CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-836

Free 156-836 Exam Braindumps (page: 11)

Page 10 of 24
PDF with 94 Questions

What command can be run to show which SGM is selected to receive traffic?

  1. g_tcpdump
  2. asg monitor
  3. dxl calc
  4. asg calc

Answer(s): D

Explanation:

The asg calc command is a tool to show which SGM is selected to receive traffic based on the distribution mode and the packet parameters. It takes the port number, the source IP, the destination IP, and optionally the source port and the destination port as arguments and returns the SGM ID and the hash value. For example, asg calc 1 10.0.0.1 20.0.0.2 1234 80 will show which SGM will receive the traffic from 10.0.0.1:1234 to 20.0.0.2:80 on port 1.


Reference:

- Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.1: asg calc, page 4-5 - Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: asg calc, page 4-5
- asg calc - Check Point Software



Is it possible to define distribution mode per interface?

  1. Yes, only for downlink interfaces
  2. No, only for the Security Group
  3. Yes, only for uplink interfaces
  4. Yes, for both uplink and downlink interfaces

Answer(s): D

Explanation:

Maestro allows you to define the distribution mode per interface, which determines how traffic is distributed among the Security Group Modules (SGMs) in a Security Group. You can configure the distribution mode for each interface individually, or use the default mode for all interfaces. The distribution mode can be set for both uplink and downlink interfaces.


Reference:

- Check Point Maestro R81.X Administration Guide, page 62, section "Distribution Mode" 1 - Check Point Maestro R81.X Getting Started Guide, page 25, section "Distribution Mode" 2
1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarte d/html_frameset.htm



There are two appliances within the same Security Group. One of them is connected by One downlink only, another one by Two downlinks. Assuming there's no NAT and no VPN, what would be proportion of traffic distribution done by Orchestrator?

  1. 100%/0%
  2. 33%/66%
  3. 50%/50%
  4. 66%/33%

Answer(s): B



In case of Correction, where is information about Owner stored?

  1. In Correction table of Target Appliance
  2. In Connection tables of all Appliances participating in Correction Layer flow
  3. In Correction tables of all Appliances participating in Correction Layer flow
  4. In Connection table of Target Appliances

Answer(s): C

Explanation:

The Correction Layer is a mechanism that handles asymmetric connections in systems with several cluster members. It allows traffic flow to be handled by a single cluster member, even if the flow is asymmetric1
The Correction Layer works as follows:
- When a packet arrives at a cluster member, it checks if it is the owner of the connection. If yes, it processes the packet normally. If not, it checks the Correction table to find the owner of the connection.
- If the owner is found in the Correction table, the packet is forwarded to the owner with a Correction Layer header. The owner then processes the packet and removes the Correction Layer header before sending it to the destination.
- If the owner is not found in the Correction table, the packet is forwarded to the Maestro Orchestrator (MHO) with a Correction Layer header. The MHO then checks its own Correction table to find the owner of the connection. If the owner is found, the MHO forwards the packet to the owner with a Correction Layer header. If the owner is not found, the MHO drops the packet and sends an ICMP error message to the source.
- The Correction tables are updated by the MHO whenever a new connection is established or an existing connection is terminated. The MHO sends Correction Layer messages to all cluster members to inform them about the owner of each connection2






Post your Comments and Discuss Checkpoint 156-836 exam with other Community members:

156-836 Exam Discussions & Posts