ExamGecko
Search Search Login
Home Home / Checkpoint / 156-836

Checkpoint 156-836 Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What happens if you apply a hotfix using gClish?
What does the lldpctl command do?
For the MHO-175, which ports are Management ports?
What is the command 'asg diag' used for?
What is the purpose of RJ-45 connectors located at the front panel of the Orchestrator MHO-170?
The __________ command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.
In a dual MHO environment, MHO1 and MHO2 are connected to the SGM line cards in which way?
What is one benefit of a Dual MHO environment?
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
What Maestro component acts as a load balancer and network switch?

Question 31

Report
Export
Collapse

What happens when you make changes from Clish on the SMO Master?

A.
The changes are synchronized to the SMS/MDS as a backup.
A.
The changes are synchronized to the SMS/MDS as a backup.
Answers
B.
The changes are synchronized to the MHO as a backup.
B.
The changes are synchronized to the MHO as a backup.
Answers
C.
Changes are only applied on the SMO Master.
C.
Changes are only applied on the SMO Master.
Answers
D.
Changes are applied to all members in the SG.
D.
Changes are applied to all members in the SG.
Answers
Suggested answer: C

Explanation:

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.2: Security Group Configuration, page 2-10

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Group Configuration, page 2-9

* Security Group Configuration - Check Point Software

Question 32

Report
Export
Collapse

When working with Maestro, what is the difference between using Clish and gClish?

A.
Clish commands are for testing purposes only and cannot be saved, gClish commands apply to all SG members, by default.
A.
Clish commands are for testing purposes only and cannot be saved, gClish commands apply to all SG members, by default.
Answers
B.
Clish commands apply to all UP SG members, by default. gClish commands apply to all SG members, by default.
B.
Clish commands apply to all UP SG members, by default. gClish commands apply to all SG members, by default.
Answers
C.
Clish commands are run on the SG members. gClish commands are run on the MHO and applied to all connected SG members in a specified group.
C.
Clish commands are run on the SG members. gClish commands are run on the MHO and applied to all connected SG members in a specified group.
Answers
D.
Clish commands apply only to a specific SG member. gClish commands apply to all UP SG members, by default.
D.
Clish commands apply only to a specific SG member. gClish commands apply to all UP SG members, by default.
Answers
Suggested answer: C

Question 33

Report
Export
Collapse

What cannot be learned from the output of lldpctl?

A.
Serial number of Appliance
A.
Serial number of Appliance
Answers
B.
Appliance model
B.
Appliance model
Answers
C.
Distribution mode
C.
Distribution mode
Answers
D.
Orchestrator's IP
D.
Orchestrator's IP
Answers
Suggested answer: C

Explanation:

The lldpctl command is a tool to display information about the devices discovered by the Link Layer Discovery Protocol (LLDP) on all ports of the Maestro Orchestrator and the Security Group Members. LLDP is a protocol that enables devices to exchange information about their identity, capabilities, and configuration. LLDP can help to discover the topology and connectivity of the Maestro environment. The output of lldpctl can show the serial number, appliance model, and orchestrator's IP of the connected devices, but it cannot show the distribution mode of the Security Group. The distribution mode is the algorithm that determines how the Maestro Orchestrator distributes the traffic among the Security Group Members. To view the distribution mode, other commands such as asg monitor or asg stat can be used.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.2: LLDP, page 4-9

* Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: LLDP, page 3-9

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7

* Maestro basic setup documentation - Page 2 - Check Point CheckMates

* Log and Configuration Files - Check Point Software

Question 34

Report
Export
Collapse

What is the purpose of Management ports located on the Rear Panel of the Orchestrator MHO-140?

A.
1Gbps connectivity for Security Groups
A.
1Gbps connectivity for Security Groups
Answers
B.
Reserved for internal purposes. Not in use.
B.
Reserved for internal purposes. Not in use.
Answers
C.
Out-of-band interfaces for access to Orchestrator itself
C.
Out-of-band interfaces for access to Orchestrator itself
Answers
D.
Additional ports used as uplinks
D.
Additional ports used as uplinks
Answers
Suggested answer: C

Explanation:

The Management ports located on the Rear Panel of the Orchestrator MHO-140 are out-of-band interfaces that provide access to the Orchestrator itself for configuration and management purposes. They are not used for traffic distribution or connectivity to the Security Groups or the external networks. They are 1Gbps RJ-45 ports that can be connected to a switch or a router.

Reference

* Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2

* Quantum Maestro Getting Started Guide - Check Point CheckMates2, page 4

Question 35

Report
Export
Collapse

What happens if you apply a hotfix using gClish?

A.
If you apply a hotfix using gclish, it causes an outage for the entire SG as all members reboot at roughly the same time.
A.
If you apply a hotfix using gclish, it causes an outage for the entire SG as all members reboot at roughly the same time.
Answers
B.
If you apply a hotfix using gclish, each SG members installs the hotfix and reboots after waiting it's turn to do so.
B.
If you apply a hotfix using gclish, each SG members installs the hotfix and reboots after waiting it's turn to do so.
Answers
C.
Logical groups 'A' and 'B' are created. Members of group 'A' install and reboot first. Then members of group 'B' does the same once reboots have finished with group 'A.'
C.
Logical groups 'A' and 'B' are created. Members of group 'A' install and reboot first. Then members of group 'B' does the same once reboots have finished with group 'A.'
Answers
D.
If you apply a hotfix using gclish, the operation will fail because an outage would occur.
D.
If you apply a hotfix using gclish, the operation will fail because an outage would occur.
Answers
Suggested answer: B

Explanation:

According to theInstalling and Uninstalling a Hotfix on Quantum Maestro Orchestrators, page 1, when you apply a hotfix using gclish, the MHO distributes the hotfix to all SGMs in the Security Group. The SGMs install the hotfix and reboot one by one, in ascending order of their SGM IDs. The SGMs wait for the previous SGM to finish rebooting before starting their own reboot. This ensures that there is no outage for the entire Security Group.

