• Home
  • Articles
  • 156-836 Dumps - Grab Out For [NEW-2024] CheckPoint Exam [Q17-Q34]

156-836 Dumps - Grab Out For [NEW-2024] CheckPoint Exam [Q17-Q34]

Share

156-836 Dumps - Grab Out For [NEW-2024] CheckPoint Exam

156-836 Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions


CheckPoint 156-836 exam consists of 90 multiple-choice questions that candidates must answer within 180 minutes. Candidates need to score at least 70% to pass the exam and earn their certification. 156-836 exam is delivered in a proctored environment and is available to candidates worldwide.

 

NEW QUESTION # 17
What does asg monitor command do?

  • A. Monitor traffic on Appliances in Security Group
  • B. Monitor health status of entire system
  • C. Show real-time cluster status of Appliances in Security Group
  • D. This command does not exist

Answer: C

Explanation:
Explanation
The "asg monitor" command generally would show real-time cluster status of appliances in a security group, focusing on health and operational status.


NEW QUESTION # 18
What is the command 'asg diag' used for?

  • A. Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro
  • B. Asg diag is used for creating traffic flow diagrams
  • C. Asg diag is used for system diagnostics
  • D. Asg diag is used for system backup

Answer: C

Explanation:
Explanation
The asg diag command is used for system diagnostics on both Maestro and Chassis systems. The asg diag command can perform various tests and checks on the system components, such as hardware, software, network, clock, ARP, and more. The asg diag command can help identify and troubleshoot any issues or errors that may affect the system functionality or performance.
References =
*Check Point Maestro R81.X Administration Guide, page 66, section "asg diag" 1
*Check Point Maestro R81.X Getting Started Guide, page 28, section "asg diag" 2
*Check Point Maestro Under the Hood presentation by Lari Luoma, slide 25
1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frame
:
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/maestro/1191/1/Check%20Mates%20M


NEW QUESTION # 19
Splitter cannot be used _______

  • A. To connect single port on orchestrator to multiple Appliances
  • B. To connect single port on orchestrator to the same Appliance
  • C. To connect single port on orchestrator to multiple port on external switch
  • D. To connect single port on Appliance to multiple ports on the orchestrator

Answer: B


NEW QUESTION # 20
In a dual MHO environment, MHO1 and MHO2 are connected to the SGM line cards in which way?

  • A. MHO1 and MHO2 are connected to the line cards in any order administrators see fit.
  • B. MHO 1 is connected to the even-numbered ports, while MHO2 is connected to odd-numbered ports.
  • C. MHO 1 is connected to the odd-numbered ports, while MHO2 is connected to even-numbered ports.
  • D. MHO1 and MHO2 are connected to the SGMs using the Sync cable.

Answer: B

Explanation:
Explanation
The correct way to connect MHO1 and MHO2 to the SGM line cards in a dual MHO environment is to use the even-numbered ports for MHO1 and the odd-numbered ports for MHO2. This is to ensure that each SGM has two downlinks to each MHO, and that the downlinks are balanced across the different NICs and links. This provides redundancy and high availability for the traffic flow between the SGMs and the MHOs.
References
*R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates, page 2
*Maestro Expert (CCME) Course - Check Point Software, page 18
*Maestro Technical Training, Module 2: Maestro Security Groups and the Single Management Object, slide 16


NEW QUESTION # 21
The _______ command will allow users to update the specified file on all SGMs.

  • A. g_update_conf_file
  • B. g_cat
  • C. g_all"
  • D. sed

Answer: A

Explanation:
Explanation
The g_update_conf_file command is a global command that allows users to update the specified file on all Security Group Members of the current Security Group. The command takes the file name and the parameter-value pair as arguments and updates the file accordingly. For example, g_update_conf_file fwkern.conf fwha_enable_arp=1 will add or modify the fwha_enable_arp parameter in the fwkern.conf file on all SGMs.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-12
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-10
*Maestro Commands for Security Groups - Check Point CheckMates


NEW QUESTION # 22
What kinds of transceivers are supported on Orchestrator MHO-170?

  • A. QSFP, QSFP28
  • B. SFP, SFP+, SFP28
  • C. SFP, QSFP, QSFP28
  • D. SFP+, SFP28, QSFP

Answer: A

Explanation:
Explanation
The Orchestrator MHO-170 supports QSFP and QSFP28 transceivers on its 32x 100 GbE ports. QSFP stands for Quad Small Form-factor Pluggable and QSFP28 is an enhanced version of QSFP that supports up to 28 Gbps per lane. These transceivers can provide high-speed and high-density connectivity for the Maestro environment.
References
*Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2
*Maestro Transceiver & DAC Inventory - Check Point CheckMates


NEW QUESTION # 23
There are two 10Gbps dual-port NICs and one 40Gbps NIC installed on a 23800 Appliance in slots 1, 2 and 3 accordingly. Which interfaces should be connected to Orchestrator 1 for downlinks' intra- orchestrator redundancy when using two Orchestrators?

