1
What command will be used for updating fwkern.conf file on all Appliances within Security Group?
vi
g_all update_conf_file
g_update_kernel
g_update_conf_file
2
Splitter cannot be used _________________________
To connect single port on Orchestrator to multiple port on external switch
To connect single port on Appliance to multiple ports on the Orchestrator
To connect single port on Orchestrator to multiple Appliances
To Connect single port on Orchestrator to the same Appliance
3
How many power supplies are presented on MHO-140?
2
4
1
1 with option for 2
4
What is the maximum amount of Appliances within Security group in Dual-Site configuration?
41
15
16
28
5
What can be learned from output of sx_api_ports_dump.py command?
Information about backplane bonds
Information about Security Groups
Information about downlink port only
Orchestrator port status
6
In order to set Site (chassis) priority per VS, following command should be used:
From VS0 context: set chassis-availability vs <vsid> chassis_priority
From given VS context: set chassis high-availability vs chassis_priority
From given VS0 context: set chassis high-availability vs chassis_priority
From any VS context: set chassis high-availability vs <vsid> chassis_priority
7
Complete the sentence: Orchestrator work as.......
Hot-Swap RAID
Active-Standby cluster
Load Sharing cluster
Active-Active cluster
8
What type of cluster can a Security Group can be compared to?
Active/Backup
Active/Standby
Load Sharing Active/Active
VSLS
9
What is the default range of physical ports for downlinks on Orchestrator MHO-170?
17-31
3-16
1-16
25-32
10
There are two appliances within the same Security Group. One of them is connected by One downlink only, another one by Two downlinks. Assuming there's no NAT and no VPN, what would be proportion of traffic distribution done by Orchestrator?
66% / 33%
50% / 50%
100% / 0%
33% /66%
11
What kinds of transceivers are supported on Orchestrator MHO-140?
SFP, SFP+, QSFP, QSFP28
SFP, QSFP, QSFP28
SFP, SFP+, SFP28
SFP+, SFP28, QSFP
12
What is a Security Group?
Group of security gateways
Group of security administrators
Group of appliances with enable NGTX software blades
Logical group of computer and network resources
13
What is the maximum amount of Appliances within the same Security Group?
8
31
16
52
14
There is a Security group of 10 Appliances and all of them are up and running. How many Appliances within a Security Group keep the same connection in its connection table in case of NAT?
Between 2 and 4
3
all 10
2
15
What is the minimal amount of cables needed in order to connect an Appliance to an Orchestrator?
One Downlink cable only
Three cables: uplink, downlink, SYNC
Two cables: one uplink and one downlink
Four cables: uplink, downlink, SYNC and Management
16
What is the purpose of g_tcpdump command?
Collects traffic dump from Sync network
Collects traffic dump from CIN network
The same as tcpdump, just on Scalable Platform
Collects traffic dump from all Active Appliances within Security Group
17
What is the basic installation sequence of the Orchestrator in case of single Orchestrator? 1. Create a Security Group 2. Configure Default Gateway 3. Connect with Serial Console cable to the Orchestrator 4. Configure IP for one its Management interfaces 5. Connect an appliance to a downlink port 6. Change Orchestrator amount to 1 7. Browse to the Orchestrator's WebUI
3-4-2-6-5-7-1
3-1-7-2-4-6-5
1-4-2-5-7-3-6
7-4-2-5-3-1-6
18
18- What is the correct flow of Appliance connection tables updates? 1. Orchestrator send a packet to the Active Appliance 2. Active Appliance sends a connection information to the Backup Appliance using the Sync network 3. Active Appliance calculates wich Appliance will be Backup 4. Orchestrator calculates which ports is Active Appliance is connected to 5. Both Active and Backup Appliances are updating connection tables 6. Orchestrator gets the packet the from uplink interface
6-4-3-5-2-1
6-4-1-3-2-5
4-1-3-6-5-2
4-6-3-1-2-5
19
What is the default range of physical ports for downlinks on Orchestrator MHO-140?
27-47
1-25
25-47
1-48
20
What is the default IP range of CIN network (with no increment)?
192.0.2.0
The same as Management network
192.168.1.0
198.51.100.0
21
What cannot be learned from the output of lldpctl?
Appliance Model
Serial number of Appliance
Orchestrator's IP
Distribution mode
22
What is the default Distribution mode?
Network
Manual-General
User
Auto-topology
23
What is the default IP range of External Sync (Site Sync) network?
192.168.1.0
192.0.2.0
203.0.113.0
198.51.100.0
24
What does the lldpctl command do?
Show all devices discovered by LLDP protocol on all ports
Show all devices discovered by LLDP protocol on uplink ports
Discover orchestrators
Show all devices discovered by LLDP protocol on downlink ports
25
What is the distribution mode?
Distribution mode means selected algorithm for traffic distribution in between Appliances
Distribution mode means selected algorithm for traffic distribution in between Orchestrators
Distribution mode is how the Orchestrator distributes traffic in between Security Groups
Distribution mode is the same as QSFP mode
26
What cannot be learned from the output of asg monitor command?
Port Status
Uptime
Appliances cluster status
Security Policy status
27
What kinds of transceivers are supported on Orchestrator MHO-170?
SFP+, SFP28, QSFP
SFP, SFP+, SFP28
QSFP, QSFP28
SFP, QSFP, QSFP28
28
What does asg monitor command do?
Show real-time cluster status of Appliances in the Security Group
Monitor traffic on Appliances in Security Group
This command does not exist
Monitor health status of entire system
29
How many Orchestrators may Dual-Site include?
2
2 or 4
Only 4
1
30
What is the command 'asg diag' used for?
Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro
Asg diag is used for system backup
Asg diag is used for creating traffic flow diagrams
Asg diag is used for system diagnostics
31
Which file on Appliance includes information about Security Group?
/etc/sgdb.json
/etc/chassisdb.json
/etc/distutil.json
/etc/smodb.json
32
Where should sx_api_ports_dump.py command be ran?
Orchestrator
SMO Appliance
Management Server
Security Group
33
What does the command 'g_all' do?
It's followed by other command and execute it on all active Appliances within Security Group
It's followed by other command and execute it on all Appliances connected to Orchestrator
Switches all Appliances to Global mode
Bring up all Appliances
34
What cannot be a reason for "Failed to get remote orchestrator interfaces" error message, when clicking on "Orchestrator" in WebUI
No Sync between Orchestrators
One Orchestrator only, but Orchestrator amount is 2 or no Sync in between Orchestrators
Remote Orchestrator has no empty interfaces
Single Orchestrator environment, but configured Orchestrator amount is 2
35
In case of Correction, where is information about Owner stored?
In Connection table of Target Appliances
In Correction table of Target Appliance
In Correction tables of all Appliances participating in Correction Layer flow
In Connection tables of all Appliances participating in Correction Layer flow
36
What is the max amount of Orchestrators in Dual-site setup?
4
2 per Security Group
2
4 per Security Group
37
What cannot be a reason for DETACHED status of Appliance when running asg monitor command?
Appliance installed with R80.20
There's an issue with Downlink cable
Appliance reboots
Appliance is a member of Security Group, but currently disconnected
38
One single Appliance supports 1M concurrent connections. How many concurrent connections will support Security Group of 2 Appliances?
1M
4M
500K
2M
39
Orchestrator should be defined in SmartConsole as:
Check Point host
Security Gateway
Orchestrator is not defined in SmartConsole
Host
40
Which command will be used in order to restart Orchestrator service only?
reboot
cpstop; cpstart
service orchestrator restart
orchd restart
41
There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?
Port 1 in Slot 2 and Port 2 in Slot 1
Port1 in Slot 1 and Port 2 in Slot1
Any pair of available ports
Port 1in Slot 1 and Port 1 in Slot 2
42
On MHO-170 - In default configuration, what are GAIA names of Security Group Management ports?
eth1-Mgmt1 and eth1-Mgmt3
eth1-Mgmt3 and eth1-Mgmt4
eth1-Mgmt1 and eth1-Mgmt2
eth1-Mgmt1 and eth2-Mgmt1
43
When running asg perf -v in a Dual-Site environment, we can see only Appliances from one of the sites. That means we're working in:
Active / Standby HA mode
VSLS mode
Active / Active
This is not Dual-Site, in Dual-Site we always see Appliances from both sites
44
What is the default IP range of Sync network (with no increment)?
The same as Management network
192.168.1.0
198.51.100.0
192.0.2.0
45
What kind of object should the administrator create for Security Group?
Always Cluster object
Cluster in case of Security GW and VSX cluster in case of VSX
Single GW in case of Security GW and Single VSX GW in case of VSX
Always Single GW
46
What kind of cluster Dual-Site can be compared to?
Active-Standby only
Active-Active
VSLS only
Active-Standby or VSLS
47
What is the minimal requirement for a Security Group?
2 Appliances and 2 ports
None, it may be empty
1 Appliance and 1 management Port
1 Appliance and 1 administrator with multi-Domain admin permissions
48
What is the throughput penalty of Security Group?
1% per member
5% per member
Depends on the type of Appliance
10% per Security Group with no relation to amount of members
49
What is the difference between Dual-Site and Multi-Room?
Multi-Room is a kind of Dual-Site deployment within the same building
This is the same
Multi-Room is a Single-Site deployment where all Appliances are connected to both Orchestrators
Multi-Room is Active / Standby and Dual-Site is Active /Active
50
What is the Orchestrator?
Network Switch
None of above
Manager of computer and network resources, load balancer and network switch
Load Balancer
51
What cannot be learned from the output of asg perf -v -p command?
Average CPU usage on Orchestrators
Per-path distribution
Average CPU usage on Appliances
Real-time throughput
52
What is the purpose of Management ports located on the Rear Panel of the Orchestrator MHO-140?
Reserved for internal purposes. Not in use
Additional ports used as uplinks
1Gbps connectivity for Security Groups
Out-of-band interfaces for access to Orchestrator itself
53
What is the purpose of RJ-45 connectors located at the front panel of Orchestrator MHO-170?
Reserved for internal purposes. Not in use
Two Out-of-band interfaces for access to Orchestrator itself
1Gbps connectivity for Security Groups
Out-of-band interface for access to Orchestrator itself and Serial Console connector
54
What is a downlink interface used for?
To connect appliances to Orchestrators
To connect in between Orchestrators
To connect appliances to customer's infrastructure
To connect Orchestrators to customer's infrastructure
55
How many power supplies are presented on MHO-170?
1
2
1 with option for 2
4
56
What is an uplink interface used for?
To connect in between Orchestrators
To connect appliances to customer's infrastructure
To connect in between Orchestrators
To connect Orchestrators to customer's infrastructure
57
For a VSX configuration - Which statement is wrong?
Each Appliance owns different Virtual Systems
All Virtual Systems exist on the SMO
All Virtual Systems exist on all Appliances
VSX configuration is the same on all Appliances within the same Security Group
58
Is it possible to define distribution mode per interface?
Yes, only for downlink interfaces
No, only for the Security Group
Yes, only for uplink interfaces
Yes for both uplink and downlink interfaces
59
What is the Sync network on Appliances used for?
To transfer configuration files from Orchestrators to Appliances
May be used for any purpose, but synchronization always have priority
To synchronize configurations and connections in between connection tables of different Appliances
To transfer data in case of full utilization of the downlink interfaces
60
What is a valid requirement for a supported Maestro Appliance?
Nothing special as Maestro supports any Check Point appliance
Line card with double-VLAN and LLDP support
at least one 10 Gbps line card
10Gbps and 40 Gbps or 100Gbps card with double-VLAN and LLDP support
61
Complete the sentence: When using a Break-out cable ...
All tails of the break-out cable must represent the same type of ports
All tails of the break-out cable must represent uplinks
All tails of the break-out cable must represent downlinks
Each tail of the break-out cable represent an independent port
62
What will happen in case of NAT of the traffic passing through Management network?
Orchestrator will disable NAT and traffic will pass with no issue
This traffic will pass with no inspection
This traffic will not pass correction, since it will be dropped
Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
63
There's a 23800 appliance with quad NIC in slot 5. What would be the name of port 3 on this NIC?
ethsBP5-03
ethBP3-05
ethsBP3-05
ethsBP-05
64
There are two 10Gbps dual-port NIC and one 40Gbps NIC installed on a 23800 Appliance in slot 1, 2 and 3 accordingly. Which interfaces should be connected to Orchestrator 1 for downlinks1 intra-orchestrator redundancy when using two Orchestrators?
This configuration in not supported
Port 1 in Slot 1 and Port 2 in Slot 1
Any pair of available ports
Port 1 in Slot 2 and Port 2 in Slot 1
65
In case of VSX: What is the right command to see overall performance details of all Appliances within the Security Group and all Virtual Systems?
asg perf -vs enabled -p
asg perf -vs all -v -vv
asg perf -v -p
asg perf -v
66
What is the Iterator process?
Iterator is the process that follow Appliance recovery and simulates what was a distribution if recovered Appliance was alive
Iterator is the process that simulates distribution in case of Appliance failure
Iterator is the process that runs on the Orchestrator and calculates a distribution in case of Appliance failure
Iterator is the process that runs on the Orchestrator and calculates a distribution in case of Appliance recovery
67
When running ifconfig command on an Appliance, there are interfaces shown in the list: eth1-Sync and eth2-Sync. What is the purpose of these interfaces?
These interfaces can be used as backup for Sync interface
These interfaces are not in use. Security GW module use Sync interface for synchronization
These interfaces are bond members (slaves) of Sync Bond
These interfaces represent physical Sync interface at the front panel of appliance
68
Which licenses should be issued for the Orchestrator?
No licenses are required for Orchestrator
The Orchestrator is considered a Management server, hence it's licensed the same way
The Orchestrator requires NGTX license
Depends on Software Blades enabled on connected appliances
69
Which setting is required in order to connect an appliance with 40Gbps downlink interface and DAC to the Orchestrator MHO-140?
On Appliance: Change a port speed to 10Gbps
No change required
On Orchestrator: Change QSFP mode from 100Gbps to 40Gbps
On Orchestrator: Change port type from uplink to downlink
70
Complete the sentence: Orchestrators works as...
Active-Active cluster
Hot-Swap RAID
Active-Standby cluster
Load Sharing cluster
71
Which type of port on the Orchestrator is used to connect to customer's Mail Server network?
Console ports
Downlink ports
Uplink ports
Management Ports
72
What command should be used for collecting diagnostic information about the orchestrator?
orch_info
asg perf -v
cpview
cpinfo
73
What is the default command line for Maestro?
gbash
gclish
bash
clish
74
Whats is Acronym of the SGM?
Security Gateway Module
System Gateway Module
Security Gateway Midia
Software Gateway Module
75
How is Asymmetric traffic dealt with in Maestro?
Connection table mechanism
Connection layer mechanism
Correction table mechanism
Correction layer mechanism
76
How are SGMs connected to Maestro HyperScale Orchestrator?
Data Attached Cables
Direct Attached Cables
Data Action Connection
Different Attached Cables
77
What is the name Cluster Syncronization mechanism that controls High Availability Maestro??
ClusterXL
ClusterSync
Hiper Sync
HyperSync
78
What is the speed of the port to port latency for Two MHOs connected together?
5 miliseconds
300 nanoseconds
1 nanosecond
10 Seconds
79
What port is used for Sync on a MHO-140
Port 35
Port 56
Port 4
Port 48
80
What Sync Port is used on a MHO-170
Port 32
Port 30
Port 2
Port 25
81
Whats is the name of the Management Interface Aggregation?
MAGG
MEGG
MIAGG
MIEGG
82
Does Maestro support Active-Active dual sites?
Yes, currently this feature is supported
No, currently unsupported
Yes, with the limitation
None of above
83
Can Orchestrators be connected using Layer 2 Devices?
Only on next Checkpoint version
No, currently unsupported
None of above
Yes, but they must be Q-in-Q compliant
84
For appliances in Maestro, what type of license deployment is allowed?
Central licensing
Mixed licensing
None of above
Local Licensing
85
How many management ports does a Maestro have for security groups?
4 Ports (MHO140) 2 Ports (MHO170)
2 Ports (MHO140) 4 Ports (MHO170)
4 Ports (MHO140) 4 Ports (MHO170)
6 Ports (MHO140) 4 Ports (MHO170)
86
How many devices can Maestro Accommodate?
8 Security Groups, 30 Appliances per Security Groups , 51 Appliances per System
10 Security Groups, 30 Appliances per Security Groups , 52 Appliances per System
6 Security Groups, 28 Appliances per Security Groups , 50 Appliances per System
8 Security Groups, 31 Appliances per Security Groups , 52 Appliances per System
87
What is the Central device of a Maestro Deployment?
Downlinks Cables and Uplinks Cables
Single Management Object
Hyperscale Orchestrator
Security Groups
88
What protocol the Gateways use to communicate with Maestro Orchestrators?
BGP
orch_info
OSPF
LLDP
89
Where do Appliances pull configuration from?
None of above
MHO and SMO
Management Server
Local
90
Which Member of a Security group becomes the SMO
The one with the lowest SGM ID
The one defined by configuration Management
The one defined by SMO
The one with the highest SGM ID