• Home
  • Articles
  • [Nov 04, 2024] Pass CCME 156-836 Exam With 77 Questions [Q12-Q27]

[Nov 04, 2024] Pass CCME 156-836 Exam With 77 Questions [Q12-Q27]

Share

[Nov 04, 2024] Pass CCME 156-836 Exam With 77 Questions

Ultimate Guide to Prepare Free CheckPoint 156-836 Exam Questions and Answer


Preparing for the CCME certification exam requires a combination of hands-on experience and study materials. Check Point offers various training courses and study materials, including online courses, instructor-led courses, and study guides, to help candidates prepare for the exam.


To earn the CCME certification, candidates must pass the CCME certification exam, which is a combination of multiple-choice questions and scenario-based questions. 156-836 exam is designed to test a candidate's practical knowledge and skills in deploying and managing Maestro security architecture. Upon passing the exam, candidates will be awarded the CCME certification, which is a globally recognized certification that validates their expertise in managing complex security architectures using CheckPoint's Maestro technology.

 

NEW QUESTION # 12
During an upgrade, Is Multi-Version Clustering (MVC) supported?

  • A. Yes, MVC is supported as of R81 for Maestro.
  • B. Maestro supports MVC or full connectivity upgrade as of R80.40.
  • C. No, Maestro does not support MVC.
  • D. No. Maestro does not support MVC because ClusterXL is disabled during an upgrade.

Answer: A

Explanation:
Explanation
Multi-Version Clustering (MVC) is a feature that allows different versions of Security Gateways to operate in the same cluster and provide seamless failover and load balancing. MVC is supported for Maestro environments as of R81, which means that it is possible to upgrade the Security Groups in a Maestro environment as a Multi-Version Cluster with zero downtime. This requires that the Maestro Orchestrators are upgraded to R81.20 first, and then the Security Groups can be upgraded one by one to R81.20 while maintaining full connectivity and synchronization.
References =
*Check Point R81.20 for Scalable Platforms - Check Point Software
*Maestro Dual Site configuration with a direct connection through L2 switches
*CHECK POINT MAESTRO EXPERT


NEW QUESTION # 13
What does the lldpctl command do?

  • A. Show all devices discovered by LLDP protocol on uplink ports
  • B. Show all devices discovered by LLDP protocol on all ports
  • C. Discover orchestrators
  • D. Show all devices discovered by LLDP protocol on downlink ports

Answer: B

Explanation:
Explanation
The lldpctl command is a tool to display information about the devices discovered by the Link Layer Discovery Protocol (LLDP) on all ports of the Maestro Orchestrator and the Security Group Members. LLDP is a protocol that enables devices to exchange information about their identity, capabilities, and configuration.
LLDP can help to discover the topology and connectivity of the Maestro environment.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.2: LLDP, page 4-9
*Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section:
LLDP, page 3-9


NEW QUESTION # 14
What Maestro component acts as a load balancer and network switch?

  • A. Maestro Hyperscale Orchestrator (MHO)
  • B. Security Switching Module (SSM)
  • C. Security Group (SG)
  • D. Security Gateway Module (SGM)

Answer: A

Explanation:
Explanation
*The Quantum Maestro Orchestrator uses the Distribution Mode to assign incoming traffic to Security Group Members.
*Reference: Working with the Distribution Mode


NEW QUESTION # 15
In a Maestro Dual Site environment, what is the definition of the term Active Site.

  • A. There is no such thing as an active site. In a Dual Site environment, traffic is load balanced.
  • B. The Active Site is the site that is not handling any traffic for the specific SG, but itsconnections are synced to its SGMs from the MHOs to be ready in the event of a failover.
  • C. The Active Site is the site currently handling the enforcement on traffic passing for a specific SG.Connections are synced within the SGMs in the Active Site.
  • D. The Active Site is the site where the SMO Master exists.

Answer: C

Explanation:
Explanation
In a Maestro Dual Site environment, there are two sites that can host Security Group Members (SGMs) for each Security Group (SG). The Active Site is the one that is currently processing the traffic for a specific SG, while the Standby Site is the one that is ready to take over in case of a failover. The Active Site and the Standby Site can be different for different SGs, depending on the load balancing and failover policies. The Active Site and the Standby Site are synchronized by the Maestro Orchestrators (MHOs) using the Site-Sync port and VLANs.
References =
*Solved: Maestro dual site failover - Check Point CheckMates
*Maestro Dual Site configuration with a direct connection through L2 switches


NEW QUESTION # 16
What is the purpose of g_tcpdump command?

  • A. Collects traffic dump from Sync network
  • B. The same as tcpdump, just on Scalable Platform
  • C. Collects traffic dump from CIN network
  • D. Collects traffic dump from all Active Appliances within Security Group

Answer: D

Explanation:
Explanation
_tcpdump" probably collects traffic dumps from all active appliances within a security group, aligning with the naming convention and function of similar commands in scalable platforms.
References
*Maestro Expert (CCME) Course - Check Point Software, page 331
*What is 'IN' and 'OUT' of g_tcpdump? - Check Point CheckMates2
*CHECK POINT MAESTRO EXPERT, page 23


NEW QUESTION # 17
What type of cluster can a Security Group can be compared to?

  • A. Active / Standby
  • B. Load Sharing Active / Active
  • C. Active / Backup
  • D. VSLS

Answer: B

Explanation:
Explanation
A Security Group can be compared to a Load Sharing Active / Active cluster because it consists of multiple Security Group Members that share the traffic load and provide high availability and scalability. Each Security Group Member is an active firewall that processes traffic according to the Security Group policy and synchronizes its state with other members. The Maestro Orchestrator acts as a load balancer that distributes the traffic among the Security Group Members based on their capacity and availability.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.1: Introduction to Security Groups, page 2-4
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Group Overview, page 2-3


NEW QUESTION # 18
What is the max amount of Orchestrators in Dual-site setup?

  • A. 4 per Security Group
  • B. 2 per Security Group
  • C. 0
  • D. 1

Answer: A

Explanation:
Explanation
A Dual Site setup can have either two or four orchestrators, depending on the scenario. However, the maximum number of orchestrators per Security Group is four, regardless of the number of sites. This is because each Security Group can have up to two orchestrators on each site, and each site can have up to two orchestrators. Therefore, the maximum number of orchestrators in a Dual Site setup is four per Security Group.
References =
*Maestro Frequently Asked Questions (FAQ)
*Maestro Dual Site configuration with a direct connection through L2 switches
*Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)


NEW QUESTION # 19
What does asg monitor command do?

  • A. This command does not exist
  • B. Monitor traffic on Appliances in Security Group
  • C. Show real-time cluster status of Appliances in Security Group
  • D. Monitor health status of entire system

Answer: C

Explanation:
Explanation
The "asg monitor" command generally would show real-time cluster status of appliances in a security group, focusing on health and operational status.


NEW QUESTION # 20
The core four manual diagnostic tools include:
asg diag verify, asg perf -v, orch_stat -all, and

  • A. asg stat -v
  • B. hcp -r all
  • C. cpinfo
  • D. asg diag verify

Answer: A

Explanation:
Explanation
"Asg stat -v" could be a part of the core diagnostic tools, providing valuable statistics and information for manual diagnostics.
References =
*Maestro Expert (CCME) Course - Check Point Software 3
*Check Point Maestro R81.X Administration Guide 1
*Check Point Maestro R81.X Getting Started Guide 2
3: https://www.checkpoint.com/downloads/training/ccme-maestro-expert-r81.10-course.pdf 1:
https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frame


NEW QUESTION # 21
What is one benefit of a Dual MHO environment?

  • A. Dual MHOs allow better synchronization to occur between SGMs.
  • B. Dual MHOs provide redundancy to the Maestro environment by increasing throughput by at least 50 percent.
  • C. Dual MHOs allow additional SGMs to be added to the SG.
  • D. Dual MHOs can be used to achieve increased scalability and redundancy.
    .

Answer: D

Explanation:
Explanation
One of the benefits of a Dual MHO environment is that it can provide both scalability and redundancy to the Maestro system. Scalability means that the system can handle more traffic and SGMs as the demand grows, and redundancy means that the system can survive the failure of one or more components without losing functionality or performance. Dual MHOs can achieve these benefits by distributing the load and the management tasks among two orchestrators, and by providing backup and failover mechanisms for each other.
References
*Maestro Expert (CCME) Course - Check Point Software, page 251
*CheckPoint Certified Maestro Expert (CCME) - Skillzcafe, page 22
*Check Point Certified Maestro Expert (CCME) R81.X, page 23


NEW QUESTION # 22
Where should sx_api_ports_dump.py command be ran?

