• Home
  • Articles
  • [Q44-Q68] 100% Free 156-836 Exam Dumps Use Real CCME Dumps With 77 Questions!

[Q44-Q68] 100% Free 156-836 Exam Dumps Use Real CCME Dumps With 77 Questions!

Share

100% Free 156-836 Exam Dumps Use Real CCME Dumps With 77 Questions!

Pass Your 156-836 Exam Easily With 100% Exam Passing Guarantee [2024]

NEW QUESTION # 44
How many orchestrators may Dual-Site include?

  • A. 0
  • B. 1
  • C. 2 or 4
  • D. Only 4

Answer: C

Explanation:
Explanation
A Dual Site environment can include either two or four orchestrators, depending on the scenario. There are three primary scenarios for Dual Site configuration:
*Direct connectivity between remote site orchestrators: This scenario requires two orchestrators, one for each site, and a direct connection between them using the site-sync port.
*Two orchestrators on the same site are connected to the remote site orchestrators through two different switches: This scenario requires four orchestrators, two for each site, and a connection between them using the site-sync port and two external switches that support QinQ and MTU increment.
*Two orchestrators on the same site are connected to the remote site orchestrators through one switch: This scenario also requires four orchestrators, two for each site, and a connection between them using the site-sync port and one external switch that supports QinQ and MTU increment.
References =
*Maestro Dual Site configuration with a direct connection through L2 switches
*Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)
*Maestro Frequently Asked Questions (FAQ)


NEW QUESTION # 45
Logs without a dedicated log file can be found in

  • A. $FWDIR/log/fw.log
  • B. /var/log/junk.log.dbg
  • C. $RTDIR/log/junk.log
  • D. /var/log/messages

Answer: D

Explanation:
Explanation
The /var/log/messages file is a general system log file that contains information about various system events, such as booting, shutdown, cron jobs, kernel messages, and other system services. Logs without a dedicated log file can be found in this file, as well as some Maestro Gaia Clishcommands that are not saved in the
/var/log/command_logger.log file.
References
*Maestro Audit Logs - Where are they? - Check Point CheckMates1
*sk172923: The /var/log/messages file does not save Maestro Gaia Clish commands2
*Maestro Expert (CCME) Course - Check Point Software, page 33


NEW QUESTION # 46
How does HyperSync work in a Dual Site environment?

  • A. Each active connection has a local backup (on the local site) and a second backup connection on each of the MHOs.
  • B. Each active connection has two local backups (on the local site) and a third backup connection on the second site (remote site.)
  • C. Each active connection has a backup connection on the second site (remote site.)
  • D. Each active connection has a local backup (on the local site) and a second backup connection on the second site (remote site.)

Answer: D

Explanation:
Explanation
HyperSync is a feature of Maestro that enables stateful synchronization of connections and resources across different sites in a Dual Site environment. HyperSync works by creating two backup connections for each active connection: one on the same site as the active connection, and another on the remote site. This ensures that the connection can be seamlessly resumed in case of a failover event, either within the same site or across the sites. HyperSync uses the Site-Sync port and VLANs to transmit the synchronization packets between the Security Group Members and the Maestro Orchestrators.
References =
*Maestro Dual Site configuration with a direct connection through L2 switches
*Maestro Frequently Asked Questions (FAQ)
*CHECK POINT MAESTRO EXPERT


NEW QUESTION # 47
What does asg monitor command do?

  • A. This command does not exist
  • B. Monitor health status of entire system
  • C. Monitor traffic on Appliances in Security Group
  • D. Show real-time cluster status of Appliances in Security Group

Answer: D

Explanation:
Explanation
The "asg monitor" command generally would show real-time cluster status of appliances in a security group, focusing on health and operational status.


NEW QUESTION # 48
What is a downlink interface used for?

  • A. To connect appliances to Orchestrators
  • B. To connect in between Orchestrators
  • C. To connect appliances to customer's infrastructure
  • D. To connect Orchestrators to customer's infrastructure

Answer: C


NEW QUESTION # 49
In a dual MHO environment, MHO1 and MHO2 are connected to the SGM line cards in which way?