  • A. This configuration is not supported
  • B. Port 1 in Slot 2 and Port 2 in Slot 1
  • C. Any pair of available ports
  • D. Port 1 in Slot 1 and Port 2 in Slot 1

Answer: D

Explanation:
Explanation
This configuration likely provides balanced and redundant connectivity for orchestrator redundancy.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 3: Dual Orchestrator Environment, Lesson 3.1: Introduction to Dual Orchestrator Environment, page 3-7
*Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section:
Downlinks, page 3-8
*Check Point 23800 Appliance Datasheet - Check Point Software, page 2


NEW QUESTION # 24
What happens if you apply a hotfix using gClish?

  • A. If you apply a hotfix using gclish, each SG members installs the hotfix and reboots after waiting it's turn to do so.
  • B. If you apply a hotfix using gclish, the operation will fail because an outage would occur.
  • C. Logical groups "A" and "B" are created. Members of group "A" install and reboot first. Then members of group "B" does the same once reboots have finished with group "A."
  • D. If you apply a hotfix using gclish, it causes an outage for the entire SG as all members reboot at roughly the same time.

Answer: C

Explanation:
Explanation
This is the correct answer because it describes the hotfix installation process using gClish on a Maestro Security Group. gClish is the global Clish that allows users to run commands on all UP SG members of the current Security Group at once. When a hotfix is applied using gClish, the SG members are divided into two logical groups: "A" and "B". The members of group "A" install the hotfix and reboot first, while the members of group "B" wait for their turn. After all the members of group "A" are back online, the members of group
"B" install the hotfix and reboot.This way, the SG maintains high availability and does not cause an outage.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-11
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-9
*Global Expert Mode Commands - Check Point CheckMates


NEW QUESTION # 25
What is the default Distribution mode?

  • A. Manual-General
  • B. Network
  • C. User
  • D. Auto-topology

Answer: D

Explanation:
Explanation
Auto-topology is the default distribution mode for Maestro Security Groups. In this mode, the Orchestrator assigns packets to a Security Group Member based on the topology of the port defined in the gateway object.
Each port is either in user mode or network mode depending on the topology. User mode means that the port is connected to the internal network and network mode means that the port is connected to the external network.
The Orchestrator uses a hash function to map each source IP or destination IP to a specific SGM, depending on the mode of the port. This mode ensures that all packets with the same source IP or destination IP are processed by the same SGM, regardless of the port or protocol.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-18
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7
*Lari Luoma | Lead Consultant | Maestro SME | Check Point Evangelist1, slide 16


NEW QUESTION # 26
What is the purpose of g_tcpdump command?

  • A. The same as tcpdump, just on Scalable Platform
  • B. Collects traffic dump from all Active Appliances within Security Group
  • C. Collects traffic dump from Sync network
  • D. Collects traffic dump from CIN network

Answer: B

Explanation:
Explanation
_tcpdump" probably collects traffic dumps from all active appliances within a security group, aligning with the naming convention and function of similar commands in scalable platforms.
References
*Maestro Expert (CCME) Course - Check Point Software, page 331
*What is 'IN' and 'OUT' of g_tcpdump? - Check Point CheckMates2
*CHECK POINT MAESTRO EXPERT, page 23


NEW QUESTION # 27
HealthCheck Point _____

  • A. is a self-updatable suite of tools for MHOs with the capability to assess the health of the system and provide a timeline of critical and informative events that might have occurred in a production system.
  • B. is a self-updatable suite of tools for SGMs with the capability to assess the health of the system, visualize the Firewall topology, provide a timeline of critical and informative events that might have occurred in a production system.
  • C. performs a system health check and is meant to replace both a CPInfo and the health check script.
  • D. can be used to let you visualize the Firewall topology for the SG and view live statistics, which includes throughput, problem notes, and CPU utilization.

Answer: B

Explanation:
Explanation
HealthCheck Point (HCP) is a tool that can perform various tests and checks on the system components of the Security Group Modules (SGMs), such as hardware, software, network, clock,ARP, and more. It can also display the performance statistics of the SGMs, such as throughput, packet rate, CPU utilization, memory usage, and more. Additionally, HCP can provide a graphical representation of the Firewall topology for the Security Group, showing the connections and statuses of the SGMs and the Orchestrators. Furthermore, HCP can generate a report of the critical and informative events that occurred on the system, such as configuration changes, errors, warnings, and alerts. HCP can help identify and troubleshoot any issues or errors that may affect the system functionality or performance.
References =
*HealthCheck Point (HCP) Release Updates - Check Point Software 1
*Professional Services Healthcheck - Check Point Software 2
*HealthCheck Point - Check Point CheckMates 3


NEW QUESTION # 28
Which blade configuration files should be backed up on the SG if upgrading from R80.30SP or earlier?

  • A. VPN configuration files
  • B. IPS configuration files
  • C. Mobile Access configuration files.
  • D. fwkern.conf files.

Answer: B

Explanation:
Explanation
References
*Maestro R80.30SP Jumbo Hotfix Accumulator, Section: Important Notes
*Check Point Maestro R80.30SP with Gaia 3.10, Section: Known Limitations
*Check Point SNMP MIB files, Section: Revision History


NEW QUESTION # 29
At a minimum, how many management and Uplink ports does a SG require?

  • A. One each.
  • B. Neither are required.
  • C. Only one of the two interfaces is needed for the Security Group.
  • D. Two of each.

Answer: A

Explanation:
Explanation
A Security Group (SG) requires at least one management port and one uplink port to function properly. The management port is used to connect the SG to the Maestro Hyperscale Orchestrator (MHO) and the customer's management infrastructure, such as SmartConsole or SmartDomain Manager. The uplink port is used to connect the SG to the customer's network infrastructure, such as switches, routers, or firewalls. The uplink port is also used to send and receive traffic from the customer's network to the SG.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 41
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline


NEW QUESTION # 30
What is a security group?

  • A. A solution for Security Gateway redundancy and Load Sharing.
  • B. A set of network interfaces and individual SGMs assigned to a logical group.
  • C. A set of appliances of the same model that are collectively managed by the MHO.
  • D. A set of objects in SmartConsole that are responsible for enforcing an access policy.

Answer: A

Explanation:
Explanation
Security groups are used to simplify management and policy enforcement across multiple devices or network segments, often offering redundancy and load balancing features


NEW QUESTION # 31
Do all MHOs need to be upgraded before starting the SGM upgrades?

  • A. During the upgrade process all SGMs should be upgraded before upgrading all of the MHOs.
  • B. A minimum of one of the MHOs should be upgraded before starting the SGM upgrades. However, there is no requirement to upgrade all the SGMs during the same maintenance window as the MHO
  • C. All MHOs must first be upgraded before starting the SGM upgrades However, there is no requirement to upgrade all the SGMs during the same maintenance window as the MHOs.
  • D. MHOs do not need to be upgraded at all because Maestro supports the use of different versions between the MHOs and SGMs.

Answer: C

Explanation:
Explanation
This is the correct answer because it follows the upgrade order and procedure specified in the R81.10 and R81.20 Administration Guides for Maestro environments. The MHOs are responsible for managing and synchronizing the SGMs, so they must be upgraded to the target version before the SGMs. However, the SGMs can be upgraded one by one or in batches, as long as they are compatible with the MHOs. The upgrade process also supports Multi-Version Clustering, which allows different versions of SGMs to operate in the same Security Group with zero downtime.
References =
*Check Point R81.10 for Scalable Platforms - Check Point Software
*Check Point R81.20 for Scalable Platforms - Check Point Software
*CHECK POINT MAESTRO EXPERT


NEW QUESTION # 32
There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?

  • A. Port 1 in Slot 1 and Port 1 in Slot 2
  • B. Port 1 in Slot 2 and Port 2 in Slot 1
  • C. Any pair of available ports
  • D. Port 1 in Slot 1 and Port 2 in Slot 1

Answer: A

Explanation:
Explanation
The correct interfaces to connect to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators are Port 1 in Slot 1 and Port 1 in Slot 2. This is because each slot represents a different NIC, and each port represents a different physical link. By connecting two ports from different slots, the appliance can have redundant connections to the same orchestrator, and avoid a single point of failure in case of a NIC or link failure.
References
*Check Point 156-835 Certification Flashcards | Quizlet1
*Maestro Expert (CCME) Course - Check Point Software, page 182
*Maestro Technical Training, Module 2: Maestro Security Groups and the Single Management Object, slide
163


NEW QUESTION # 33
What is the Orchestrator?

  • A. Load balancer
  • B. Network Switch
  • C. Manager of compute and network resources, load balancer and network switch
  • D. None of above

Answer: C

Explanation:
Explanation
The Orchestrator is a Maestro component that manages the compute and network resources of the Security Group Modules (SGMs) in a Security Group. It also acts as a load balancer and a network switch, distributing traffic among the SGMs and connecting them to the customer's network infrastructure.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 41
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline


NEW QUESTION # 34
......

Get New 156-836 Certification Practice Test Questions Exam Dumps: https://www.freecram.com/CheckPoint-certification/156-836-exam-dumps.html

Pass 156-836 Exam - Real Test Engine PDF with 77 Questions: https://drive.google.com/open?id=17-nNtU9C1kzTwtEjIQf9QIj8dQmZJkDw

Related Articles

more
Go To 156-836 Questions
0
0
0
10