  • A. Orchestrator
  • B. SMO Appliance
  • C. Security Group
  • D. Management server

Answer: A

Explanation:
Explanation
The sx_api_ports_dump.py command should be run on the Orchestrator, which is the device that manages the communication and the configuration of the Security Groups and the SGMs. The command shows the port mapping and the traffic distribution for each Security Group, as well as the backplane bonds and the Orchestrator ports. The command does not work on the Management server, the Security Group, or the SMO Appliance, as they do not have the same role and functionality as the Orchestrator.
References
*R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates, page 2
*Maestro Expert (CCME) Course - Check Point Software, page 31
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, page 3


NEW QUESTION # 23
What is the Correction Layer mechanism?

  • A. Ensures asymmetric traffic is handled properly, especially in the case of NAT or VPNs.
  • B. The MHO's distribution algorithm which determines the handling SGM for a given connection.
  • C. The load-balancing mechanism used by the MHO.
  • D. Enforces the access policy on the SGMs and synchronizes the enforcement verdict to other SGMs in the SG.

Answer: A

Explanation:
Explanation
The Correction Layer mechanism is a Maestro component that ensures that packets from the same connection are handled by the same Security Group Module (SGM) in a multi-appliance system. This is especially important when NAT or VPNs are involved, as packets sent from the client to the server can be distributed to a different SGM than packets from the same session sent from the server to the client. The Correction Layer must then forward the packet to the correct SGM.
References:
*NAT and the Correction Layer on a VSX Gateway - Check Point Software1
*Solved: Maestro queries - Check Point CheckMates


NEW QUESTION # 24
What cannot be learned from the output of asg monitor command?

  • A. Appliances cluster status
  • B. Uptime
  • C. Port status
  • D. Security Policy status

Answer: D

Explanation:
Explanation
The asg monitor command is a tool to display the status and statistics of the Maestro Security Group Members and the Orchestrators. It shows information such as uptime, port status, CPU usage, memory usage, traffic distribution, and appliances cluster status. However, it does not show the security policy status, such as the policy name, installation time, or revision. To view the security policy status, other commands such as asg policy or fw stat can be used.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.1: asg monitor, page 4-3
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: asg monitor, page 4-3
*asg monitor - Check Point Software


NEW QUESTION # 25
Maestro allows running commands globally in Expert mode by using global prefixes, such as:

  • A. asg all
  • B. all
  • C. global
  • D. g_all

Answer: D

Explanation:
Explanation
The g_all prefix is used to run commands globally in Expert mode on all Security Group Members of the current Security Group. For example, g_all cpstop will stop the Check Point services on all SGMs. The other prefixes are not valid for global commands in Expert mode.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-11
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-9
*Global Expert Mode Commands - Check Point CheckMates


NEW QUESTION # 26
How does HyperSync work in a Dual Site environment?

  • A. Each active connection has a local backup (on the local site) and a second backup connection on each of the MHOs.
  • B. Each active connection has a backup connection on the second site (remote site.)
  • C. Each active connection has a local backup (on the local site) and a second backup connection on the second site (remote site.)
  • D. Each active connection has two local backups (on the local site) and a third backup connection on the second site (remote site.)

Answer: C

Explanation:
Explanation
HyperSync is a feature of Maestro that enables stateful synchronization of connections and resources across different sites in a Dual Site environment. HyperSync works by creating two backup connections for each active connection: one on the same site as the active connection, and another on the remote site. This ensures that the connection can be seamlessly resumed in case of a failover event, either within the same site or across the sites. HyperSync uses the Site-Sync port and VLANs to transmit the synchronization packets between the Security Group Members and the Maestro Orchestrators.
References =
*Maestro Dual Site configuration with a direct connection through L2 switches
*Maestro Frequently Asked Questions (FAQ)
*CHECK POINT MAESTRO EXPERT


NEW QUESTION # 27
......


Check Point Certified Maestro Expert - R81 (CCME) is the latest certification in this program. Check Point Certified Maestro Expert - R81 (CCME) certification exam is designed for network professionals who have already obtained the Check Point Certified Maestro Associate certification and want to further enhance their knowledge and skills in Maestro solution deployment and management.

 

Check Point Certified Maestro Expert - R81 (CCME) Practice Tests 2024 | Pass 156-836 with confidence!: https://drive.google.com/open?id=1pf71J-O18ZI2QeBwxW7Oz2iVbCGWLNWl

Pass 156-836 Tests Engine pdf - All Free Dumps: https://www.vce4plus.com/CheckPoint/156-836-valid-vce-dumps.html

Related Articles

more
CheckPoint 156-836 Certification Practice Exam