  • A. MHO 1 is connected to the even-numbered ports, while MHO2 is connected to odd-numbered ports.
  • B. MHO1 and MHO2 are connected to the line cards in any order administrators see fit.
  • C. MHO1 and MHO2 are connected to the SGMs using the Sync cable.
  • D. MHO 1 is connected to the odd-numbered ports, while MHO2 is connected to even-numbered ports.

Answer: A

Explanation:
Explanation
The correct way to connect MHO1 and MHO2 to the SGM line cards in a dual MHO environment is to use the even-numbered ports for MHO1 and the odd-numbered ports for MHO2. This is to ensure that each SGM has two downlinks to each MHO, and that the downlinks are balanced across the different NICs and links. This provides redundancy and high availability for the traffic flow between the SGMs and the MHOs.
References
*R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates, page 2
*Maestro Expert (CCME) Course - Check Point Software, page 18
*Maestro Technical Training, Module 2: Maestro Security Groups and the Single Management Object, slide 16


NEW QUESTION # 50
What type of license is required for an MHO?

  • A. The MHO requires a VSX license.
  • B. The MHO requires a NGTP license.
  • C. The MHO does not require a license.
  • D. A license is needed for each attached SGM.

Answer: C

Explanation:
Explanation
The MHO (Maestro Hyperscale Orchestrator) does not require a license by itself, but each SGM (Security Group Module) that is attached to the MHO needs a license. The license type depends on the features and blades that are enabled on the SGM. For example, if the SGM is running VSX, it needs a VSX license.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 71
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline


NEW QUESTION # 51
Which feature is used to force trusted non-F2F traffic into the fully accelerated path for handling by SecureXL.

  • A. SecureXL
  • B. Fast Accelerator
  • C. hypersync
  • D. rate limiting

Answer: A

Explanation:
Explanation
SecureXL is typically used to accelerate trusted traffic, including non-F2F (face-to-face) traffic, through a secure, fast path.
References =
*SecureXL Fast Accelerator (fw fast_accel) for R80.20 and above 1
*SecureXL Fast Accelerator - Need to clarify packet flow 2
1:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=
2:
https://community.checkpoint.com/t5/Security-Gateways/SecureXL-Fast-Accelerator-Need-to-clarify-packet-flo


NEW QUESTION # 52
For the MHO-175, which ports are Management ports?

  • A. Ports 49 - 55 are Management ports.
  • B. Ports 5 - 26 are Management ports.
  • C. Ports 27 - 47 are Management ports.
  • D. Ports 1 - 4 are Management ports.

Answer: D

Explanation:
Explanation
According to the Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-175 document1, ports 1 - 4 are Management ports that are used to connect the MHO to the customer's management infrastructure, such as SmartConsole or SmartDomain Manager. Ports 5 - 26 are Uplink ports that are used to connect the MHO to the customer's network infrastructure, such as switches, routers, or firewalls. Ports 27 -
47 are Downlink ports that are used to connect the MHO to the Security Group Modules (SGMs) in the Security Group. Ports 49 - 55 are Backplane ports that are used to connect the MHO to another MHO in a Dual Orchestrator environment.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 42
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline3
*Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-1751


NEW QUESTION # 53
In what mode do MHOs process traffic?

  • A. MHOs process traffic in VSLS mode
  • B. MHOs process traffic in Active-Standby mode
  • C. MHOs process traffic in Active-Active mode
  • D. MHOs process traffic in load sharing mode

Answer: C

Explanation:
Explanation
MHOs process traffic in Active-Active mode, which means that both MHOs are active and share the load of the traffic that is sent to and from the SGMs. Active-Active mode provides better performance and scalability than Active-Standby mode, which only uses one MHO at a time and keeps the other as a backup.
Active-Active mode also allows for faster failover and recovery in case of an MHO failure, as the surviving MHO can take over the traffic without interruption.
References
*Maestro Expert (CCME) Course - Check Point Software, page 25
*CheckPoint Certified Maestro Expert (CCME) - Skillzcafe, page 2
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, page 2


NEW QUESTION # 54
What is one benefit of a Dual MHO environment?

