - Questions Answers, Page 4

Add to Whishlist

List of questions

Question 31

Report Export Collapse

What happens when you make changes from Clish on the SMO Master?

The changes are synchronized to the SMS/MDS as a backup.
The changes are synchronized to the SMS/MDS as a backup.
The changes are synchronized to the MHO as a backup.
The changes are synchronized to the MHO as a backup.
Changes are only applied on the SMO Master.
Changes are only applied on the SMO Master.
Changes are applied to all members in the SG.
Changes are applied to all members in the SG.
Suggested answer: C
Explanation:

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.2: Security Group Configuration, page 2-10

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Group Configuration, page 2-9

* Security Group Configuration - Check Point Software

asked 16/09/2024
Anas Hairuddin
28 questions

Question 32

Report Export Collapse

When working with Maestro, what is the difference between using Clish and gClish?

Clish commands are for testing purposes only and cannot be saved, gClish commands apply to all SG members, by default.
Clish commands are for testing purposes only and cannot be saved, gClish commands apply to all SG members, by default.
Clish commands apply to all UP SG members, by default. gClish commands apply to all SG members, by default.
Clish commands apply to all UP SG members, by default. gClish commands apply to all SG members, by default.
Clish commands are run on the SG members. gClish commands are run on the MHO and applied to all connected SG members in a specified group.
Clish commands are run on the SG members. gClish commands are run on the MHO and applied to all connected SG members in a specified group.
Clish commands apply only to a specific SG member. gClish commands apply to all UP SG members, by default.
Clish commands apply only to a specific SG member. gClish commands apply to all UP SG members, by default.
Suggested answer: C
asked 16/09/2024
Louis Flink
53 questions

Question 33

Report Export Collapse

What cannot be learned from the output of lldpctl?

Serial number of Appliance
Serial number of Appliance
Appliance model
Appliance model
Distribution mode
Distribution mode
Orchestrator's IP
Orchestrator's IP
Suggested answer: C
Explanation:

The lldpctl command is a tool to display information about the devices discovered by the Link Layer Discovery Protocol (LLDP) on all ports of the Maestro Orchestrator and the Security Group Members. LLDP is a protocol that enables devices to exchange information about their identity, capabilities, and configuration. LLDP can help to discover the topology and connectivity of the Maestro environment. The output of lldpctl can show the serial number, appliance model, and orchestrator's IP of the connected devices, but it cannot show the distribution mode of the Security Group. The distribution mode is the algorithm that determines how the Maestro Orchestrator distributes the traffic among the Security Group Members. To view the distribution mode, other commands such as asg monitor or asg stat can be used.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.2: LLDP, page 4-9

* Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: LLDP, page 3-9

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7

* Maestro basic setup documentation - Page 2 - Check Point CheckMates

* Log and Configuration Files - Check Point Software

asked 16/09/2024
AN KANGWOOK
52 questions

Question 34

Report Export Collapse

What is the purpose of Management ports located on the Rear Panel of the Orchestrator MHO-140?

1Gbps connectivity for Security Groups
1Gbps connectivity for Security Groups
Reserved for internal purposes. Not in use.
Reserved for internal purposes. Not in use.
Out-of-band interfaces for access to Orchestrator itself
Out-of-band interfaces for access to Orchestrator itself
Additional ports used as uplinks
Additional ports used as uplinks
Suggested answer: C
Explanation:

The Management ports located on the Rear Panel of the Orchestrator MHO-140 are out-of-band interfaces that provide access to the Orchestrator itself for configuration and management purposes. They are not used for traffic distribution or connectivity to the Security Groups or the external networks. They are 1Gbps RJ-45 ports that can be connected to a switch or a router.

Reference

* Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2

* Quantum Maestro Getting Started Guide - Check Point CheckMates2, page 4

asked 16/09/2024
GLAUCIA C N SILVA
47 questions

Question 35

Report Export Collapse

What happens if you apply a hotfix using gClish?

If you apply a hotfix using gclish, it causes an outage for the entire SG as all members reboot at roughly the same time.
If you apply a hotfix using gclish, it causes an outage for the entire SG as all members reboot at roughly the same time.
If you apply a hotfix using gclish, each SG members installs the hotfix and reboots after waiting it's turn to do so.
If you apply a hotfix using gclish, each SG members installs the hotfix and reboots after waiting it's turn to do so.
Logical groups 'A' and 'B' are created. Members of group 'A' install and reboot first. Then members of group 'B' does the same once reboots have finished with group 'A.'
Logical groups 'A' and 'B' are created. Members of group 'A' install and reboot first. Then members of group 'B' does the same once reboots have finished with group 'A.'
If you apply a hotfix using gclish, the operation will fail because an outage would occur.
If you apply a hotfix using gclish, the operation will fail because an outage would occur.
Suggested answer: B
Explanation:

According to theInstalling and Uninstalling a Hotfix on Quantum Maestro Orchestrators, page 1, when you apply a hotfix using gclish, the MHO distributes the hotfix to all SGMs in the Security Group. The SGMs install the hotfix and reboot one by one, in ascending order of their SGM IDs. The SGMs wait for the previous SGM to finish rebooting before starting their own reboot. This ensures that there is no outage for the entire Security Group.

