New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Checkpoint 156-836 Check Point Certified Maestro Expert (CCME) R81.X Exam Practice Test

Demo: 22 questions
Total 75 questions

Check Point Certified Maestro Expert (CCME) R81.X Questions and Answers

Question 1

What is the maximum number of Appliances within Security group in Dual-Site configuration?

Options:

A.

28

B.

31

C.

15

D.

16

Question 2

The _______ command will allow users to update the specified file on all SGMs.

Options:

A.

g_update_conf_file

B.

g_all"

C.

sed

D.

g_cat

Question 3

What is the max amount of Orchestrators in Dual-site setup?

Options:

A.

2 per Security Group

B.

4 per Security Group

C.

2

D.

4

Question 4

Possibilities for a failure in a single SGM of a Security Group include.

Options:

A.

A change was made with clish instead of gClish, causing the SGM to handle traffic differently than the other SGMs.

B.

SecureXL is not enabled on the SGM.

C.

An administrator imported a hotfix into the CPUSE repository of a single SGM.

D.

There are too many active SGMs in the SG.

Question 5

When security policy is installed

Options:

A.

All SGMs receive the security policy and one by one performs an independent policy verification. Then, all SGMs simultaneously install the policy.

B.

The SMO Master receives the policy and performs a policy verification the policy is installed on the SMO Master, the SMO Master broadcasts the available package, other membersretrieve the new policy from the SMO Master, then the non-SMO Master SGMs install the policy.

C.

All SGMs receive the security policy and simultaneous policy installation occurs.

D.

The policy is installed on the SMO, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master and perform an independent policy verification, then the non-SMO Master SGMs install the policy.

Question 6

How does HyperSync work in a Dual Site environment?

Options:

A.

Each active connection has two local backups (on the local site) and a third backup connection on the second site (remote site.)

B.

Each active connection has a backup connection on the second site (remote site.)

C.

Each active connection has a local backup (on the local site) and a second backup connection on the second site (remote site.)

D.

Each active connection has a local backup (on the local site) and a second backup connection on each of the MHOs.

Question 7

During an upgrade, Is Multi-Version Clustering (MVC) supported?

Options:

A.

No. Maestro does not support MVC because ClusterXL is disabled during an upgrade.

B.

No, Maestro does not support MVC.

C.

Maestro supports MVC or full connectivity upgrade as of R80.40.

D.

Yes, MVC is supported as of R81 for Maestro.

Question 8

What does the lldpctl command do?

Options:

A.

Show all devices discovered by LLDP protocol on downlink ports

B.

Show all devices discovered by LLDP protocol on all ports

C.

Discover orchestrators

D.

Show all devices discovered by LLDP protocol on uplink ports

Question 9

Maestro allows running commands globally in Expert mode by using global prefixes, such as:

Options:

A.

asg all

B.

g_all

C.

all

D.

global

Question 10

Which licenses should be issued for the Orchestrator?

Options:

A.

No licenses are required for Orchestrator

B.

Depends on Software Blades enabled on connected appliances

C.

The Orchestrator is considered a Management server, hence it's licensed the same way

D.

The Orchestrator requires NGTX license

Question 11

At a minimum, how many management and Uplink ports does a SG require?

Options:

A.

Only one of the two interfaces is needed for the Security Group.

B.

Neither are required.

C.

Two of each.

D.

One each.

Question 12

In case of Correction, where is information about Owner stored?

Options:

A.

In Correction table of Target Appliance

B.

In Connection tables of all Appliances participating in Correction Layer flow

C.

In Correction tables of all Appliances participating in Correction Layer flow

D.

In Connection table of Target Appliances

Question 13

What is the command 'asg diag' used for?

Options:

A.

Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro

B.

Asg diag is used for system backup

C.

Asg diag is used for system diagnostics

D.

Asg diag is used for creating traffic flow diagrams

Question 14

There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?

Options:

A.

Any pair of available ports

B.

Port 1 in Slot 1 and Port 1 in Slot 2

C.

Port 1 in Slot 1 and Port 2 in Slot 1

D.

Port 1 in Slot 2 and Port 2 in Slot 1

Question 15

What cannot be learned from the output of asg monitor command?

Options:

A.

Uptime

B.

Port status

C.

Security Policy status

D.

Appliances cluster status

Question 16

There are two 10Gbps dual-port NICs and one 40Gbps NIC installed on a 23800 Appliance in slots 1, 2 and 3 accordingly. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-

orchestrator redundancy when using two Orchestrators?

Options:

A.

Port 1 in Slot 2 and Port 2 in Slot 1

B.

This configuration is not supported

C.

Any pair of available ports

D.

Port 1 in Slot 1 and Port 2 in Slot 1

Question 17

What is the default Distribution mode?

Options:

A.

Auto-topology

B.

User

C.

Manual-General

D.

Network

Question 18

What kinds of transceivers are supported on Orchestrator MHO-140?

Options:

A.

SFP, QSFP, QSFP28

B.

SFP+, SFP28, QSFP

C.

SFP, SFP+, SFP28

D.

SFP, SFP+, QSFP, QSFP28

Question 19

What is the throughput penalty of Security Group?

Options:

A.

Depends on the type of Appliance

B.

1% per member

C.

10% per Security Group with no relation to the number of members

D.

5% per member

Question 20

HealthCheck Point _____

Options:

A.

is a self-updatable suite of tools for MHOs with the capability to assess the health of the system and provide a timeline of critical and informative events that might have occurred in a production system.

B.

performs a system health check and is meant to replace both a CPInfo and the health check script.

C.

can be used to let you visualize the Firewall topology for the SG and view live statistics, which includes throughput, problem notes, and CPU utilization.

D.

is a self-updatable suite of tools for SGMs with the capability to assess the health of the system, visualize the Firewall topology, provide a timeline of critical and informative events that might have occurred in a production system.

Question 21

After you import the R81.10 software package, what do you use to verify that it is possible to upgrade an MHO or SG?

Options:

A.

Run HCP. One of the tests will list upgrade eligibility status for the MHO or SG.

B.

Run the Pre-Upgrade Verifier to make sure it is possible to upgrade

C.

Nothing. CPUSE will run a verification during the upgrade process to ensure the package is compatible.

D.

The package is verified during the import process and a warning or error will be displayed at that time.

Question 22

What is the Correction Layer mechanism?

Options:

A.

Ensures asymmetric traffic is handled properly, especially in the case of NAT or VPNs.

B.

The load-balancing mechanism used by the MHO.

C.

The MHO's distribution algorithm which determines the handling SGM for a given connection.

D.

Enforces the access policy on the SGMs and synchronizes the enforcement verdict to other SGMs in the SG.

Demo: 22 questions
Total 75 questions