  • A. Dual MHOs can be used to achieve increased scalability and redundancy.
    .
  • B. Dual MHOs provide redundancy to the Maestro environment by increasing throughput by at least 50 percent.
  • C. Dual MHOs allow additional SGMs to be added to the SG.
  • D. Dual MHOs allow better synchronization to occur between SGMs.

Answer: A

Explanation:
Explanation
One of the benefits of a Dual MHO environment is that it can provide both scalability and redundancy to the Maestro system. Scalability means that the system can handle more traffic and SGMs as the demand grows, and redundancy means that the system can survive the failure of one or more components without losing functionality or performance. Dual MHOs can achieve these benefits by distributing the load and the management tasks among two orchestrators, and by providing backup and failover mechanisms for each other.
References
*Maestro Expert (CCME) Course - Check Point Software, page 251
*CheckPoint Certified Maestro Expert (CCME) - Skillzcafe, page 22
*Check Point Certified Maestro Expert (CCME) R81.X, page 23


NEW QUESTION # 55
The drop_monitor command is useful for

  • A. Viewing all interface drops such as RX-ERR, RX-DRP, and RX-OVR
  • B. Showing the system temperature in real-time for multiple components, such as CPU, fan, and SSDs.
  • C. Viewing all drops by Check Point code or the Gaia OS, such as RX-DRP, RX-ERR, and Gaia OS drops.
  • D. Monitoring Check Point code drops

Answer: C

Explanation:
Explanation
The drop_monitor command is a tool that monitors and displays the packets that are dropped by the Check Point code or the Gaia OS on the orchestrator and the appliances. It can help troubleshoot network issues and optimize performance. The command shows the drop reason, source, destination, protocol, and port of the dropped packets, as well as the interface and the module that dropped them.
References
*R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates1
*Support, Support Requests, Training ... - Check Point Software2
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge


NEW QUESTION # 56
What cannot be learned from the output of asg monitor command?

  • A. Security Policy status
  • B. Port status
  • C. Uptime
  • D. Appliances cluster status

Answer: A

Explanation:
Explanation
The asg monitor command is a tool to display the status and statistics of the Maestro Security Group Members and the Orchestrators. It shows information such as uptime, port status, CPU usage, memory usage, traffic distribution, and appliances cluster status. However, it does not show the security policy status, such as the policy name, installation time, or revision. To view the security policy status, other commands such as asg policy or fw stat can be used.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.1: asg monitor, page 4-3
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: asg monitor, page 4-3
*asg monitor - Check Point Software


NEW QUESTION # 57
Which distribution mode assigns packets to an SGM based solely on the packet destination IP?

  • A. Network mode
  • B. User mode
  • C. Manual mode
  • D. Auto-topology mode

Answer: A

Explanation:
Explanation
Network mode is the distribution mode that assigns packets to an SGM based solely on the packet destination IP. In this mode, the Orchestrator uses a hash function to map each destination IP to a specific SGM. This mode ensures that all packets with the same destination IP are processed by the same SGM, regardless of the source IP or port. This mode is suitable for scenarios where the destination IP is the main factor for load balancing, such as NAT or VPN.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-19
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7
*Maestro basic setup documentation - Page 2 - Check Point CheckMates


NEW QUESTION # 58
What is the difference between Dual-Site and Dual-Room?

  • A. Dual-Room is a Single-Site deployment where all Appliances are connected to both orchestrators
  • B. They are the same
  • C. Dual-Room is Active / Standby and Dual-Site is Active / Active
  • D. Dual-Room is a kind of Dual-Site deployment within the same building

Answer: D

Explanation:
Explanation
References =
*[Maestro Frequently Asked Questions (FAQ)]
*Maestro Dual Site configuration with a direct connection through L2 switches
*Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)
*CHECK POINT MAESTRO EXPERT


NEW QUESTION # 59
What happens when you make changes from Clish on the SMO Master?

  • A. The changes are synchronized to the MHO as a backup.
  • B. The changes are synchronized to the SMS/MDS as a backup.
  • C. Changes are applied to all members in the SG.
  • D. Changes are only applied on the SMO Master.

Answer: D

Explanation:
Explanation
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.2: Security Group Configuration, page 2-10
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Group Configuration, page 2-9
*Security Group Configuration - Check Point Software


NEW QUESTION # 60
Where should sx_api_ports_dump.py command be ran?

  • A. Security Group
  • B. Management server
  • C. SMO Appliance
  • D. Orchestrator

Answer: D

Explanation:
Explanation
The sx_api_ports_dump.py command should be run on the Orchestrator, which is the device that manages the communication and the configuration of the Security Groups and the SGMs. The command shows the port mapping and the traffic distribution for each Security Group, as well as the backplane bonds and the Orchestrator ports. The command does not work on the Management server, the Security Group, or the SMO Appliance, as they do not have the same role and functionality as the Orchestrator.
References
*R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates, page 2
*Maestro Expert (CCME) Course - Check Point Software, page 31
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, page 3


NEW QUESTION # 61
HealthCheck Point _____

  • A. is a self-updatable suite of tools for MHOs with the capability to assess the health of the system and provide a timeline of critical and informative events that might have occurred in a production system.
  • B. can be used to let you visualize the Firewall topology for the SG and view live statistics, which includes throughput, problem notes, and CPU utilization.
  • C. is a self-updatable suite of tools for SGMs with the capability to assess the health of the system, visualize the Firewall topology, provide a timeline of critical and informative events that might have occurred in a production system.
  • D. performs a system health check and is meant to replace both a CPInfo and the health check script.

Answer: C

Explanation:
Explanation
HealthCheck Point (HCP) is a tool that can perform various tests and checks on the system components of the Security Group Modules (SGMs), such as hardware, software, network, clock,ARP, and more. It can also display the performance statistics of the SGMs, such as throughput, packet rate, CPU utilization, memory usage, and more. Additionally, HCP can provide a graphical representation of the Firewall topology for the Security Group, showing the connections and statuses of the SGMs and the Orchestrators. Furthermore, HCP can generate a report of the critical and informative events that occurred on the system, such as configuration changes, errors, warnings, and alerts. HCP can help identify and troubleshoot any issues or errors that may affect the system functionality or performance.
References =
*HealthCheck Point (HCP) Release Updates - Check Point Software 1
*Professional Services Healthcheck - Check Point Software 2
*HealthCheck Point - Check Point CheckMates 3


NEW QUESTION # 62
What is the purpose of g_tcpdump command?

  • A. Collects traffic dump from all Active Appliances within Security Group
  • B. Collects traffic dump from Sync network
  • C. The same as tcpdump, just on Scalable Platform
  • D. Collects traffic dump from CIN network

Answer: A

Explanation:
Explanation
_tcpdump" probably collects traffic dumps from all active appliances within a security group, aligning with the naming convention and function of similar commands in scalable platforms.
References
*Maestro Expert (CCME) Course - Check Point Software, page 331
*What is 'IN' and 'OUT' of g_tcpdump? - Check Point CheckMates2
*CHECK POINT MAESTRO EXPERT, page 23


NEW QUESTION # 63
What is the Correction Layer?

  • A. Correction Layer is a mechanism which handles asymmetric connections in multi-appliance system. For example, in case of NAT
  • B. Correction Layer is a daemon which corrects errors on Backplane interfaces
  • C. Correction Layer is a mechanism which activated in case of asymmetric routing
  • D. Correction Layer is a Layer of GAIA OS which corrects misspelled commands and allows them to execute

Answer: A

Explanation:
Explanation
The Correction Layer is a Maestro component that ensures that packets from the same connection are handled by the same Security Group Module (SGM) in a multi-appliance system. This is especially important when NAT is involved, as packets sent from the client to the server can be distributed to a different SGM than packets from the same session sent from the server to the client. The Correction Layer must then forward the packet to the correct SGM.
References:
*NAT and the Correction Layer on a Security Gateway - Check Point Software1
*Solved: Maestro queries - Check Point CheckMates


NEW QUESTION # 64
When a VPN tunnel is formed with a Maestro SGM,

  • A. The MHO handles the IKE before distributing the traffic to a SGM to handle all encrypted traffic. This helps to prevent any issues with the correction layer.
  • B. The receiving SGM makes an encryption decision. The SGM then syncs the traffic to two backup SGMs: one for clear traffic and one for encrypted traffic.
  • C. The MHO distributes copies of the packets to two different SGMs because SGM 1 will handle the clear traffic IKE exchange packets, while SGM2 handles encrypted packets.
  • D. SGM 1 analyzes the policy and topology. If encryption is required, it calculates the tunnel owner's IP address. SGM 1 sends a clear packet to the tunnel owner. SGM 2 is now the connectionand tunnel owner.

Answer: A

Explanation:
Explanation
In scalable security environments, initial IKE (Internet Key Exchange) handling by a central orchestrator before distributing traffic for encryption is a common approach to maintain efficiency and security.


NEW QUESTION # 65
Possibilities for a failure in a single SGM of a Security Group include.

  • A. A change was made with clish instead of gClish, causing the SGM to handle traffic differently than the other SGMs.
  • B. There are too many active SGMs in the SG.
  • C. An administrator imported a hotfix into the CPUSE repository of a single SGM.
  • D. SecureXL is not enabled on the SGM.

Answer: C

Explanation:
Explanation
One of the possible causes of a failure in a single SGM of a Security Group is that an administrator imported a hotfix into the CPUSE repository of a single SGM, instead of using the orchestrator to distribute the hotfix to all the SGMs in the Security Group. This can create a mismatch in the software versions and configurations of the SGMs, and lead to unexpected behavior and errors.
References
*Maestro Expert (CCME) Course - Check Point Software, page 251
*sk172923: The /var/log/messages file does not save Maestro Gaia Clish commands2
*sk180418: Security Gateway Member (SGM) is stuck after it is added to a Security Group with image auto cloning enabled on the Single Management Object (SMO)


NEW QUESTION # 66
Which command is used to set the number of sites in a Maestro environment?

  • A. set maestro configuration orchestrator-site-number
  • B. set maestro orchestrator-site-amount
  • C. set maestro configuration orchestrator-site-amount
  • D. set maestro configuration orchestrator-site-id

Answer: C

Explanation:
Explanation
This command is used to set the number of sites in a Maestro environment, which can be either one or two.
The number of sites determines the site-sync configuration and the failover policies for the Security Groups and the Security Group Members. The default value is one, and it can be changed only before the first Security Group is created.
References =
*Maestro basic setup documentation - Page 2 - Check Point CheckMates
*Check Point R81.10 for Scalable Platforms - Check Point Software
*CHECK POINT MAESTRO EXPERT


NEW QUESTION # 67
There is a Security group of 10 Appliances and all of them are up and running. How many Appliances within a Security Group keep the same connection in its connection table in case of NAT?

  • A. 0
  • B. 1
  • C. All 10
  • D. Between 2 and 4

Answer: D

Explanation:
Explanation
References =
*Check Point Maestro R81.X Administration Guide, page 64, section "Correction Layer" 1
*Check Point Maestro R81.X Getting Started Guide, page 26, section "Correction Layer" 2
*Check Point Maestro Under the Hood presentation by Lari Luoma, slide 23
*Check Point Maestro Frequently Asked Questions (FAQ), question 9
1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frame
:
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/maestro/1191/1/Check%20Mates%20M
:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=


NEW QUESTION # 68
......

Study resources for the Valid 156-836 Braindumps: https://www.examcollectionpass.com/CheckPoint/156-836-practice-exam-dumps.html

156-836 Dumps are Available for Instant Access: https://drive.google.com/open?id=1onFeqTf-TviziQx0psPtKLAiQTFtZRfs

Related Articles

more
CheckPoint 156-836 Certification Practice Exam