What cannot be learned from the output of lldpctl?
Correct Answer: C
Explanation The lldpctl command is a tool to display information about the devices discovered by the Link Layer Discovery Protocol (LLDP) on all ports of the Maestro Orchestrator and the Security Group Members. LLDP is a protocol that enables devices to exchange information about their identity, capabilities, and configuration. LLDP can help to discover the topology and connectivity of the Maestro environment. The output of lldpctl can show the serial number, appliance model, and orchestrator's IP of the connected devices, but it cannot show the distribution mode of the Security Group. The distribution mode is the algorithm that determines how the Maestro Orchestrator distributes the traffic among the Security Group Members. To view the distribution mode, other commands such as asg monitor or asg stat can be used. References *Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.2: LLDP, page 4-9 *Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: LLDP, page 3-9 *Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7 *Maestro basic setup documentation - Page 2 - Check Point CheckMates *Log and Configuration Files - Check Point Software
Question 17
During an upgrade, Is Multi-Version Clustering (MVC) supported?
Correct Answer: D
Explanation Multi-Version Clustering (MVC) is a feature that allows different versions of Security Gateways to operate in the same cluster and provide seamless failover and load balancing. MVC is supported for Maestro environments as of R81, which means that it is possible to upgrade the Security Groups in a Maestro environment as a Multi-Version Cluster with zero downtime. This requires that the Maestro Orchestrators are upgraded to R81.20 first, and then the Security Groups can be upgraded one by one to R81.20 while maintaining full connectivity and synchronization. References = *Check Point R81.20 for Scalable Platforms - Check Point Software *Maestro Dual Site configuration with a direct connection through L2 switches *CHECK POINT MAESTRO EXPERT
Question 18
There are two 10Gbps dual-port NICs and one 40Gbps NIC installed on a 23800 Appliance in slots 1, 2 and 3 accordingly. Which interfaces should be connected to Orchestrator 1 for downlinks' intra- orchestrator redundancy when using two Orchestrators?
Correct Answer: D
Explanation This configuration likely provides balanced and redundant connectivity for orchestrator redundancy. References *Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 3: Dual Orchestrator Environment, Lesson 3.1: Introduction to Dual Orchestrator Environment, page 3-7 *Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: Downlinks, page 3-8 *Check Point 23800 Appliance Datasheet - Check Point Software, page 2
Question 19
For the MHO-175, which ports are Management ports?
Correct Answer: B
Explanation According to the Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-175 document1, ports 1 - 4 are Management ports that are used to connect the MHO to the customer's management infrastructure, such as SmartConsole or SmartDomain Manager. Ports 5 - 26 are Uplink ports that are used to connect the MHO to the customer's network infrastructure, such as switches, routers, or firewalls. Ports 27 - 47 are Downlink ports that are used to connect the MHO to the Security Group Modules (SGMs) in the Security Group. Ports 49 - 55 are Backplane ports that are used to connect the MHO to another MHO in a Dual Orchestrator environment. References: *Maestro Expert (CCME) Course - Check Point Software, page 42 *Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline3 *Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-1751
Question 20
The core four manual diagnostic tools include: asg diag verify, asg perf -v, orch_stat -all, and
Correct Answer: D
Explanation "Asg stat -v" could be a part of the core diagnostic tools, providing valuable statistics and information for manual diagnostics. References = *Maestro Expert (CCME) Course - Check Point Software 3 *Check Point Maestro R81.X Administration Guide 1 *Check Point Maestro R81.X Getting Started Guide 2 3: https://www.checkpoint.com/downloads/training/ccme-maestro-expert-r81.10-course.pdf 1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frame
