Free 156-836 Exam Braindumps (page: 7)

Page 6 of 24

When security policy is installed

  1. All SGMs receive the security policy and one by one performs an independent policy verification.
    Then, all SGMs simultaneously install the policy.
  2. The SMO Master receives the policy and performs a policy verification the policy is installed on the SMO Master, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master, then the non-SMO Master SGMs install the policy.
  3. All SGMs receive the security policy and simultaneous policy installation occurs.
  4. The policy is installed on the SMO, the SMO Master broadcasts the available package, other members retrieve the new policy from the SMO Master and perform an independent policy verification, then the non-SMO Master SGMs install the policy.

Answer(s): B

Explanation:

This is the correct answer because it describes the security policy installation flow for a Maestro Security Group. The SMO Master is the Security Group Member that acts as the leader and the single point of contact for the Management Server. The SMO Master verifies the policy and installs it first, then notifies the other SGMs that a new policy is available. The other SGMs fetch the policy from the SMO Master and install it in parallel.


Reference:

- Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.3: Security Policy Installation, page 2-15
- Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section:
Security Policy Installation, page 2-13
- Policy installation flow - Check Point Software



What cannot be learned from the output of asg monitor command?

  1. Uptime
  2. Port status
  3. Security Policy status
  4. Appliances cluster status

Answer(s): D



Maestro allows running commands globally in Expert mode by using global prefixes, such as:

  1. asg all
  2. g_all
  3. all
  4. global

Answer(s): B

Explanation:

The g_all prefix is used to run commands globally in Expert mode on all Security Group Members of the current Security Group. For example, g_all cpstop will stop the Check Point services on all SGMs.

The other prefixes are not valid for global commands in Expert mode.


Reference:

- Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-11
- Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-9
- Global Expert Mode Commands - Check Point CheckMates



The ______________ command will allow users to update the specified file on all SGMs.

  1. g_update_conf_file
  2. g_all"
  3. sed
  4. g_cat

Answer(s): A

Explanation:

The g_update_conf_file command is a global command that allows users to update the specified file on all Security Group Members of the current Security Group. The command takes the file name and the parameter-value pair as arguments and updates the file accordingly. For example, g_update_conf_file fwkern.conf fwha_enable_arp=1 will add or modify the fwha_enable_arp parameter in the fwkern.conf file on all SGMs.


Reference:

- Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-12 - Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-10 - Maestro Commands for Security Groups - Check Point CheckMates






Post your Comments and Discuss Checkpoint 156-836 exam with other Community members:

156-836 Exam Discussions & Posts