CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-836

Free 156-836 Exam Braindumps

Which distribution mode assigns packets to an SGM based solely on the packet destination IP?

  1. User mode
  2. Manual mode
  3. Network mode
  4. Auto-topology mode

Answer(s): C

Explanation:

Network mode is the distribution mode that assigns packets to an SGM based solely on the packet destination IP. In this mode, the Orchestrator uses a hash function to map each destination IP to a specific SGM. This mode ensures that all packets with the same destination IP are processed by the same SGM, regardless of the source IP or port. This mode is suitable for scenarios where the destination IP is the main factor for load balancing, such as NAT or VPN.


Reference:

- Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-19
- Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section:
Traffic Distribution, page 2-7
- Maestro basic setup documentation - Page 2 - Check Point CheckMates



When a VPN tunnel is formed with a Maestro SGM,

  1. The receiving SGM makes an encryption decision. The SGM then syncs the traffic to two backup SGMs: one for clear traffic and one for encrypted traffic.
  2. SGM 1 analyzes the policy and topology. If encryption is required, it calculates the tunnel owner's IP address. SGM 1 sends a clear packet to the tunnel owner. SGM 2 is now the connection and tunnel owner.
  3. The MHO handles the IKE before distributing the traffic to a SGM to handle all encrypted traffic.
    This helps to prevent any issues with the correction layer.
  4. The MHO distributes copies of the packets to two different SGMs because SGM 1 will handle the clear traffic IKE exchange packets, while SGM2 handles encrypted packets.

Answer(s): B



What is the default Distribution mode?

  1. Auto-topology
  2. User
  3. Manual-General
  4. Network

Answer(s): A

Explanation:

Auto-topology is the default distribution mode for Maestro Security Groups. In this mode, the Orchestrator assigns packets to a Security Group Member based on the topology of the port defined in the gateway object. Each port is either in user mode or network mode depending on the topology. User mode means that the port is connected to the internal network and network mode means that the port is connected to the external network. The Orchestrator uses a hash function to map each source IP or destination IP to a specific SGM, depending on the mode of the port. This mode ensures that all packets with the same source IP or destination IP are processed by the same SGM, regardless of the port or protocol.


Reference:

- Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-18
- Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section:

Traffic Distribution, page 2-7
- Lari Luoma | Lead Consultant | Maestro SME | Check Point Evangelist1, slide 16



Layer 4 distribution is enabled by default in Maestro.
Which is not a scenario when you would want to leave this enabled?

  1. When there is a large number of source ports in use by protocols such as HTTP, HTTPS, and DNS.
  2. When dynamic routing protocols, such as BGP or OSPF are used.
  3. When there is a heavy imbalance of traffic between the SGMs that are members of the same SG.
  4. When the SG is NATing a very high percentage of traffic passing through it.

Answer(s): B

Explanation:

This is the correct answer because Layer 4 distribution is not recommended when dynamic routing protocols are used in Maestro. Layer 4 distribution is a feature that adds the source and/or destination ports to the distribution equation, which can improve the load balancing among the SGMs. However, it can also cause issues with the correction layer, which is a mechanism that ensures the packets are processed by the correct SGM. Dynamic routing protocols, such as BGP or OSPF, use specific ports to exchange routing information and establish neighbor relationships. If Layer 4 distribution is enabled, it can interfere with the routing protocol packets and cause routing instability or failures.


Reference:

- Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-20
- Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section:
Traffic Distribution, page 2-8
- Layer 4 Distribution - Yes or No? - Check Point CheckMates - Support, Support Requests, Training ... - Check Point Software






Post your Comments and Discuss Checkpoint 156-836 exam with other Community members:

DeMalio commented on September 30, 2024
Very helpful and very accurate. Could not have passed this exam without this exam dump. Very grateful.
UNITED STATES
upvote

Pragati commented on September 30, 2024
Useful Resources
Anonymous
upvote

Dan commented on September 30, 2024
hi Thanks could you provide scenario based questions ?
FRANCE
upvote

Ashitosh commented on September 30, 2024
I m Ashitosh
JAPAN
upvote

Chipo Musenge commented on September 30, 2024
These revision are so insightful.
Anonymous
upvote

Han commented on September 30, 2024
I found the questions very helpful. I saw most users are saying that this exam is very hard. So I am trying every option to prepare and pass.
Anonymous
upvote

Lucas commented on September 30, 2024
Thank you! Great material
ISRAEL
upvote

Alejandro commented on September 30, 2024
My exam is coming up this week. I have prepared using this exam dumps. Let's see how it goes and I will share my result here.
UNITED STATES
upvote

Mary commented on September 29, 2024
This is a great material to study
COLOMBIA
upvote

Lorry commented on September 29, 2024
Hello users of this website, This exam is easy to pass with this study guide. All practice questions are the same as the real exam. I passed and got 93%.
Anonymous
upvote

Rizwan commented on September 29, 2024
It's very useful information in the reveal solutions.
Anonymous
upvote

Rizwan commented on September 29, 2024
I am trying to learn question and answer to attempt Exam tomorrow morning.
Anonymous
upvote

Elon commented on September 29, 2024
Hi! Has anyone attempted this exam recently? If so, please let me know if these questions are still relevant and appearing in the exam in the same format.
Anonymous
upvote

B commented on September 28, 2024
first time user, is this reliable
Anonymous
upvote

Parm commented on September 28, 2024
Good questions so far
UNITED STATES
upvote

Parm commented on September 28, 2024
Very good questions so far
UNITED STATES
upvote

Parminder commented on September 28, 2024
Good questions
UNITED STATES
upvote

Suresh G commented on September 28, 2024
Good content.
UNITED STATES
upvote

EG commented on September 28, 2024
Correct and explained answers. Thank you.
Anonymous
upvote

Haleem commented on September 28, 2024
This exam dump came to my rescue. Questions were very close to actual exam and I passed with 84%.
UNITED KINGDOM
upvote

krithika commented on September 28, 2024
Helpful ,Thank for the resources
Anonymous
upvote

Venkat commented on September 27, 2024
Preparing for certification
Anonymous
upvote

Nigel commented on September 27, 2024
Managed to pass my exam bu using the full version of this exam. This free version has less questions compared to PDF.
Spain
upvote

Kangaroo Jack commented on September 27, 2024
The best way to study and pass your exam. Quick and painless. The full PDF version is well worth the money.
AUSTRALIA
upvote

Ouahid commented on September 27, 2024
Thank you, it is very useful
AUSTRIA
upvote

Karlik commented on September 27, 2024
I passed the exam with help from this questions :)
Anonymous
upvote

Nate commented on September 27, 2024
Has anyone recently taken the exam? Can anyone confirm these questions are similar or word for word?
Anonymous
upvote

Birkha commented on September 27, 2024
NO comments
BHUTAN
upvote

raba commented on September 26, 2024
@khorshal can i use this alone to pass the exams
Anonymous
upvote

raba commented on September 26, 2024
some of the questions are straight forward
Anonymous
upvote

Judwa commented on September 26, 2024
This exam is super hard. I was overwhelmed. After using this exam dump, I went into the exam feeling a bit better. I passed my test. :-)
INDIA
upvote

Jubran commented on September 26, 2024
Clear explanations and well-structured content made it so much easier to prepare and pass.
UNITED STATES
upvote

KXK commented on September 26, 2024
The study guide was concise yet comprehensive. It helped me focus on the key topics and feel more prepared than ever!
INDIA
upvote

Chandra commented on September 26, 2024
I passed my exam with ease, thanks to the targeted material in this guide. It made a huge difference in how I prepared.
CANADA
upvote