Free 156-835 Sample Questions — Check Point Certified Maestro Expert

Which command will be used in order to restart Orchestrator service only?

• A. orchd restart
• B. cpstop; cpstart
• C. reboot
• D. service orchestrator restart

What happens when you make changes from Clish on the SMO Master?

• A. The changes are synchronized to the SMS/MDS as a backup
• B. The changes are synchronized to the MHO as a backup
• C. Changes are only applied on the SMO Master
• D. Changes are applied to all members in the SG

What is the default IP range of CIN network (with no increment)?

• A. 192.168.1.0
• B. 198.51.100.0
• C. The same as Management network
• D. 192.0.2.0

How many power supplies are presented on MHO-140?

• A. 2
• B. 4
• C. 1
• D. 1 with option for 2

What is the minimal requirement for a Security Group?

• A. 1 Appliance and 1 management port
• B. 2 Appliances and 2 ports
• C. 1 Appliance and 1 administrator with Multi-Domain admin permissions
• D. None, it may be empty

HealthCheck Point ____________.

• A. performs a system health check and is meant to replace both a CPInfo and the health check script
• B. can be used to let you visualize the Firewall topology for the SG and view live statistics, which includes throughput, problem notes, and CPU utilization
• C. is a self-updatable suite of tools for SGMs with the capability to assess the health of the system, visualize the Firewall topology, provide a timeline of critical and informative events that might have occurred in a production system

What cannot be learned from the output of asg perf -v -p command?

• A. Average CPU usage on Appliances
• B. Real-time throughput
• C. Average CPU usage on Orchestrators
• D. Per-path distribution

What is the default IP range of Sync network (with no increment)?

• A. The same as Management network
• B. 198.51.100.0
• C. 192.0.2.0
• D. 192.168.1.0

During an upgrade, is Multi-Version Clustering (MVC) supported?

• A. No, Maestro does not support MVC because ClusterXL is disabled during an upgrade
• B. No, Maestro does not support MVC
• C. Maestro supports MVC or full connectivity upgrade as of R80.40.
• D. Yes, MVC is supported as of R81 for Maestro

In what mode do MHOs process traffic?

• A. MHOs process traffic in load sharing mode
• B. MHOs process traffic in Active-Standby mode
• C. MHOs process traffic in Active-Active mode
• D. MHOs process traffic in VSLS mode

Logs without a dedicated log file can be found in

• A. /var/log/junk.log.dbg
• B. /var/log/messages
• C. $RTDIR/log/junk.log
• D. $FWDIR/log/fw.log

What is a Security Group?

• A. Logical group of computer and network resources
• B. Group of security administrators
• C. Group of security gateways
• D. Group of appliances with enabled NGTX software blades

What will happen in case of NAT of the traffic passing through Management network?

• A. This traffic will not pass correction, since it will be dropped
• B. This traffic will pass with no inspection
• C. Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
• D. Orchestrator will disable NAT and traffic will pass with no issue

What is an uplink interface used for?

• A. To connect in between Orchestrators
• B. To connect appliances to customer's infrastructure
• C. To connect Orchestrators to customer's infrastructure
• D. To connect in between appliances

What is the maximum amount of Appliances within Security group in Dual-Site configuration?

• A. 16
• B. 15
• C. 28
• D. 31

Is it possible to define distribution mode per interface?

• A. Yes, only for downlink interfaces
• B. No, only for the Security Group
• C. Yes, only for uplink interfaces
• D. Yes, for both uplink and downlink interfaces

When security policy is installed:

• A. All SGMs receive the security policy and one by one performs an independent policy verification. Then, all SGMs simultaneously install the policy
• B. The SMO Master receives the policy and performs a policy verification, the policy is installed on the SMO Master, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master, then the non-SMO Master SGMs install the policy
• C. All SGMs receive the security policy and simultaneous policy installation occurs
• D. The policy is installed on the SMO. the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master and perform an independent policy verification, then the non-SMO Master SGMs install the policy

What is the Iterator process?

• A. Iterator is the process that simulates distribution in case of Appliance failure
• B. Iterator is the process that follow Appliance recovery and simulates what was a distribution if recovered Appliance was alive
• C. Iterator is the process that runs on the Orchestrator and calculates a distribution in case of Appliance failure
• D. Iterator is the process that runs on the Orchestrator and calculates a distribution in case of Appliance recovery

What is the Orchestrator?

• A. Load balancer
• B. Network Switch
• C. Manager of compute and network resources, load balancer and network switch
• D. None of above

What type of cluster can a Security Group can be compared to?

• A. VSLS
• B. Load Sharing Active /Active
• C. Active / Backup
• D. Active / Standby