Check Point Certified Maestro Expert (CCME) R81.X Questions and Answers
Question 17
Possibilities for a failure in a single SGM of a Security Group include.
Options:
A.
A change was made with clish instead of gClish, causing the SGM to handle traffic differently than the other SGMs.
B.
SecureXL is not enabled on the SGM.
C.
An administrator imported a hotfix into the CPUSE repository of a single SGM.
D.
There are too many active SGMs in the SG.
Answer:
C
Explanation:
Explanation:
One of the possible causes of a failure in a single SGM of a Security Group is that an administrator imported a hotfix into the CPUSE repository of a single SGM, instead of using the orchestrator to distribute the hotfix to all the SGMs in the Security Group. This can create a mismatch in the software versions and configurations of the SGMs, and lead to unexpected behavior and errors.
References
•Maestro Expert (CCME) Course - Check Point Software, page 251
•sk172923: The /var/log/messages file does not save Maestro Gaia Clish commands2
•sk180418: Security Gateway Member (SGM) is stuck after it is added to a Security Group with image auto cloning enabled on the Single Management Object (SMO)
Question 18
What is the Orchestrator?
Options:
A.
Network Switch
B.
Manager of compute and network resources, load balancer and network switch
C.
Load balancer
D.
None of above
Answer:
B
Explanation:
Explanation:
The Orchestrator is a Maestro component that manages the compute and network resources of the Security Group Modules (SGMs) in a Security Group. It also acts as a load balancer and a network switch, distributing traffic among the SGMs and connecting them to the customer’s network infrastructure.
References:
•Maestro Expert (CCME) Course - Check Point Software, page 41
•Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline
Question 19
What does asg monitor command do?
Options:
A.
This command does not exist
B.
Monitor health status of entire system
C.
Monitor traffic on Appliances in Security Group
D.
Show real-time cluster status of Appliances in Security Group
Answer:
D
Explanation:
Explanation:
The "asg monitor" command generally would show real-time cluster status of appliances in a security group, focusing on health and operational status.
Question 20
What kinds of transceivers are supported on Orchestrator MHO-170?
Options:
A.
SFP, QSFP, QSFP28
B.
SFP+, SFP28, QSFP
C.
SFP, SFP+, SFP28
D.
QSFP, QSFP28
Answer:
D
Explanation:
Explanation:
The Orchestrator MHO-170 supports QSFP and QSFP28 transceivers on its 32x 100 GbE ports. QSFP stands for Quad Small Form-factor Pluggable and QSFP28 is an enhanced version of QSFP that supports up to 28 Gbps per lane. These transceivers can provide high-speed and high-density connectivity for the Maestro environment.
References
•Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2
•Maestro Transceiver & DAC Inventory - Check Point CheckMates