1
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
g_all update_conf_file
vi
g_update_kernel
g_update_conf_file
2
Splitter cannot be used _________________________
To connect single port on Orchestrator to multiple port on external switch
To Connect single port on Orchestrator to the same Appliance
To connect single port on Orchestrator to multiple Appliances
To connect single port on Appliance to multiple ports on the Orchestrator
3
How many power supplies are presented on MHO-140?
1
4
2
1 with option for 2
4
What is the maximum amount of Appliances within Security group in Dual-Site configuration?
28
16
15
41
5
What can be learned from output of sx_api_ports_dump.py command?
Orchestrator port status
Information about downlink port only
Information about Security Groups
Information about backplane bonds
6
In order to set Site (chassis) priority per VS, following command should be used:
From given VS0 context: set chassis high-availability vs chassis_priority
From VS0 context: set chassis-availability vs <vsid> chassis_priority
From given VS context: set chassis high-availability vs chassis_priority
From any VS context: set chassis high-availability vs <vsid> chassis_priority
7
Complete the sentence: Orchestrator work as.......
Load Sharing cluster
Active-Active cluster
Active-Standby cluster
Hot-Swap RAID
8
What type of cluster can a Security Group can be compared to?
Load Sharing Active/Active
VSLS
Active/Backup
Active/Standby
9
What is the default range of physical ports for downlinks on Orchestrator MHO-170?
1-16
25-32
3-16
17-31
10
There are two appliances within the same Security Group. One of them is connected by One downlink only, another one by Two downlinks. Assuming there's no NAT and no VPN, what would be proportion of traffic distribution done by Orchestrator?
100% / 0%
66% / 33%
33% /66%
50% / 50%
11
What kinds of transceivers are supported on Orchestrator MHO-140?
SFP+, SFP28, QSFP
SFP, SFP+, SFP28
SFP, QSFP, QSFP28
SFP, SFP+, QSFP, QSFP28
12
What is a Security Group?
Group of security administrators
Group of security gateways
Group of appliances with enable NGTX software blades
Logical group of computer and network resources
13
What is the maximum amount of Appliances within the same Security Group?
31
8
52
16
14
There is a Security group of 10 Appliances and all of them are up and running. How many Appliances within a Security Group keep the same connection in its connection table in case of NAT?
2
3
all 10
Between 2 and 4
15
What is the minimal amount of cables needed in order to connect an Appliance to an Orchestrator?
Two cables: one uplink and one downlink
Three cables: uplink, downlink, SYNC
One Downlink cable only
Four cables: uplink, downlink, SYNC and Management
16
What is the purpose of g_tcpdump command?
Collects traffic dump from Sync network
The same as tcpdump, just on Scalable Platform
Collects traffic dump from CIN network
Collects traffic dump from all Active Appliances within Security Group
17
What is the basic installation sequence of the Orchestrator in case of single Orchestrator? 1. Create a Security Group 2. Configure Default Gateway 3. Connect with Serial Console cable to the Orchestrator 4. Configure IP for one its Management interfaces 5. Connect an appliance to a downlink port 6. Change Orchestrator amount to 1 7. Browse to the Orchestrator's WebUI
1-4-2-5-7-3-6
3-1-7-2-4-6-5
3-4-2-6-5-7-1
7-4-2-5-3-1-6
18
18- What is the correct flow of Appliance connection tables updates? 1. Orchestrator send a packet to the Active Appliance 2. Active Appliance sends a connection information to the Backup Appliance using the Sync network 3. Active Appliance calculates wich Appliance will be Backup 4. Orchestrator calculates which ports is Active Appliance is connected to 5. Both Active and Backup Appliances are updating connection tables 6. Orchestrator gets the packet the from uplink interface
6-4-1-3-2-5
4-1-3-6-5-2
4-6-3-1-2-5
6-4-3-5-2-1
19
What is the default range of physical ports for downlinks on Orchestrator MHO-140?
1-48
1-25
25-47
27-47
20
What is the default IP range of CIN network (with no increment)?
192.168.1.0
198.51.100.0
The same as Management network
192.0.2.0
21
What cannot be learned from the output of lldpctl?
Distribution mode
Serial number of Appliance
Appliance Model
Orchestrator's IP
22
What is the default Distribution mode?
Auto-topology
Network
User
Manual-General
23
What is the default IP range of External Sync (Site Sync) network?
192.168.1.0
203.0.113.0
192.0.2.0
198.51.100.0
24
What does the lldpctl command do?
Show all devices discovered by LLDP protocol on downlink ports
Show all devices discovered by LLDP protocol on all ports
Discover orchestrators
Show all devices discovered by LLDP protocol on uplink ports
25
What is the distribution mode?
Distribution mode is how the Orchestrator distributes traffic in between Security Groups
Distribution mode means selected algorithm for traffic distribution in between Orchestrators
Distribution mode is the same as QSFP mode
Distribution mode means selected algorithm for traffic distribution in between Appliances
26
What cannot be learned from the output of asg monitor command?
Port Status
Security Policy status
Appliances cluster status
Uptime
27
What kinds of transceivers are supported on Orchestrator MHO-170?
SFP, QSFP, QSFP28
QSFP, QSFP28
SFP, SFP+, SFP28
SFP+, SFP28, QSFP
28
What does asg monitor command do?
Monitor traffic on Appliances in Security Group
Monitor health status of entire system
Show real-time cluster status of Appliances in the Security Group
This command does not exist
29
How many Orchestrators may Dual-Site include?
2
Only 4
1
2 or 4
30
What is the command 'asg diag' used for?
Asg diag is used for system diagnostics
Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro
Asg diag is used for creating traffic flow diagrams
Asg diag is used for system backup
31
Which file on Appliance includes information about Security Group?
/etc/smodb.json
/etc/distutil.json
/etc/chassisdb.json
/etc/sgdb.json
32
Where should sx_api_ports_dump.py command be ran?
Security Group
SMO Appliance
Orchestrator
Management Server
33
What does the command 'g_all' do?
It's followed by other command and execute it on all active Appliances within Security Group
It's followed by other command and execute it on all Appliances connected to Orchestrator
Switches all Appliances to Global mode
Bring up all Appliances
34
What cannot be a reason for "Failed to get remote orchestrator interfaces" error message, when clicking on "Orchestrator" in WebUI
Single Orchestrator environment, but configured Orchestrator amount is 2
No Sync between Orchestrators
Remote Orchestrator has no empty interfaces
One Orchestrator only, but Orchestrator amount is 2 or no Sync in between Orchestrators
35
In case of Correction, where is information about Owner stored?
In Connection table of Target Appliances
In Correction table of Target Appliance
In Correction tables of all Appliances participating in Correction Layer flow
In Connection tables of all Appliances participating in Correction Layer flow
36
What is the max amount of Orchestrators in Dual-site setup?
2 per Security Group
4
2
4 per Security Group
37
What cannot be a reason for DETACHED status of Appliance when running asg monitor command?
Appliance reboots
Appliance installed with R80.20
There's an issue with Downlink cable
Appliance is a member of Security Group, but currently disconnected
38
One single Appliance supports 1M concurrent connections. How many concurrent connections will support Security Group of 2 Appliances?
2M
500K
4M
1M
39
Orchestrator should be defined in SmartConsole as:
Host
Orchestrator is not defined in SmartConsole
Check Point host
Security Gateway
40
Which command will be used in order to restart Orchestrator service only?
service orchestrator restart
reboot
cpstop; cpstart
orchd restart
41
There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?
Port 1in Slot 1 and Port 1 in Slot 2
Any pair of available ports
Port1 in Slot 1 and Port 2 in Slot1
Port 1 in Slot 2 and Port 2 in Slot 1
42
On MHO-170 - In default configuration, what are GAIA names of Security Group Management ports?
eth1-Mgmt1 and eth1-Mgmt3
eth1-Mgmt1 and eth2-Mgmt1
eth1-Mgmt1 and eth1-Mgmt2
eth1-Mgmt3 and eth1-Mgmt4
43
When running asg perf -v in a Dual-Site environment, we can see only Appliances from one of the sites. That means we're working in:
Active / Standby HA mode
This is not Dual-Site, in Dual-Site we always see Appliances from both sites
VSLS mode
Active / Active
44
What is the default IP range of Sync network (with no increment)?
The same as Management network
192.168.1.0
198.51.100.0
192.0.2.0
45
What kind of object should the administrator create for Security Group?
Always Cluster object
Cluster in case of Security GW and VSX cluster in case of VSX
Always Single GW
Single GW in case of Security GW and Single VSX GW in case of VSX
46
What kind of cluster Dual-Site can be compared to?
Active-Active
Active-Standby or VSLS
Active-Standby only
VSLS only
47
What is the minimal requirement for a Security Group?
None, it may be empty
1 Appliance and 1 administrator with multi-Domain admin permissions
2 Appliances and 2 ports
1 Appliance and 1 management Port
48
What is the throughput penalty of Security Group?
5% per member
10% per Security Group with no relation to amount of members
1% per member
Depends on the type of Appliance
49
What is the difference between Dual-Site and Multi-Room?
Multi-Room is Active / Standby and Dual-Site is Active /Active
Multi-Room is a Single-Site deployment where all Appliances are connected to both Orchestrators
This is the same
Multi-Room is a kind of Dual-Site deployment within the same building
50
What is the Orchestrator?
None of above
Manager of computer and network resources, load balancer and network switch
Network Switch
Load Balancer
51
What cannot be learned from the output of asg perf -v -p command?
Average CPU usage on Orchestrators
Average CPU usage on Appliances
Real-time throughput
Per-path distribution
52
What is the purpose of Management ports located on the Rear Panel of the Orchestrator MHO-140?
1Gbps connectivity for Security Groups
Out-of-band interfaces for access to Orchestrator itself
Reserved for internal purposes. Not in use
Additional ports used as uplinks
53
What is the purpose of RJ-45 connectors located at the front panel of Orchestrator MHO-170?
Out-of-band interface for access to Orchestrator itself and Serial Console connector
1Gbps connectivity for Security Groups
Reserved for internal purposes. Not in use
Two Out-of-band interfaces for access to Orchestrator itself
54
What is a downlink interface used for?
To connect appliances to Orchestrators
To connect Orchestrators to customer's infrastructure
To connect in between Orchestrators
To connect appliances to customer's infrastructure
55
How many power supplies are presented on MHO-170?
1
4
2
1 with option for 2
56
What is an uplink interface used for?
To connect in between Orchestrators
To connect in between Orchestrators
To connect Orchestrators to customer's infrastructure
To connect appliances to customer's infrastructure
57
For a VSX configuration - Which statement is wrong?
All Virtual Systems exist on the SMO
Each Appliance owns different Virtual Systems
All Virtual Systems exist on all Appliances
VSX configuration is the same on all Appliances within the same Security Group
58
Is it possible to define distribution mode per interface?
Yes for both uplink and downlink interfaces
Yes, only for downlink interfaces
No, only for the Security Group
Yes, only for uplink interfaces
59
What is the Sync network on Appliances used for?
To transfer data in case of full utilization of the downlink interfaces
To transfer configuration files from Orchestrators to Appliances
May be used for any purpose, but synchronization always have priority
To synchronize configurations and connections in between connection tables of different Appliances
60
What is a valid requirement for a supported Maestro Appliance?
10Gbps and 40 Gbps or 100Gbps card with double-VLAN and LLDP support
Line card with double-VLAN and LLDP support
at least one 10 Gbps line card
Nothing special as Maestro supports any Check Point appliance
61
Complete the sentence: When using a Break-out cable ...
All tails of the break-out cable must represent uplinks
All tails of the break-out cable must represent downlinks
Each tail of the break-out cable represent an independent port
All tails of the break-out cable must represent the same type of ports
62
What will happen in case of NAT of the traffic passing through Management network?
This traffic will not pass correction, since it will be dropped
This traffic will pass with no inspection
Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
Orchestrator will disable NAT and traffic will pass with no issue
63
There's a 23800 appliance with quad NIC in slot 5. What would be the name of port 3 on this NIC?
ethsBP5-03
ethBP3-05
ethsBP-05
ethsBP3-05
64
There are two 10Gbps dual-port NIC and one 40Gbps NIC installed on a 23800 Appliance in slot 1, 2 and 3 accordingly. Which interfaces should be connected to Orchestrator 1 for downlinks1 intra-orchestrator redundancy when using two Orchestrators?
This configuration in not supported
Port 1 in Slot 1 and Port 2 in Slot 1
Any pair of available ports
Port 1 in Slot 2 and Port 2 in Slot 1
65
In case of VSX: What is the right command to see overall performance details of all Appliances within the Security Group and all Virtual Systems?
asg perf -vs enabled -p
asg perf -v
asg perf -vs all -v -vv
asg perf -v -p
66
What is the Iterator process?
Iterator is the process that runs on the Orchestrator and calculates a distribution in case of Appliance recovery
Iterator is the process that runs on the Orchestrator and calculates a distribution in case of Appliance failure
Iterator is the process that simulates distribution in case of Appliance failure
Iterator is the process that follow Appliance recovery and simulates what was a distribution if recovered Appliance was alive
67
When running ifconfig command on an Appliance, there are interfaces shown in the list: eth1-Sync and eth2-Sync. What is the purpose of these interfaces?
These interfaces are not in use. Security GW module use Sync interface for synchronization
These interfaces are bond members (slaves) of Sync Bond
These interfaces represent physical Sync interface at the front panel of appliance
These interfaces can be used as backup for Sync interface
68
Which licenses should be issued for the Orchestrator?
Depends on Software Blades enabled on connected appliances
The Orchestrator requires NGTX license
The Orchestrator is considered a Management server, hence it's licensed the same way
No licenses are required for Orchestrator
69
Which setting is required in order to connect an appliance with 40Gbps downlink interface and DAC to the Orchestrator MHO-140?
On Orchestrator: Change port type from uplink to downlink
On Orchestrator: Change QSFP mode from 100Gbps to 40Gbps
No change required
On Appliance: Change a port speed to 10Gbps
70
Complete the sentence: Orchestrators works as...
Active-Active cluster
Hot-Swap RAID
Active-Standby cluster
Load Sharing cluster
71
Which type of port on the Orchestrator is used to connect to customer's Mail Server network?
Console ports
Uplink ports
Management Ports
Downlink ports
72
What command should be used for collecting diagnostic information about the orchestrator?
asg perf -v
orch_info
cpinfo
cpview
73
What is the default command line for Maestro?
clish
gbash
bash
gclish
74
Whats is Acronym of the SGM?
Security Gateway Module
System Gateway Module
Software Gateway Module
Security Gateway Midia
75
How is Asymmetric traffic dealt with in Maestro?
Correction table mechanism
Connection table mechanism
Connection layer mechanism
Correction layer mechanism
76
How are SGMs connected to Maestro HyperScale Orchestrator?
Different Attached Cables
Data Attached Cables
Data Action Connection
Direct Attached Cables
77
What is the name Cluster Syncronization mechanism that controls High Availability Maestro??
ClusterSync
HyperSync
Hiper Sync
ClusterXL
78
What is the speed of the port to port latency for Two MHOs connected together?
300 nanoseconds
1 nanosecond
5 miliseconds
10 Seconds
79
What port is used for Sync on a MHO-140
Port 48
Port 4
Port 35
Port 56
80
What Sync Port is used on a MHO-170
Port 32
Port 2
Port 30
Port 25
81
Whats is the name of the Management Interface Aggregation?
MIAGG
MAGG
MEGG
MIEGG
82
Does Maestro support Active-Active dual sites?
None of above
Yes, with the limitation
No, currently unsupported
Yes, currently this feature is supported
83
Can Orchestrators be connected using Layer 2 Devices?
Yes, but they must be Q-in-Q compliant
No, currently unsupported
None of above
Only on next Checkpoint version
84
For appliances in Maestro, what type of license deployment is allowed?
Mixed licensing
None of above
Central licensing
Local Licensing
85
How many management ports does a Maestro have for security groups?
2 Ports (MHO140) 4 Ports (MHO170)
4 Ports (MHO140) 4 Ports (MHO170)
6 Ports (MHO140) 4 Ports (MHO170)
4 Ports (MHO140) 2 Ports (MHO170)
86
How many devices can Maestro Accommodate?
10 Security Groups, 30 Appliances per Security Groups , 52 Appliances per System
8 Security Groups, 30 Appliances per Security Groups , 51 Appliances per System
6 Security Groups, 28 Appliances per Security Groups , 50 Appliances per System
8 Security Groups, 31 Appliances per Security Groups , 52 Appliances per System
87
What is the Central device of a Maestro Deployment?
Security Groups
Downlinks Cables and Uplinks Cables
Hyperscale Orchestrator
Single Management Object
88
What protocol the Gateways use to communicate with Maestro Orchestrators?
LLDP
OSPF
orch_info
BGP
89
Where do Appliances pull configuration from?
None of above
Local
Management Server
MHO and SMO
90
Which Member of a Security group becomes the SMO
The one with the highest SGM ID
The one defined by SMO
The one defined by configuration Management
The one with the lowest SGM ID