Reference=Installing and Uninstalling a Hotfix on Quantum Maestro Orchestrators, page 1;Maestro R81.10 Jumbo Hotfix install - Check Point CheckMates, page 1.

asked 16/09/2024
ABHIJIT GHOSH
31 questions

Question 36

Report Export Collapse

What is the purpose of RJ-45 connectors located at the front panel of the Orchestrator MHO-170?

Two Out-of-band interfaces for access to Orchestrator itself
Two Out-of-band interfaces for access to Orchestrator itself
1Gbps connectivity for Security Groups
1Gbps connectivity for Security Groups
Out-of-band interface for access to Orchestrator itself and Serial Console connector
Out-of-band interface for access to Orchestrator itself and Serial Console connector
Reserved for internal purposes. Not in use
Reserved for internal purposes. Not in use
Suggested answer: C
Explanation:

The RJ-45 connectors located at the front panel of the Orchestrator MHO-170 are used for out-of-band management and serial console access. One of them is a 1Gbps RJ-45 port that provides an out-of-band interface for accessing the Orchestrator itself for configuration and management purposes. The other one is a RJ-45 serial console port that provides a command-line interface for initial setup and troubleshooting.

Reference

* Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2

* Quantum Maestro Getting Started Guide - Check Point CheckMates, page 4

asked 16/09/2024
ESSIS MAXIME-ALPHONSE SELLY
35 questions

Question 37

Report Export Collapse

What does asg monitor command do?

This command does not exist
This command does not exist
Monitor health status of entire system
Monitor health status of entire system
Monitor traffic on Appliances in Security Group
Monitor traffic on Appliances in Security Group
Show real-time cluster status of Appliances in Security Group
Show real-time cluster status of Appliances in Security Group
Suggested answer: D
Explanation:

The 'asg monitor' command generally would show real-time cluster status of appliances in a security group, focusing on health and operational status.

asked 16/09/2024
miguel sartori
40 questions

Question 38

Report Export Collapse

What will happen in case of NAT of the traffic passing through Management network?

This traffic will not pass correction, since it will be dropped
This traffic will not pass correction, since it will be dropped
Orchestrator will disable NAT and traffic will pass with no issue
Orchestrator will disable NAT and traffic will pass with no issue
Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
This traffic will pass with no inspection
This traffic will pass with no inspection
Suggested answer: B
Explanation:

According to the Check Point MAESTRO R80.20SP Administration Manual1, NAT is not supported on the management network. If you configure NAT on the management network, the Orchestrator will disable NAT and allow the traffic to pass without translation. This is to ensure that the management traffic can reach the Security Group members and the SmartConsole without any issues.

Reference

* Check Point MAESTRO R80.20SP Administration Manual, page 291

asked 16/09/2024
Christian Knarvik
46 questions

Question 39

Report Export Collapse

Which distribution mode assigns packets to an SGM based solely on the packet destination IP?

User mode
User mode
Manual mode
Manual mode
Network mode
Network mode
Auto-topology mode
Auto-topology mode
Suggested answer: C
Explanation:

Network mode is the distribution mode that assigns packets to an SGM based solely on the packet destination IP. In this mode, the Orchestrator uses a hash function to map each destination IP to a specific SGM. This mode ensures that all packets with the same destination IP are processed by the same SGM, regardless of the source IP or port. This mode is suitable for scenarios where the destination IP is the main factor for load balancing, such as NAT or VPN.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-19

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7

* Maestro basic setup documentation - Page 2 - Check Point CheckMates

asked 16/09/2024
samir Heniche
42 questions

Question 40

Report Export Collapse

When a VPN tunnel is formed with a Maestro SGM,

The receiving SGM makes an encryption decision. The SGM then syncs the traffic to two backup SGMs: one for clear traffic and one for encrypted traffic.
The receiving SGM makes an encryption decision. The SGM then syncs the traffic to two backup SGMs: one for clear traffic and one for encrypted traffic.
SGM 1 analyzes the policy and topology. If encryption is required, it calculates the tunnel owner's IP address. SGM 1 sends a clear packet to the tunnel owner. SGM 2 is now the connection and tunnel owner.
SGM 1 analyzes the policy and topology. If encryption is required, it calculates the tunnel owner's IP address. SGM 1 sends a clear packet to the tunnel owner. SGM 2 is now the connection and tunnel owner.
The MHO handles the IKE before distributing the traffic to a SGM to handle all encrypted traffic. This helps to prevent any issues with the correction layer.
The MHO handles the IKE before distributing the traffic to a SGM to handle all encrypted traffic. This helps to prevent any issues with the correction layer.
The MHO distributes copies of the packets to two different SGMs because SGM 1 will handle the clear traffic IKE exchange packets, while SGM2 handles encrypted packets.
The MHO distributes copies of the packets to two different SGMs because SGM 1 will handle the clear traffic IKE exchange packets, while SGM2 handles encrypted packets.
Suggested answer: B
asked 16/09/2024
Spandana Gangavaram
37 questions
Total 94 questions
Go to page: of 10
Open VPLUS File
Convert VPLUS to PDF

Related questions

What happens if you apply a hotfix using gClish?
What does the lldpctl command do?
For the MHO-175, which ports are Management ports?
What type of license is required for an MHO?
What is an uplink interface used for?
What is the command 'asg diag' used for?
The __________ command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
What cannot be a reason for 'Failed to get remote orchestrator interfaces' error message, when clicking on 'Orchestrator' in WebUI
What is one benefit of a Dual MHO environment?