ExamGecko
Search Search Login
Home Home / Checkpoint / 156-836

Checkpoint 156-836 Practice Test - Questions Answers, Page 9

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What happens if you apply a hotfix using gClish?
What is the command 'asg diag' used for?
What does the lldpctl command do?
For the MHO-175, which ports are Management ports?
The __________ command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.
In a dual MHO environment, MHO1 and MHO2 are connected to the SGM line cards in which way?
What is the purpose of RJ-45 connectors located at the front panel of the Orchestrator MHO-170?
What is one benefit of a Dual MHO environment?
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
What type of license is required for an MHO?

Question 81

Report
Export
Collapse

Which is a key driver for Scalable Platform?

A.
On-demand flexibility in reconfiguration.
A.
On-demand flexibility in reconfiguration.
Answers
B.
HyperSync provides scalability by reducing overhead.
B.
HyperSync provides scalability by reducing overhead.
Answers
C.
Resiliency is achieved through the use of redundant hardware.
C.
Resiliency is achieved through the use of redundant hardware.
Answers
D.
Cloud-level security by maximizing capabilities of existing hardware.
D.
Cloud-level security by maximizing capabilities of existing hardware.
Answers
Suggested answer: A

Explanation:

The Scalable Platform software allows you to easily add or remove security gateways from a security group without affecting the existing configuration. You can also use the command line interface or the web UI to reconfigure the security group on demand.

Reference=Check Point R81.10 for Scalable Platforms - Check Point Software,Scalable Platforms (Maestro and Chassis) comparison between versions - Check Point Software, [Check Point R81.10 AI & ML Driven Threat Prevention and Security Management - Check Point Blog]

Question 82

Report
Export
Collapse

What is a downlink interface used for?

A.
To connect appliances to Orchestrators
A.
To connect appliances to Orchestrators
Answers
B.
To connect appliances to customer's infrastructure
B.
To connect appliances to customer's infrastructure
Answers
C.
To connect in between Orchestrators
C.
To connect in between Orchestrators
Answers
D.
To connect Orchestrators to customer's infrastructure
D.
To connect Orchestrators to customer's infrastructure
Answers
Suggested answer: A

Explanation:

A downlink interface is a physical or virtual interface that connects a security gateway to an orchestrator. It allows the security gateway to send and receive configuration updates, policy changes, and other data from the orchestrator.

Reference= [Check Point R81.10 for Scalable Platforms - Check Point Software], [Scalable Platforms (Maestro and Chassis) comparison between versions - Check Point Software], [Check Point R81.10 AI & ML Driven Threat Prevention and Security Management - Check Point Blog].

Question 83

Report
Export
Collapse

The SGM with the lowest member ID (the first one added to the security group.)

A.
The MDS that pushes policy to the SMO is considered the SMO Master.
A.
The MDS that pushes policy to the SMO is considered the SMO Master.
Answers
B.
The first MHO configured is considered the SMO Master.
B.
The first MHO configured is considered the SMO Master.
Answers
C.
The SGM with the highest member ID (the last one added to the security group.)
C.
The SGM with the highest member ID (the last one added to the security group.)
Answers
D.
What Maestro component is automatically designated the SMO Master?
D.
What Maestro component is automatically designated the SMO Master?
Answers
Suggested answer: D

Explanation:

The SMO Master is the security gateway module (SGM) that has the highest member ID in a security group. It is automatically designated as the SMO Master when a security group is created.

Reference=Maestro Frequently Asked Questions (FAQ) - Check Point Software,Check Point Maestro - FAQ - Check Point CheckMates,Maestro Hyperscale Orchestrator Datasheet - Check Point Software.

Question 84

Report
Export
Collapse

What type of license is required for an MHO?

A.
The MHO requires a NGTP license.
A.
The MHO requires a NGTP license.
Answers
B.
The MHO requires a VSX license.
B.
The MHO requires a VSX license.
Answers
C.
The MHO does not require a license.
C.
The MHO does not require a license.
Answers
D.
A license is needed for each attached SGM.
D.
A license is needed for each attached SGM.
Answers
Suggested answer: D

Explanation:

For Quantum Maestro setups, an individual license is required for each appliance in the Security Group1.This applies to both regular appliances and appliances with MHO SKUs2.

Reference=Maestro Frequently Asked Questions (FAQ) - Check Point Software,Solved: license maestro - Check Point CheckMates,Check Point License Guide - Check Point Software.

Question 85

Report
Export
Collapse

What is a security group?

A.
A solution for Security Gateway redundancy and Load Sharing.
A.
A solution for Security Gateway redundancy and Load Sharing.
Answers
B.
A set of appliances of the same model that are collectively managed by the MHO.
B.
A set of appliances of the same model that are collectively managed by the MHO.
Answers
C.
A set of network interfaces and individual SGMs assigned to a logical group.
C.
A set of network interfaces and individual SGMs assigned to a logical group.
Answers
D.
A set of objects in SmartConsole that are responsible for enforcing an access policy.
D.
A set of objects in SmartConsole that are responsible for enforcing an access policy.
Answers
Suggested answer: B

Explanation:

A security group is a scalable network security system that connects multiple Check Point security appliances into a unified system. It is represented by a single management object (SMO) in SmartConsole and consists of security gateway modules (SGMs) that share the same security policy, configuration, software versions, and routing information.

Reference=Check Point Maestro Hyperscale Network Security,Maestro Frequently Asked Questions (FAQ) - Check Point Software,Introducing Maestro -- The Industry's First Hyperscale Network Security Solution - Check Point Blog.

Question 86

Report
Export
Collapse

There are two appliances within the same Security Group. One of them is connected by One downlink only, another one by Two downlinks. Assuming there's no NAT and no VPN, what would be proportion of traffic distribution done by Orchestrator?

A.
100%/0%
A.
100%/0%
Answers
B.
33%/66%
B.
33%/66%
Answers
C.
50%/50%
C.
50%/50%
Answers
D.
66%/33%
D.
66%/33%
Answers
Suggested answer: B

Question 87

Report
Export
Collapse

While looking at your system's correction statistics, you notice you have a correction rate approaching 100 percent. Is this a problem?

A.
A correction rate above 90 percent indicates a need to disable Layer 4 Distribution.
A.
A correction rate above 90 percent indicates a need to disable Layer 4 Distribution.
Answers
B.
A correction rate approaching 100 percent of all connections is unusual. This is a cause for concern because the SGMs may fail to process traffic.
B.
A correction rate approaching 100 percent of all connections is unusual. This is a cause for concern because the SGMs may fail to process traffic.
Answers
C.
If correction rates are higher than 80 percent, latency is expected.
C.
If correction rates are higher than 80 percent, latency is expected.
Answers
D.
In some scenarios, a correction rate approaching 100 percent of all connections is not unusual. This is not usually a cause for concern as the correction mechanism is fast and efficient.
D.
In some scenarios, a correction rate approaching 100 percent of all connections is not unusual. This is not usually a cause for concern as the correction mechanism is fast and efficient.
Answers
Suggested answer: D

Explanation:

The correction rate is the percentage of connections that require correction by the correction layer, which is a mechanism that ensures that the traffic is processed by the correct SGM in the Security Group. The correction rate depends on the distribution mode (Layer 3 or Layer 4) and the traffic pattern. In some scenarios, such as when the traffic is asymmetric or when the distribution mode is Layer 4, the correction rate can approach 100 percent of all connections.This is not a problem, as the correction layer is designed to handle such situations without affecting the performance or availability of the Security Group1.

Reference=Maestro Expert (CCME) Course - Check Point Software, page 16.

Question 88

Report
Export
Collapse

There is a Security group of 10 Appliances and all of them are up and running. How many Appliances within a Security Group keep the same connection in its connection table in case of NAT?

A.
Between 2 and 4
A.
Between 2 and 4
Answers
B.
All 10
B.
All 10
Answers
C.
2
C.
2
Answers
D.
3
D.
3
Answers
Suggested answer: A

Explanation:

Reference =

* Check Point Maestro R81.X Administration Guide, page 64, section ''Correction Layer'' 1

* Check Point Maestro R81.X Getting Started Guide, page 26, section ''Correction Layer'' 2

* Check Point Maestro Under the Hood presentation by Lari Luoma, slide 23

* Check Point Maestro Frequently Asked Questions (FAQ), question 9

1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frameset.htm : https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/maestro/1191/1/Check%20Mates%20Maestro%20under%20the%20hood%202022.pptx : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk147853&partition=Basic&product=Maestro

Question 89

Report
Export
Collapse

Which command do you use to find bottlenecks in the system that are affecting performance, even functionality in some cases?

A.
asg stat -v
A.
asg stat -v
Answers
B.
asg diag verify
B.
asg diag verify
Answers
C.
asg perf -v
C.
asg perf -v
Answers
D.
asg monitor
D.
asg monitor
Answers
Suggested answer: C

Explanation:

The asg perf -v command is used to find bottlenecks in the system that are affecting performance, even functionality in some cases. The asg perf -v command displays the performance statistics of the Security Group Modules (SGMs) in the Security Group, such as throughput, packet rate, CPU utilization, memory usage, and more. The asg perf -v command also shows the distribution mode and the correction rate of each SGM, which can indicate potential issues with asymmetric routing or load balancing. The asg perf -v command can help identify which SGMs are overloaded, underutilized, or misconfigured, and provide insights for troubleshooting and optimization.

Reference =

* Check Point Maestro R81.X Administration Guide, page 67, section ''asg perf'' 1

* Check Point Maestro R81.X Getting Started Guide, page 29, section ''asg perf'' 2

* Check Point Maestro Under the Hood presentation by Lari Luoma, slide 26

1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frameset.htm : https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/maestro/1191/1/Check%20Mates%20Maestro%20under%20the%20hood%202022.pptx

Question 90

Report
Export
Collapse

What is the command 'asg diag' used for?

A.
Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro
A.
Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro
Answers
B.
Asg diag is used for system backup
B.
Asg diag is used for system backup
Answers
C.
Asg diag is used for system diagnostics
C.
Asg diag is used for system diagnostics
Answers
D.
Asg diag is used for creating traffic flow diagrams
D.
Asg diag is used for creating traffic flow diagrams
Answers
Suggested answer: C

Explanation:

The asg diag command is used for system diagnostics on both Maestro and Chassis systems. The asg diag command can perform various tests and checks on the system components, such as hardware, software, network, clock, ARP, and more. The asg diag command can help identify and troubleshoot any issues or errors that may affect the system functionality or performance.

Reference =

* Check Point Maestro R81.X Administration Guide, page 66, section ''asg diag'' 1

* Check Point Maestro R81.X Getting Started Guide, page 28, section ''asg diag'' 2

* Check Point Maestro Under the Hood presentation by Lari Luoma, slide 25

1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frameset.htm : https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/maestro/1191/1/Check%20Mates%20Maestro%20under%20the%20hood%202022.pptx

Total 94 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms