1
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
vi
g_update_conf_file
g_update_kernel
g_all update_conf_file
2
Splitter cannot be used _________________________
To Connect single port on Orchestrator to the same Appliance
To connect single port on Appliance to multiple ports on the Orchestrator
To connect single port on Orchestrator to multiple Appliances
To connect single port on Orchestrator to multiple port on external switch
3
How many power supplies are presented on MHO-140?
1 with option for 2
2
1
4
4
What is the maximum amount of Appliances within Security group in Dual-Site configuration?
28
16
15
41
5
What can be learned from output of sx_api_ports_dump.py command?
Information about downlink port only
Information about Security Groups
Information about backplane bonds
Orchestrator port status
6
In order to set Site (chassis) priority per VS, following command should be used:
From given VS0 context: set chassis high-availability vs chassis_priority
From VS0 context: set chassis-availability vs <vsid> chassis_priority
From given VS context: set chassis high-availability vs chassis_priority
From any VS context: set chassis high-availability vs <vsid> chassis_priority
7
Complete the sentence: Orchestrator work as.......
Load Sharing cluster
Active-Standby cluster
Hot-Swap RAID
Active-Active cluster
8
What type of cluster can a Security Group can be compared to?
Active/Standby
Active/Backup
VSLS
Load Sharing Active/Active
9
What is the default range of physical ports for downlinks on Orchestrator MHO-170?
3-16
17-31
1-16
25-32
10
There are two appliances within the same Security Group. One of them is connected by One downlink only, another one by Two downlinks. Assuming there's no NAT and no VPN, what would be proportion of traffic distribution done by Orchestrator?
50% / 50%
33% /66%
100% / 0%
66% / 33%
11
What kinds of transceivers are supported on Orchestrator MHO-140?
SFP, SFP+, SFP28
SFP, QSFP, QSFP28
SFP+, SFP28, QSFP
SFP, SFP+, QSFP, QSFP28
12
What is a Security Group?
Logical group of computer and network resources
Group of security administrators
Group of security gateways
Group of appliances with enable NGTX software blades
13
What is the maximum amount of Appliances within the same Security Group?
31
16
8
52
14
There is a Security group of 10 Appliances and all of them are up and running. How many Appliances within a Security Group keep the same connection in its connection table in case of NAT?
2
all 10
3
Between 2 and 4
15
What is the minimal amount of cables needed in order to connect an Appliance to an Orchestrator?
One Downlink cable only
Three cables: uplink, downlink, SYNC
Two cables: one uplink and one downlink
Four cables: uplink, downlink, SYNC and Management
16
What is the purpose of g_tcpdump command?
Collects traffic dump from all Active Appliances within Security Group
Collects traffic dump from CIN network
The same as tcpdump, just on Scalable Platform
Collects traffic dump from Sync network
17
What is the basic installation sequence of the Orchestrator in case of single Orchestrator? 1. Create a Security Group 2. Configure Default Gateway 3. Connect with Serial Console cable to the Orchestrator 4. Configure IP for one its Management interfaces 5. Connect an appliance to a downlink port 6. Change Orchestrator amount to 1 7. Browse to the Orchestrator's WebUI
3-4-2-6-5-7-1
3-1-7-2-4-6-5
7-4-2-5-3-1-6
1-4-2-5-7-3-6
18
18- What is the correct flow of Appliance connection tables updates? 1. Orchestrator send a packet to the Active Appliance 2. Active Appliance sends a connection information to the Backup Appliance using the Sync network 3. Active Appliance calculates wich Appliance will be Backup 4. Orchestrator calculates which ports is Active Appliance is connected to 5. Both Active and Backup Appliances are updating connection tables 6. Orchestrator gets the packet the from uplink interface
6-4-3-5-2-1
4-1-3-6-5-2
6-4-1-3-2-5
4-6-3-1-2-5
19
What is the default range of physical ports for downlinks on Orchestrator MHO-140?
25-47
27-47
1-48
1-25
20
What is the default IP range of CIN network (with no increment)?
198.51.100.0
192.168.1.0
192.0.2.0
The same as Management network
21
What cannot be learned from the output of lldpctl?
Distribution mode
Appliance Model
Orchestrator's IP
Serial number of Appliance
22
What is the default Distribution mode?
Network
Manual-General
User
Auto-topology
23
What is the default IP range of External Sync (Site Sync) network?
203.0.113.0
192.0.2.0
192.168.1.0
198.51.100.0
24
What does the lldpctl command do?
Show all devices discovered by LLDP protocol on uplink ports
Discover orchestrators
Show all devices discovered by LLDP protocol on all ports
Show all devices discovered by LLDP protocol on downlink ports
25
What is the distribution mode?
Distribution mode means selected algorithm for traffic distribution in between Appliances
Distribution mode means selected algorithm for traffic distribution in between Orchestrators
Distribution mode is how the Orchestrator distributes traffic in between Security Groups
Distribution mode is the same as QSFP mode
26
What cannot be learned from the output of asg monitor command?
Security Policy status
Uptime
Appliances cluster status
Port Status
27
What kinds of transceivers are supported on Orchestrator MHO-170?
SFP, SFP+, SFP28
QSFP, QSFP28
SFP+, SFP28, QSFP
SFP, QSFP, QSFP28
28
What does asg monitor command do?
Monitor traffic on Appliances in Security Group
Show real-time cluster status of Appliances in the Security Group
Monitor health status of entire system
This command does not exist
29
How many Orchestrators may Dual-Site include?
2 or 4
2
Only 4
1
30
What is the command 'asg diag' used for?
Asg diag is used for system diagnostics
Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro
Asg diag is used for creating traffic flow diagrams
Asg diag is used for system backup
31
Which file on Appliance includes information about Security Group?
/etc/sgdb.json
/etc/distutil.json
/etc/chassisdb.json
/etc/smodb.json
32
Where should sx_api_ports_dump.py command be ran?
Management Server
Security Group
SMO Appliance
Orchestrator
33
What does the command 'g_all' do?
Bring up all Appliances
Switches all Appliances to Global mode
It's followed by other command and execute it on all Appliances connected to Orchestrator
It's followed by other command and execute it on all active Appliances within Security Group
34
What cannot be a reason for "Failed to get remote orchestrator interfaces" error message, when clicking on "Orchestrator" in WebUI
Remote Orchestrator has no empty interfaces
One Orchestrator only, but Orchestrator amount is 2 or no Sync in between Orchestrators
No Sync between Orchestrators
Single Orchestrator environment, but configured Orchestrator amount is 2
35
In case of Correction, where is information about Owner stored?
In Connection tables of all Appliances participating in Correction Layer flow
In Connection table of Target Appliances
In Correction table of Target Appliance
In Correction tables of all Appliances participating in Correction Layer flow
36
What is the max amount of Orchestrators in Dual-site setup?
4
2 per Security Group
4 per Security Group
2
37
What cannot be a reason for DETACHED status of Appliance when running asg monitor command?
Appliance reboots
Appliance installed with R80.20
Appliance is a member of Security Group, but currently disconnected
There's an issue with Downlink cable
38
One single Appliance supports 1M concurrent connections. How many concurrent connections will support Security Group of 2 Appliances?
1M
2M
500K
4M
39
Orchestrator should be defined in SmartConsole as:
Security Gateway
Orchestrator is not defined in SmartConsole
Host
Check Point host
40
Which command will be used in order to restart Orchestrator service only?
reboot
cpstop; cpstart
service orchestrator restart
orchd restart
41
There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?
Port1 in Slot 1 and Port 2 in Slot1
Any pair of available ports
Port 1 in Slot 2 and Port 2 in Slot 1
Port 1in Slot 1 and Port 1 in Slot 2
42
On MHO-170 - In default configuration, what are GAIA names of Security Group Management ports?
eth1-Mgmt1 and eth1-Mgmt3
eth1-Mgmt3 and eth1-Mgmt4
eth1-Mgmt1 and eth1-Mgmt2
eth1-Mgmt1 and eth2-Mgmt1
43
When running asg perf -v in a Dual-Site environment, we can see only Appliances from one of the sites. That means we're working in:
This is not Dual-Site, in Dual-Site we always see Appliances from both sites
Active / Active
VSLS mode
Active / Standby HA mode
44
What is the default IP range of Sync network (with no increment)?
The same as Management network
192.0.2.0
198.51.100.0
192.168.1.0
45
What kind of object should the administrator create for Security Group?
Cluster in case of Security GW and VSX cluster in case of VSX
Always Cluster object
Always Single GW
Single GW in case of Security GW and Single VSX GW in case of VSX
46
What kind of cluster Dual-Site can be compared to?
Active-Standby only
Active-Standby or VSLS
VSLS only
Active-Active
47
What is the minimal requirement for a Security Group?
None, it may be empty
1 Appliance and 1 administrator with multi-Domain admin permissions
2 Appliances and 2 ports
1 Appliance and 1 management Port
48
What is the throughput penalty of Security Group?
Depends on the type of Appliance
10% per Security Group with no relation to amount of members
1% per member
5% per member
49
What is the difference between Dual-Site and Multi-Room?
Multi-Room is a kind of Dual-Site deployment within the same building
Multi-Room is a Single-Site deployment where all Appliances are connected to both Orchestrators
Multi-Room is Active / Standby and Dual-Site is Active /Active
This is the same
50
What is the Orchestrator?
Manager of computer and network resources, load balancer and network switch
Load Balancer
Network Switch
None of above
51
What cannot be learned from the output of asg perf -v -p command?
Real-time throughput
Per-path distribution
Average CPU usage on Orchestrators
Average CPU usage on Appliances
52
What is the purpose of Management ports located on the Rear Panel of the Orchestrator MHO-140?
Reserved for internal purposes. Not in use
1Gbps connectivity for Security Groups
Additional ports used as uplinks
Out-of-band interfaces for access to Orchestrator itself
53
What is the purpose of RJ-45 connectors located at the front panel of Orchestrator MHO-170?
Two Out-of-band interfaces for access to Orchestrator itself
Out-of-band interface for access to Orchestrator itself and Serial Console connector
1Gbps connectivity for Security Groups
Reserved for internal purposes. Not in use
54
What is a downlink interface used for?
To connect appliances to Orchestrators
To connect in between Orchestrators
To connect appliances to customer's infrastructure
To connect Orchestrators to customer's infrastructure
55
How many power supplies are presented on MHO-170?
1 with option for 2
4
2
1
56
What is an uplink interface used for?
To connect in between Orchestrators
To connect Orchestrators to customer's infrastructure
To connect in between Orchestrators
To connect appliances to customer's infrastructure
57
For a VSX configuration - Which statement is wrong?
All Virtual Systems exist on the SMO
All Virtual Systems exist on all Appliances
VSX configuration is the same on all Appliances within the same Security Group
Each Appliance owns different Virtual Systems
58
Is it possible to define distribution mode per interface?
Yes, only for uplink interfaces
Yes, only for downlink interfaces
No, only for the Security Group
Yes for both uplink and downlink interfaces
59
What is the Sync network on Appliances used for?
To transfer data in case of full utilization of the downlink interfaces
To transfer configuration files from Orchestrators to Appliances
May be used for any purpose, but synchronization always have priority
To synchronize configurations and connections in between connection tables of different Appliances
60
What is a valid requirement for a supported Maestro Appliance?
10Gbps and 40 Gbps or 100Gbps card with double-VLAN and LLDP support
Line card with double-VLAN and LLDP support
at least one 10 Gbps line card
Nothing special as Maestro supports any Check Point appliance
61
Complete the sentence: When using a Break-out cable ...
Each tail of the break-out cable represent an independent port
All tails of the break-out cable must represent downlinks
All tails of the break-out cable must represent uplinks
All tails of the break-out cable must represent the same type of ports
62
What will happen in case of NAT of the traffic passing through Management network?
This traffic will pass with no inspection
This traffic will not pass correction, since it will be dropped
Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
Orchestrator will disable NAT and traffic will pass with no issue
63
There's a 23800 appliance with quad NIC in slot 5. What would be the name of port 3 on this NIC?
ethsBP5-03
ethsBP3-05
ethsBP-05
ethBP3-05
64
There are two 10Gbps dual-port NIC and one 40Gbps NIC installed on a 23800 Appliance in slot 1, 2 and 3 accordingly. Which interfaces should be connected to Orchestrator 1 for downlinks1 intra-orchestrator redundancy when using two Orchestrators?
Port 1 in Slot 1 and Port 2 in Slot 1
This configuration in not supported
Port 1 in Slot 2 and Port 2 in Slot 1
Any pair of available ports
65
In case of VSX: What is the right command to see overall performance details of all Appliances within the Security Group and all Virtual Systems?
asg perf -v -p
asg perf -vs all -v -vv
asg perf -v
asg perf -vs enabled -p
66
What is the Iterator process?
Iterator is the process that runs on the Orchestrator and calculates a distribution in case of Appliance recovery
Iterator is the process that follow Appliance recovery and simulates what was a distribution if recovered Appliance was alive
Iterator is the process that simulates distribution in case of Appliance failure
Iterator is the process that runs on the Orchestrator and calculates a distribution in case of Appliance failure
67
When running ifconfig command on an Appliance, there are interfaces shown in the list: eth1-Sync and eth2-Sync. What is the purpose of these interfaces?
These interfaces are bond members (slaves) of Sync Bond
These interfaces can be used as backup for Sync interface
These interfaces are not in use. Security GW module use Sync interface for synchronization
These interfaces represent physical Sync interface at the front panel of appliance
68
Which licenses should be issued for the Orchestrator?
Depends on Software Blades enabled on connected appliances
No licenses are required for Orchestrator
The Orchestrator is considered a Management server, hence it's licensed the same way
The Orchestrator requires NGTX license
69
Which setting is required in order to connect an appliance with 40Gbps downlink interface and DAC to the Orchestrator MHO-140?
On Orchestrator: Change port type from uplink to downlink
No change required
On Orchestrator: Change QSFP mode from 100Gbps to 40Gbps
On Appliance: Change a port speed to 10Gbps
70
Complete the sentence: Orchestrators works as...
Active-Standby cluster
Hot-Swap RAID
Load Sharing cluster
Active-Active cluster
71
Which type of port on the Orchestrator is used to connect to customer's Mail Server network?
Management Ports
Uplink ports
Downlink ports
Console ports
72
What command should be used for collecting diagnostic information about the orchestrator?
orch_info
asg perf -v
cpinfo
cpview
73
What is the default command line for Maestro?
gbash
clish
gclish
bash
74
Whats is Acronym of the SGM?
Security Gateway Module
System Gateway Module
Security Gateway Midia
Software Gateway Module
75
How is Asymmetric traffic dealt with in Maestro?
Correction layer mechanism
Correction table mechanism
Connection layer mechanism
Connection table mechanism
76
How are SGMs connected to Maestro HyperScale Orchestrator?
Direct Attached Cables
Different Attached Cables
Data Attached Cables
Data Action Connection
77
What is the name Cluster Syncronization mechanism that controls High Availability Maestro??
ClusterSync
ClusterXL
Hiper Sync
HyperSync
78
What is the speed of the port to port latency for Two MHOs connected together?
300 nanoseconds
1 nanosecond
10 Seconds
5 miliseconds
79
What port is used for Sync on a MHO-140
Port 48
Port 4
Port 35
Port 56
80
What Sync Port is used on a MHO-170
Port 32
Port 2
Port 25
Port 30
81
Whats is the name of the Management Interface Aggregation?
MIEGG
MAGG
MEGG
MIAGG
82
Does Maestro support Active-Active dual sites?
Yes, currently this feature is supported
No, currently unsupported
Yes, with the limitation
None of above
83
Can Orchestrators be connected using Layer 2 Devices?
No, currently unsupported
Only on next Checkpoint version
Yes, but they must be Q-in-Q compliant
None of above
84
For appliances in Maestro, what type of license deployment is allowed?
None of above
Central licensing
Local Licensing
Mixed licensing
85
How many management ports does a Maestro have for security groups?
2 Ports (MHO140) 4 Ports (MHO170)
4 Ports (MHO140) 4 Ports (MHO170)
6 Ports (MHO140) 4 Ports (MHO170)
4 Ports (MHO140) 2 Ports (MHO170)
86
How many devices can Maestro Accommodate?
8 Security Groups, 30 Appliances per Security Groups , 51 Appliances per System
10 Security Groups, 30 Appliances per Security Groups , 52 Appliances per System
6 Security Groups, 28 Appliances per Security Groups , 50 Appliances per System
8 Security Groups, 31 Appliances per Security Groups , 52 Appliances per System
87
What is the Central device of a Maestro Deployment?
Downlinks Cables and Uplinks Cables
Security Groups
Single Management Object
Hyperscale Orchestrator
88
What protocol the Gateways use to communicate with Maestro Orchestrators?
orch_info
LLDP
BGP
OSPF
89
Where do Appliances pull configuration from?
None of above
MHO and SMO
Local
Management Server
90
Which Member of a Security group becomes the SMO
The one with the lowest SGM ID
The one defined by configuration Management
The one defined by SMO
The one with the highest SGM ID