Explanation The drop_monitor command is a tool that monitors and displays the packets that are dropped by the Check Point code or the Gaia OS on the orchestrator and the appliances. It can help troubleshoot network issues and optimize performance. The command shows the drop reason, source, destination, protocol, and port of the dropped packets, as well as the interface and the module that dropped them. References *R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates1 *Support, Support Requests, Training ... - Check Point Software2 *Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge
Question 32
A splitter cannot be used:
Correct Answer: A
In a Check Point Maestro environment, a splitter is used to divide a single high-speed port (e.g., QSFP or QSFP28) into multiple lower-speed ports (e.g., SFP or SFP+). However, a splitter cannot be used to connect a single port on an Orchestrator to the same Appliance, as this would not align with the purpose of a splitter, which is to expand connectivity to multiple devices or ports, not to loop back to a single device. Exact Extract: "A splitter is used to divide a single high-speed port on the Orchestrator (e.g., QSFP or QSFP28) into multiple lower-speed ports (e.g., SFP or SFP+). Splitters are typically used to connect a single Orchestrator port to multiple ports on an external switch or to multiple Appliances. However, a splitter cannot be used to connect a single Orchestrator port to the same Appliance, as this does not align with the splitter's purpose of expanding connectivity." -Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 3: Dual Orchestrator Environment, Lesson 3.2: Connectivity Options, page 3-10 -Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: Connectivity, page 3-10 Explanation of Options: * A. To connect a single port on an Orchestrator to the same Appliance: Correct, as a splitter is not designed for this purpose and cannot be used to connect an Orchestrator port to a single Appliance. * B. To connect a single port on an Orchestrator to multiple ports on an external switch: Incorrect, as this is a valid use case for a splitter. * C. To connect a single port on an Appliance to multiple ports on the Orchestrator: Incorrect, as splitters can be used in configurations where an Appliance connects to multipleOrchestrator ports. * D. To connect a single port on an Orchestrator to multiple Appliances: Incorrect, as this is another valid use case for a splitter. References: Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 3: Dual Orchestrator Environment, Lesson 3.2: Connectivity Options, page 3-10 Check Point R81 Maestro Administration Guide, Chapter 3: Working with Security Group Modules, Section: Connectivity, page 3-10
Question 33
In case of Correction, where is information about Owner stored?
Correct Answer: C
The Correction Layer is a mechanism that handles asymmetric connections in systems with several cluster members. It allows traffic flow to be handled by a single cluster member, even if the flow is asymmetric1 The Correction Layer works as follows: *When a packet arrives at a cluster member, it checks if it is the owner of the connection. If yes, it processes the packet normally. If not, it checks the Correction table to find the owner of the connection. *If the owner is found in the Correction table, the packet is forwarded to the owner with a Correction Layer header. The owner then processes the packet and removes the Correction Layer header before sending it to the destination. *If the owner is not found in the Correction table, the packet is forwarded to the Maestro Orchestrator (MHO) with a Correction Layer header. The MHO then checks its own Correction table to find the owner of the connection. If the owner is found, the MHO forwards the packet to the owner with a Correction Layer header. If the owner is not found, the MHO drops the packet and sends an ICMP error message to the source. *The Correction tables are updated by the MHO whenever a new connection is established or an existing connection is terminated. The MHO sends Correction Layer messages to all cluster members to inform them about the owner of each connection2
Question 34
What is HealthCheck Point?
Correct Answer: B
HealthCheck Point (HCP) is a tool designed to perform a comprehensive system health check for the Maestro environment. It is intended to replace both the CPInfo tool and traditional health check scripts by providing a streamlined way to assess the health of Maestro Orchestrators (MHOs) and Security Group Members (SGMs). HCP evaluates system status, configuration, and potential issues, generating detailed reports for troubleshooting and maintenance. Exact Extract: "HealthCheck Point (HCP) performs a system health check and is meant to replace both a CPInfo and the health check script. It assesses the health of the Maestro environment, including MHOs and SGMs, by checking system status, configuration settings, and potential issues. HCP provides detailed reports to aid in troubleshooting and maintenance." -Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using theCommand Line Interface and WebUI, Lesson 4.4: System Diagnostics, page 4-15 -Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: HealthCheck Point, page 4-12 Explanation of Options: * A. Is a self-updatable suite of tools for MHOs...: Incorrect, as HCP is not limited to MHOs and does not focus on visualizing topology or event timelines. It is a general health check tool for the entire Maestro environment. * B. Performs a system health check and is meant to replace both a CPInfo and the health check script: Correct, as HCP's primary function is to perform system health checks, replacing CPInfo and health check scripts, as per the documentation. * C. Can be used to let you visualize the Firewall topology...: Incorrect, as HCP does not provide visualization of firewall topology or live statistics like throughput and CPU utilization. * D. Is a self-updatable suite of tools for SGMs...: Incorrect, as HCP is not exclusive to SGMs and does not include topology visualization or event timeline features. References: Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.4: System Diagnostics, page 4-15 Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: HealthCheck Point, page 4-12
Question 35
Which blade configuration files should be backed up on the SG if upgrading from R80.30SP or earlier?
Correct Answer: A
Explanation References *Maestro R80.30SP Jumbo Hotfix Accumulator, Section: Important Notes *Check Point Maestro R80.30SP with Gaia 3.10, Section: Known Limitations *Check Point SNMP MIB files, Section: Revision History