Reference=Installing and Uninstalling a Hotfix on Quantum Maestro Orchestrators, page 1;Maestro R81.10 Jumbo Hotfix install - Check Point CheckMates, page 1.

Question 36

Report
Export
Collapse

What is the purpose of RJ-45 connectors located at the front panel of the Orchestrator MHO-170?

A.
Two Out-of-band interfaces for access to Orchestrator itself
A.
Two Out-of-band interfaces for access to Orchestrator itself
Answers
B.
1Gbps connectivity for Security Groups
B.
1Gbps connectivity for Security Groups
Answers
C.
Out-of-band interface for access to Orchestrator itself and Serial Console connector
C.
Out-of-band interface for access to Orchestrator itself and Serial Console connector
Answers
D.
Reserved for internal purposes. Not in use
D.
Reserved for internal purposes. Not in use
Answers
Suggested answer: C

Explanation:

The RJ-45 connectors located at the front panel of the Orchestrator MHO-170 are used for out-of-band management and serial console access. One of them is a 1Gbps RJ-45 port that provides an out-of-band interface for accessing the Orchestrator itself for configuration and management purposes. The other one is a RJ-45 serial console port that provides a command-line interface for initial setup and troubleshooting.

Reference

* Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2

* Quantum Maestro Getting Started Guide - Check Point CheckMates, page 4

Question 37

Report
Export
Collapse

What does asg monitor command do?

A.
This command does not exist
A.
This command does not exist
Answers
B.
Monitor health status of entire system
B.
Monitor health status of entire system
Answers
C.
Monitor traffic on Appliances in Security Group
C.
Monitor traffic on Appliances in Security Group
Answers
D.
Show real-time cluster status of Appliances in Security Group
D.
Show real-time cluster status of Appliances in Security Group
Answers
Suggested answer: D

Explanation:

The 'asg monitor' command generally would show real-time cluster status of appliances in a security group, focusing on health and operational status.

Question 38

Report
Export
Collapse

What will happen in case of NAT of the traffic passing through Management network?

A.
This traffic will not pass correction, since it will be dropped
A.
This traffic will not pass correction, since it will be dropped
Answers
B.
Orchestrator will disable NAT and traffic will pass with no issue
B.
Orchestrator will disable NAT and traffic will pass with no issue
Answers
C.
Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
C.
Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
Answers
D.
This traffic will pass with no inspection
D.
This traffic will pass with no inspection
Answers
Suggested answer: B

Explanation:

According to the Check Point MAESTRO R80.20SP Administration Manual1, NAT is not supported on the management network. If you configure NAT on the management network, the Orchestrator will disable NAT and allow the traffic to pass without translation. This is to ensure that the management traffic can reach the Security Group members and the SmartConsole without any issues.

Reference

* Check Point MAESTRO R80.20SP Administration Manual, page 291

Question 39

Report
Export
Collapse

Which distribution mode assigns packets to an SGM based solely on the packet destination IP?

A.
User mode
A.
User mode
Answers
B.
Manual mode
B.
Manual mode
Answers
C.
Network mode
C.
Network mode
Answers
D.
Auto-topology mode
D.
Auto-topology mode
Answers
Suggested answer: C

Explanation:

Network mode is the distribution mode that assigns packets to an SGM based solely on the packet destination IP. In this mode, the Orchestrator uses a hash function to map each destination IP to a specific SGM. This mode ensures that all packets with the same destination IP are processed by the same SGM, regardless of the source IP or port. This mode is suitable for scenarios where the destination IP is the main factor for load balancing, such as NAT or VPN.

Reference

* Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-19

* Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7

* Maestro basic setup documentation - Page 2 - Check Point CheckMates

Question 40

Report
Export
Collapse

When a VPN tunnel is formed with a Maestro SGM,

A.
The receiving SGM makes an encryption decision. The SGM then syncs the traffic to two backup SGMs: one for clear traffic and one for encrypted traffic.
A.
The receiving SGM makes an encryption decision. The SGM then syncs the traffic to two backup SGMs: one for clear traffic and one for encrypted traffic.
Answers
B.
SGM 1 analyzes the policy and topology. If encryption is required, it calculates the tunnel owner's IP address. SGM 1 sends a clear packet to the tunnel owner. SGM 2 is now the connection and tunnel owner.
B.
SGM 1 analyzes the policy and topology. If encryption is required, it calculates the tunnel owner's IP address. SGM 1 sends a clear packet to the tunnel owner. SGM 2 is now the connection and tunnel owner.
Answers
C.
The MHO handles the IKE before distributing the traffic to a SGM to handle all encrypted traffic. This helps to prevent any issues with the correction layer.
C.
The MHO handles the IKE before distributing the traffic to a SGM to handle all encrypted traffic. This helps to prevent any issues with the correction layer.
Answers
D.
The MHO distributes copies of the packets to two different SGMs because SGM 1 will handle the clear traffic IKE exchange packets, while SGM2 handles encrypted packets.
D.
The MHO distributes copies of the packets to two different SGMs because SGM 1 will handle the clear traffic IKE exchange packets, while SGM2 handles encrypted packets.
Answers
Suggested answer: B
Total 94 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms