• Home
  • Blogs
  • [Q31-Q50] 156-836 Actual Questions 100% Same Braindumps with Actual Exam!

[Q31-Q50] 156-836 Actual Questions 100% Same Braindumps with Actual Exam!

Share

156-836 Actual Questions 100% Same Braindumps with Actual Exam!

156-836 Study Material, Preparation Guide and PDF Download

NEW QUESTION # 31
Layer 4 distribution is enabled by default in Maestro. Which is not a scenario when you would want to leave this enabled?

  • A. When dynamic routing protocols, such as BGP or OSPF are used.
  • B. When there is a heavy imbalance of traffic between the SGMs that are members of the same SG.
  • C. When the SG is NATing a very high percentage of traffic passing through it.
  • D. When there is a large number of source ports in use by protocols such as HTTP, HTTPS, and DNS.

Answer: A

Explanation:
Explanation
This is the correct answer because Layer 4 distribution is not recommended when dynamic routing protocols are used in Maestro. Layer 4 distribution is a feature that adds the source and/or destination ports to the distribution equation, which can improve the load balancing among the SGMs. However, it can also cause issues with the correction layer, which is a mechanism that ensures the packets are processed by the correct SGM. Dynamic routing protocols, such as BGP or OSPF, use specific ports to exchange routing information and establish neighbor relationships. If Layer 4 distribution is enabled, it can interfere with the routing protocol packets and cause routing instability or failures.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-20
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-8
*Layer 4 Distribution - Yes or No? - Check Point CheckMates
*Support, Support Requests, Training ... - Check Point Software


NEW QUESTION # 32
What is the command 'asg diag' used for?

  • A. Asg diag is used for system diagnostics
  • B. Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro
  • C. Asg diag is used for system backup
  • D. Asg diag is used for creating traffic flow diagrams

Answer: A

Explanation:
Explanation
The asg diag command is used for system diagnostics on both Maestro and Chassis systems. The asg diag command can perform various tests and checks on the system components, such as hardware, software, network, clock, ARP, and more. The asg diag command can help identify and troubleshoot any issues or errors that may affect the system functionality or performance.
References =
*Check Point Maestro R81.X Administration Guide, page 66, section "asg diag" 1
*Check Point Maestro R81.X Getting Started Guide, page 28, section "asg diag" 2
*Check Point Maestro Under the Hood presentation by Lari Luoma, slide 25
1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frame
:
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/maestro/1191/1/Check%20Mates%20M


NEW QUESTION # 33
Splitter cannot be used _______

  • A. To connect single port on orchestrator to multiple port on external switch
  • B. To connect single port on orchestrator to the same Appliance
  • C. To connect single port on Appliance to multiple ports on the orchestrator
  • D. To connect single port on orchestrator to multiple Appliances

Answer: B


NEW QUESTION # 34
In a Maestro Dual Site environment, what is the definition of the term Active Site.

  • A. The Active Site is the site currently handling the enforcement on traffic passing for a specific SG.Connections are synced within the SGMs in the Active Site.
  • B. There is no such thing as an active site. In a Dual Site environment, traffic is load balanced.
  • C. The Active Site is the site that is not handling any traffic for the specific SG, but itsconnections are synced to its SGMs from the MHOs to be ready in the event of a failover.
  • D. The Active Site is the site where the SMO Master exists.

Answer: A

Explanation:
Explanation
In a Maestro Dual Site environment, there are two sites that can host Security Group Members (SGMs) for each Security Group (SG). The Active Site is the one that is currently processing the traffic for a specific SG, while the Standby Site is the one that is ready to take over in case of a failover. The Active Site and the Standby Site can be different for different SGs, depending on the load balancing and failover policies. The Active Site and the Standby Site are synchronized by the Maestro Orchestrators (MHOs) using the Site-Sync port and VLANs.
References =
*Solved: Maestro dual site failover - Check Point CheckMates
*Maestro Dual Site configuration with a direct connection through L2 switches


NEW QUESTION # 35
What cannot be a reason for "Failed to get remote orchestrator interfaces" error message, when clicking on
"Orchestrator" in WebUI

  • A. No Sync between orchestrators
  • B. One orchestrator only, but Orchestrator amount is 2 or no Sync in between orchestrators
  • C. Single orchestrator environment, but configured Orchestrator amount is 2
  • D. Remote orchestrator has no empty interfaces

Answer: D

Explanation:
Explanation
One of the possible reasons for the "Failed to get remote orchestrator interfaces" error message, when clicking on "Orchestrator" in WebUI, is that the remote orchestrator has no empty interfaces that can be assigned to a security group. This can happen if all the interfaces on the remote orchestrator are already part of configured security groups, or if the remote orchestrator has no physical interfaces at all. In this case, the WebUI cannot display the unassigned interfaces of the remote orchestrator, and shows the error message.
References
*Not able to see unassigned interfaces on checkpoint Orchestrator
*Maestro 140 not detecting Interfaces
*Maestro Expert (CCME) Course - Check Point Software, page


NEW QUESTION # 36
What is the max amount of Orchestrators in Dual-site setup?

  • A. 4 per Security Group
  • B. 0
  • C. 1
  • D. 2 per Security Group

Answer: A

Explanation:
A Dual Site setup can have either two or four orchestrators, depending on the scenario. However, the maximum number of orchestrators per Security Group is four, regardless of the number of sites. This is because each Security Group can have up to two orchestrators on each site, and each site can have up to two orchestrators. Therefore, the maximum number of orchestrators in a Dual Site setup is four per Security Group.
References =
*Maestro Frequently Asked Questions (FAQ)
*Maestro Dual Site configuration with a direct connection through L2 switches
*Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)


NEW QUESTION # 37
What type of cluster can a Security Group can be compared to?

  • A. VSLS
  • B. Load Sharing Active / Active
  • C. Active / Standby
  • D. Active / Backup

Answer: B

Explanation:
A Security Group can be compared to a Load Sharing Active / Active cluster because it consists of multiple Security Group Members that share the traffic load and provide high availability and scalability. Each Security Group Member is an active firewall that processes traffic according to the Security Group policy and synchronizes its state with other members. The Maestro Orchestrator acts as a load balancer that distributes the traffic among the Security Group Members based on their capacity and availability.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.1: Introduction to Security Groups, page 2-4
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Group Overview, page 2-3


NEW QUESTION # 38
What Maestro component is automatically designated the SMO Master?

  • A. The first MHO configured is considered the SMO Master.
  • B. The MDS that pushes policy to the SMO is considered the SMO Master.
  • C. The SGM with the lowest member ID (the first one added to the security group.)
  • D. The SGM with the highest member ID (the last one added to the security group.)

Answer: C

Explanation:
Explanation
The SMO Master is the SGM that is responsible for synchronizing the configuration and policy with the other SGMs in the security group. The SMO Master is automatically designated as the SGM with the lowest member ID, which is usually the first one added to the security group. The SMO Master can be changed manually if needed.
References:
*Maestro Frequently Asked Questions (FAQ), under "What is a Single Management Object (SMO)?"
*Check Point Jump Start Course: Maestro, under "Maestro Security Groups"


NEW QUESTION # 39
In a Maestro Dual Site environment, what is the definition of the term Standby Site?

  • A. The Standby Site is the site that is not handling any traffic for the specific SG, but its connections are synced to its SGMs from the MHOs to be ready in the event of a failover.
  • B. The Standby Site is the site currently handling the enforcement on traffic passing for a specific SG.Connections are synced within the SGMs in the Active Site.
  • C. The Standby Site is the second site to have been defined in the process of configuring the Dual Site environment.
  • D. There is no such thing as an active site. In a Dual Site environment, traffic is load balanced.

Answer: A

Explanation:
In a Maestro Dual Site environment, the Standby Site is defined as the site that is not currently handling traffic for a specific Security Group (SG). Instead, it maintains synchronized connections with its Security Group Members (SGMs) via the Maestro Hyperscale Orchestrators (MHOs), ensuring it is ready to take over in the event of a failover. This setup enhances high availability and disaster recovery.
Exact Extract:
"In a Maestro Dual Site environment, the Standby Site is the site that is not handling any traffic for the specific Security Group, but its connections are synced to its Security Group Members (SGMs) from the Maestro Hyperscale Orchestrators (MHOs) to be ready in the event of a failover. This ensures high availability and seamless failover capabilities."
-Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 3: Dual Orchestrator Environment, Lesson 3.1: Introduction to Dual Orchestrator Environment, page 3-7
-Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: Dual Site Configuration, page 3-9 Explanation of Options:
* A. The Standby Site is the site that is not handling any traffic...: Correct, as this accurately describes the role of the Standby Site in a Dual Site environment, per the documentation.
* B. There is no such thing as an active site...: Incorrect, as Maestro Dual Site environments explicitly define Active and Standby Sites, not load-balanced traffic across both sites.
* C. The Standby Site is the second site to have been defined...: Incorrect, as the Standby Site is defined by its role (not handling traffic), not the order of configuration.
* D. The Standby Site is the site currently handling the enforcement...: Incorrect, as this describes the Active Site, not the Standby Site.
References:
Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 3: Dual Orchestrator Environment, Lesson 3.1: Introduction to Dual Orchestrator Environment, page 3-7 Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section:
Dual Site Configuration, page 3-9


NEW QUESTION # 40
Complete the sentence: Dual Orchestrators work as.______

  • A. Hot-Swap RAID
  • B. Active-Active cluster
  • C. Active - Standby cluster
  • D. Load Sharing cluster

Answer: B

Explanation:
Explanation
Dual Orchestrators work as an Active-Active cluster, which means that both Orchestrators are active and share the load of the traffic that is sent to and from the Security Group Members (SGMs). Active-Active cluster provides better performance and scalability than Active-Standby cluster, which only uses one Orchestrator at a time and keeps the other as a backup. Active-Active cluster also allows for faster failover and recovery in case of an Orchestrator failure, as the surviving Orchestrator can take over the traffic without interruption.
References
*Maestro Expert (CCME) Course - Check Point Software, page 25
*CheckPoint Certified Maestro Expert (CCME) - Skillzcafe, page 2
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, page 2


NEW QUESTION # 41
At a minimum, how many management and Uplink ports does a SG require?

  • A. One each.
  • B. Only one of the two interfaces is needed for the Security Group.
  • C. Two of each.
  • D. Neither are required.

Answer: A

Explanation:
A Security Group (SG) requires at least one management port and one uplink port to function properly. The management port is used to connect the SG to the Maestro Hyperscale Orchestrator (MHO) and the customer' s management infrastructure, such as SmartConsole or SmartDomain Manager. The uplink port is used to connect the SG to the customer's network infrastructure, such as switches, routers, or firewalls. The uplink port is also used to send and receive traffic from the customer's network to the SG.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 41
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline


NEW QUESTION # 42
What is an uplink interface used for?

  • A. To connect in between appliances
  • B. To connect Orchestrators to customer's infrastructure
  • C. To connect in between Orchestrators
  • D. To connect appliances to customer's infrastructure

Answer: B

Explanation:
Explanation
Uplink interfaces are used to connect Maestro Hyperscale Orchestrators (MHOs) to the customer's network infrastructure, such as switches, routers, or firewalls. They are also used to send and receive management and control traffic from the customer's network to the MHOs.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 41
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline


NEW QUESTION # 43
What is the maximum number of Appliances within Security group in Dual-Site configuration?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B


NEW QUESTION # 44
There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?

  • A. Port 1 in Slot 2 and Port 2 in Slot 1
  • B. Any pair of available ports
  • C. Port 1 in Slot 1 and Port 2 in Slot 1
  • D. Port 1 in Slot 1 and Port 1 in Slot 2

Answer: D

Explanation:
Explanation
The correct interfaces to connect to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators are Port 1 in Slot 1 and Port 1 in Slot 2. This is because each slot represents a different NIC, and each port represents a different physical link. By connecting two ports from different slots, the appliance can have redundant connections to the same orchestrator, and avoid a single point of failure in case of a NIC or link failure.
References
*Check Point 156-835 Certification Flashcards | Quizlet1
*Maestro Expert (CCME) Course - Check Point Software, page 182
*Maestro Technical Training, Module 2: Maestro Security Groups and the Single Management Object, slide
163


NEW QUESTION # 45
What command will be used for updating fwkern.conf file on all Appliances within Security Group?

  • A. g_update_conf_file
  • B. g_all update_conf_file
  • C. vi
  • D. g_update_kernel

Answer: A


NEW QUESTION # 46
For the MHO-175, which ports are Management ports?

  • A. Ports 5 - 26 are Management ports.
  • B. Ports 1 - 4 are Management ports.
  • C. Ports 27 - 47 are Management ports.
  • D. Ports 49 - 55 are Management ports.

Answer: B

Explanation:
Explanation
According to the Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-175 document1, ports 1 - 4 are Management ports that are used to connect the MHO to the customer's management infrastructure, such as SmartConsole or SmartDomain Manager. Ports 5 - 26 are Uplink ports that are used to connect the MHO to the customer's network infrastructure, such as switches, routers, or firewalls. Ports 27 -
47 are Downlink ports that are used to connect the MHO to the Security Group Modules (SGMs) in the Security Group. Ports 49 - 55 are Backplane ports that are used to connect the MHO to another MHO in a Dual Orchestrator environment.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 42
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline3
*Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-1751


NEW QUESTION # 47
What is the Orchestrator?

  • A. Network Switch
  • B. None of above
  • C. Manager of compute and network resources, load balancer and network switch
  • D. Load balancer

Answer: C

Explanation:
Explanation
The Orchestrator is a Maestro component that manages the compute and network resources of the Security Group Modules (SGMs) in a Security Group. It also acts as a load balancer and a network switch, distributing traffic among the SGMs and connecting them to the customer's network infrastructure.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 41
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline


NEW QUESTION # 48
What command should be used for collecting diagnostic information about the orchestrator?

  • A. orch_info
  • B. cpview
  • C. cpinfo
  • D. asg perf -v

Answer: C

Explanation:
Explanation
The cpinfo command is a tool that collects diagnostic information about the orchestrator, such as hardware, software, network, configuration, and logs. The cpinfo command generates a file that can be sent to Check Point Support for analysis and troubleshooting. The cpinfo command can be run on the orchestrator's CLI or WebUI.
References =
*Check Point Maestro R81.X Administration Guide, page 68, section "cpinfo" 1
*Check Point Maestro R81.X Getting Started Guide, page 30, section "cpinfo" 2
*Maestro Hyperscale Orchestrator Datasheet - Check Point Software 3
1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frame
3: https://www.checkpoint.com/downloads/products/maestro-hyperscale-orchestrator-datasheet.pdf


NEW QUESTION # 49
Which command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs?

  • A. asg monitor
  • B. cpview
  • C. asg stat -v
  • D. asg perf -v

Answer: C

Explanation:
The asg stat -v command is used to verify the status of Security Group Members (SGMs) during an upgrade in a Maestro environment. This command provides detailed status information, including whether SGMs are in the UP state, which is critical before proceeding with upgrades to other SGMs to ensure system stability and continuity.
Exact Extract:
"The command 'asg stat -v' can be used during an upgrade to verify that the upgraded Security Group Members (SGMs) have returned to UP status before upgrading other SGMs. This command provides a detailed view of the status of all SGMs in the Security Group, ensuring that the upgraded members are operational."
-Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.4: System Diagnostics, page 4-16
-Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: System Diagnostics, page 4-13 Explanation of Options:
* A. asg monitor: Incorrect, as asg monitor is used for real-time monitoring but does not provide detailed status verification for SGMs during upgrades.
* B. cpview: Incorrect, as cpview provides performance and system statistics but is not specific to verifying SGM status post-upgrade.
* C. asg perf -v: Incorrect, as asg perf -v focuses on performance metrics, not SGM status verification.
* D. asg stat -v: Correct, as this command is explicitly used to check the UP status of SGMs during upgrades, as per the documentation.
References:
Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.4: System Diagnostics, page 4-16 Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: System Diagnostics, page 4-13


NEW QUESTION # 50
......

156-836  Certification Study Guide Pass 156-836 Fast: https://surepass.actualtests4sure.com/156-836-practice-quiz.html

Related Blogs

more
CheckPoint 156-836 Certification Practice Exam

The best Pass-Sure Material is here waiting for you. Our Actual Quiz File helps you study and prepare for your exam efficiently, then pass exam easily. Don't hesitate. Just come and choose our Test Braindumps.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ACTUALTESTS4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy