• Home
  • Articles
  • Get 2026 Free CheckPoint 156-836 Exam Practice Materials Collection [Q36-Q55]

Get 2026 Free CheckPoint 156-836 Exam Practice Materials Collection [Q36-Q55]

Share

Get 2026 Free CheckPoint 156-836 Exam Practice Materials Collection

Get Latest and 100% Accurate 156-836 Exam Questions

NEW QUESTION # 36
HealthCheck Point _____

  • A. is a self-updatable suite of tools for MHOs with the capability to assess the health of the system and provide a timeline of critical and informative events that might have occurred in a production system.
  • B. can be used to let you visualize the Firewall topology for the SG and view live statistics, which includes throughput, problem notes, and CPU utilization.
  • C. is a self-updatable suite of tools for SGMs with the capability to assess the health of the system, visualize the Firewall topology, provide a timeline of critical and informative events that might have occurred in a production system.
  • D. performs a system health check and is meant to replace both a CPInfo and the health check script.

Answer: C

Explanation:
HealthCheck Point (HCP) is a tool that can perform various tests and checks on the system components of the Security Group Modules (SGMs), such as hardware, software, network, clock, ARP, and more. It can also display the performance statistics of the SGMs, such as throughput, packet rate, CPU utilization, memory usage, and more. Additionally, HCP can provide a graphical representation of the Firewall topology for the Security Group, showing the connections and statuses of the SGMs and the Orchestrators. Furthermore, HCP can generate a report of the critical and informative events that occurred on the system, such as configuration changes, errors, warnings, and alerts. HCP can help identify and troubleshoot any issues or errors that may affect the system functionality or performance.
References =
*HealthCheck Point (HCP) Release Updates - Check Point Software 1
*Professional Services Healthcheck - Check Point Software 2
*HealthCheck Point - Check Point CheckMates 3


NEW QUESTION # 37
There are two appliances within the same Security Group. One of them is connected by One downlink only, another one by Two downlinks. Assuming there's no NAT and no VPN, what would be proportion of traffic distribution done by Orchestrator?

  • A. 100%/0%
  • B. 50%/50%
  • C. 66%/33%
  • D. 33%/66%

Answer: D


NEW QUESTION # 38
Which licenses should be issued for the Orchestrator?

  • A. The Orchestrator is considered a Management server, hence it's licensed the same way
  • B. The Orchestrator requires NGTX license
  • C. Depends on Software Blades enabled on connected appliances
  • D. No licenses are required for Orchestrator

Answer: D

Explanation:
Explanation
Orchestrators in many network environments do not require separate licenses, as they primarily function to manage and distribute network traffic.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 1: Introduction to Check Point Maestro, Lesson 1.2: Maestro Licensing, page 1-8
*Check Point R81 Maestro Administration Guide, Chapter 1: Introduction to Check Point Maestro, Section:
Maestro Licensing, page 1-6
*Activation of a Quantum Maestro Orchestrator - Check Point Software


NEW QUESTION # 39
What type of cluster can a Security Group can be compared to?

  • A. Load Sharing Active / Active
  • B. VSLS
  • C. Active / Standby
  • D. Active / Backup

Answer: A

Explanation:
A Security Group can be compared to a Load Sharing Active / Active cluster because it consists of multiple Security Group Members that share the traffic load and provide high availability and scalability. Each Security Group Member is an active firewall that processes traffic according to the Security Group policy and synchronizes its state with other members. The Maestro Orchestrator acts as a load balancer that distributes the traffic among the Security Group Members based on their capacity and availability.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.1: Introduction to Security Groups, page 2-4
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Security Group Overview, page 2-3


NEW QUESTION # 40
What happens if you apply a hotfix using gClish?

  • A. If you apply a hotfix using gclish, it causes an outage for the entire SG as all members reboot at roughly the same time.
  • B. If you apply a hotfix using gclish, the operation will fail because an outage would occur.
  • C. Logical groups "A" and "B" are created. Members of group "A" install and reboot first. Then members of group "B" does the same once reboots have finished with group "A."
  • D. If you apply a hotfix using gclish, each SG members installs the hotfix and reboots after waiting it's turn to do so.

Answer: C

Explanation:
Explanation
This is the correct answer because it describes the hotfix installation process using gClish on a Maestro Security Group. gClish is the global Clish that allows users to run commands on all UP SG members of the current Security Group at once. When a hotfix is applied using gClish, the SG members are divided into two logical groups: "A" and "B". The members of group "A" install the hotfix and reboot first, while the members of group "B" wait for their turn. After all the members of group "A" are back online, the members of group
"B" install the hotfix and reboot.This way, the SG maintains high availability and does not cause an outage.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-11
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-9
*Global Expert Mode Commands - Check Point CheckMates


NEW QUESTION # 41
While looking at your system's correction statistics, you notice you have a correction rate approaching 100 percent. Is this a problem?

  • A. If correction rates are higher than 80 percent, latency is expected.
  • B. A correction rate above 90 percent indicates a need to disable Layer 4 Distribution.
  • C. In some scenarios, a correction rate approaching 100 percent of all connections is not unusual. This is not usually a cause for concern as the correction mechanism is fast and efficient.
  • D. A correction rate approaching 100 percent of all connections is unusual. This is a cause for concern because the SGMs may fail to process traffic.

Answer: C

Explanation:
The correction rate is the percentage of connections that require correction by the correction layer, which is a mechanism that ensures that the traffic is processed by the correct SGM in the Security Group. The correction rate depends on the distribution mode (Layer 3 or Layer 4) and the traffic pattern. In some scenarios, such as when the traffic is asymmetric or when the distribution mode is Layer 4, the correction rate can approach 100 percent of all connections. This is not a problem, as the correction layer is designed to handle such situations without affecting the performance or availability of the Security Group1.
References = Maestro Expert (CCME) Course - Check Point Software, page 16.


NEW QUESTION # 42
Maestro allows running commands globally in Expert mode by using global prefixes, such as:

  • A. global
  • B. g_all
  • C. all
  • D. asg all

Answer: B

Explanation:
The g_all prefix is used to run commands globally in Expert mode on all Security Group Members of the current Security Group. For example, g_all cpstop will stop the Check Point services on all SGMs. The other prefixes are not valid for global commands in Expert mode.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-11
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-9
*Global Expert Mode Commands - Check Point CheckMates


NEW QUESTION # 43
Multiple SGs can exist in a Dual Site environment. Each SG can be configured in one of three ways. Which is not one of those ways?

  • A. Two MHOs at same site connected to remote site MHOs via two different switches.
  • B. Two MHOs at same site connected to remote site MHOs via single switch.
  • C. Direct connectivity between Remote Site MHOs.
  • D. Two MHOs connected to two MHOs via load balancers.

Answer: D

Explanation:
Explanation
This is not one of the ways to configure a Security Group in a Dual Site environment, because load balancers are not required or supported for the inter-site communication between the Maestro Orchestrators (MHOs).
The MHOs use the Site-Sync port and VLANs to synchronize the resources and connections across the sites.
The three valid scenarios for Dual Site configuration are:
*Direct connectivity between remote site Orchestrators: This scenario requires two orchestrators, one for each site, and a direct connection between them using the site-sync port.
*Two orchestrators on the same site are connected to the remote site orchestrators through two different switches: This scenario requires four orchestrators, two for each site, and a connection between them using the site-sync port and two external switches that support QinQ and MTU increment.
*Two orchestrators on the same site are connected to the remote site orchestrators through one switch: This scenario also requires four orchestrators, two for each site, and a connection between them using the site-sync port and one external switch that support QinQ and MTU increment.
References =
*Maestro Dual Site configuration with a direct connection through L2 switches
*[Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)]
*[Maestro Frequently Asked Questions (FAQ)]


NEW QUESTION # 44
What is the max amount of Orchestrators in Dual-site setup?

  • A. 0
  • B. 2 per Security Group
  • C. 4 per Security Group
  • D. 1

Answer: C

Explanation:
Explanation
A Dual Site setup can have either two or four orchestrators, depending on the scenario. However, the maximum number of orchestrators per Security Group is four, regardless of the number of sites. This is because each Security Group can have up to two orchestrators on each site, and each site can have up to two orchestrators. Therefore, the maximum number of orchestrators in a Dual Site setup is four per Security Group.
References =
*Maestro Frequently Asked Questions (FAQ)
*Maestro Dual Site configuration with a direct connection through L2 switches
*Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)


NEW QUESTION # 45
What is the default Distribution mode?

  • A. Network
  • B. Manual-General
  • C. User
  • D. Auto-topology

Answer: D

Explanation:
Explanation
Auto-topology is the default distribution mode for Maestro Security Groups. In this mode, the Orchestrator assigns packets to a Security Group Member based on the topology of the port defined in the gateway object.
Each port is either in user mode or network mode depending on the topology. User mode means that the port is connected to the internal network and network mode means that the port is connected to the external network.
The Orchestrator uses a hash function to map each source IP or destination IP to a specific SGM, depending on the mode of the port. This mode ensures that all packets with the same source IP or destination IP are processed by the same SGM, regardless of the port or protocol.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-18
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7
*Lari Luoma | Lead Consultant | Maestro SME | Check Point Evangelist1, slide 16


NEW QUESTION # 46
What can be learned from the output of sx_api_ports_dump.py command?

  • A. Information about backplane bonds
  • B. Orchestrator port status
  • C. Information about Security Groups
  • D. Information about downlink ports only

Answer: A

Explanation:
Explanation
References
*R81.20 Maestro Cheat Sheet version 7 - Check Point CheckMates, page 2
*[Maestro Expert (CCME) Course - Check Point Software], page 31
*[Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge], page 3


NEW QUESTION # 47
What cannot be a reason for "Failed to get remote orchestrator interfaces" error message, when clicking on
"Orchestrator" in WebUI

  • A. No Sync between orchestrators
  • B. Remote orchestrator has no empty interfaces
  • C. Single orchestrator environment, but configured Orchestrator amount is 2
  • D. One orchestrator only, but Orchestrator amount is 2 or no Sync in between orchestrators

Answer: B

Explanation:
One of the possible reasons for the "Failed to get remote orchestrator interfaces" error message, when clicking on "Orchestrator" in WebUI, is that the remote orchestrator has no empty interfaces that can be assigned to a security group. This can happen if all the interfaces on the remote orchestrator are already part of configured security groups, or if the remote orchestrator has no physical interfaces at all. In this case, the WebUI cannot display the unassigned interfaces of the remote orchestrator, and shows the error message.
References
*Not able to see unassigned interfaces on checkpoint Orchestrator
*Maestro 140 not detecting Interfaces
*Maestro Expert (CCME) Course - Check Point Software, page


NEW QUESTION # 48
HealthCheck Point _____

  • A. is a self-updatable suite of tools for MHOs with the capability to assess the health of the system and provide a timeline of critical and informative events that might have occurred in a production system.
  • B. can be used to let you visualize the Firewall topology for the SG and view live statistics, which includes throughput, problem notes, and CPU utilization.
  • C. is a self-updatable suite of tools for SGMs with the capability to assess the health of the system, visualize the Firewall topology, provide a timeline of critical and informative events that might have occurred in a production system.
  • D. performs a system health check and is meant to replace both a CPInfo and the health check script.

Answer: C

Explanation:
HealthCheck Point (HCP) is a tool that can perform various tests and checks on the system components of the Security Group Modules (SGMs), such as hardware, software, network, clock, ARP, and more. It can also display the performance statistics of the SGMs, such as throughput, packet rate, CPU utilization, memory usage, and more. Additionally, HCP can provide a graphical representation of the Firewall topology for the Security Group, showing the connections and statuses of the SGMs and the Orchestrators. Furthermore, HCP can generate a report of the critical and informative events that occurred on the system, such as configuration changes, errors, warnings, and alerts. HCP can help identify and troubleshoot any issues or errors that may affect the system functionality or performance.
References =
*HealthCheck Point (HCP) Release Updates - Check Point Software 1
*Professional Services Healthcheck - Check Point Software 2
*HealthCheck Point - Check Point CheckMates 3


NEW QUESTION # 49
What is the purpose of g_tcpdump command?

  • A. Collects traffic dump from CIN network
  • B. Collects traffic dump from all Active Appliances within Security Group
  • C. Collects traffic dump from Sync network
  • D. The same as tcpdump, just on Scalable Platform

Answer: B

Explanation:
_tcpdump" probably collects traffic dumps from all active appliances within a security group, aligning with the naming convention and function of similar commands in scalable platforms.
References
*Maestro Expert (CCME) Course - Check Point Software, page 331
*What is 'IN' and 'OUT' of g_tcpdump? - Check Point CheckMates2
*CHECK POINT MAESTRO EXPERT, page 23


NEW QUESTION # 50
While looking at your system's correction statistics, you notice you have a correction rate approaching 100 percent. Is this a problem?

  • A. A correction rate approaching 100 percent of all connections is unusual. This is a cause for concern because the SGMs may fail to process traffic.
  • B. If correction rates are higher than 80 percent, latency is expected.
  • C. A correction rate above 90 percent indicates a need to disable Layer 4 Distribution.
  • D. In some scenarios, a correction rate approaching 100 percent of all connections is not unusual. This is not usually a cause for concern as the correction mechanism is fast and efficient.

Answer: A

Explanation:
Explanation
References =
*Check Point Maestro R81.X Administration Guide, page 64, section "Correction Layer" 1
*Check Point Maestro R81.X Getting Started Guide, page 26, section "Correction Layer" 2
*Check Point Maestro Under the Hood presentation by Lari Luoma, slide 23 3
*Check Point Maestro Frequently Asked Questions (FAQ), question 9 4
1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frame
3:
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/maestro/1191/1/Check%20Mates%20M
4:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=


NEW QUESTION # 51
What command will be used for updating fwkern.conf file on all Appliances within Security Group?

  • A. g_all update_conf_file
  • B. g_update_kernel
  • C. vi
  • D. g_update_conf_file

Answer: D


NEW QUESTION # 52
There are two 10Gbps dual-port NIC installed on a 6800 appliance. Which interfaces should be connected to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators?

  • A. Port 1 in Slot 1 and Port 1 in Slot 2
  • B. Port 1 in Slot 2 and Port 2 in Slot 1
  • C. Port 1 in Slot 1 and Port 2 in Slot 1
  • D. Any pair of available ports

Answer: A

Explanation:
The correct interfaces to connect to Orchestrator 1 for downlinks' intra-orchestrator redundancy when using two Orchestrators are Port 1 in Slot 1 and Port 1 in Slot 2. This is because each slot represents a different NIC, and each port represents a different physical link. By connecting two ports from different slots, the appliance can have redundant connections to the same orchestrator, and avoid a single point of failure in case of a NIC or link failure.
References
*Check Point 156-835 Certification Flashcards | Quizlet1
*Maestro Expert (CCME) Course - Check Point Software, page 182
*Maestro Technical Training, Module 2: Maestro Security Groups and the Single Management Object, slide
163


NEW QUESTION # 53
What will happen in case of NAT of the traffic passing through Management network?

  • A. This traffic will not pass correction, since it will be dropped
  • B. Orchestrator will disable NAT and traffic will pass with no issue
  • C. Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
  • D. This traffic will pass with no inspection

Answer: B

Explanation:
Explanation
According to the Check Point MAESTRO R80.20SP Administration Manual1, NAT is not supported on the management network. If you configure NAT on the management network, the Orchestrator will disable NAT and allow the traffic to pass without translation. This is to ensure that the management traffic can reach the Security Group members and the SmartConsole without any issues.
References
*Check Point MAESTRO R80.20SP Administration Manual, page 291


NEW QUESTION # 54
What is HealthCheck Point?

  • A. Is a self-updatable suite of tools for SGMs with the capability to assess the health of the system, visualize the Firewall topology, provide a timeline of critical and informative events that might have occurred in a production system.
  • B. Can be used to let you visualize the Firewall topology for the SG and view live statistics, which includes throughput, problem notes, and CPU utilization.
  • C. Performs a system health check and is meant to replace both a CPInfo and the health check script.
  • D. Is a self-updatable suite of tools for MHOs with the capability to assess the health of the system and provide a timeline of critical and informative events that might have occurred in a production system.

Answer: C

Explanation:
HealthCheck Point (HCP) is a tool designed to perform a comprehensive system health check for the Maestro environment. It is intended to replace both the CPInfo tool and traditional health check scripts by providing a streamlined way to assess the health of Maestro Orchestrators (MHOs) and Security Group Members (SGMs).
HCP evaluates system status, configuration, and potential issues, generating detailed reports for troubleshooting and maintenance.
Exact Extract:
"HealthCheck Point (HCP) performs a system health check and is meant to replace both a CPInfo and the health check script. It assesses the health of the Maestro environment, including MHOs and SGMs, by checking system status, configuration settings, and potential issues. HCP provides detailed reports to aid in troubleshooting and maintenance."
-Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using theCommand Line Interface and WebUI, Lesson 4.4: System Diagnostics, page 4-15
-Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: HealthCheck Point, page 4-12 Explanation of Options:
* A. Is a self-updatable suite of tools for MHOs...: Incorrect, as HCP is not limited to MHOs and does not focus on visualizing topology or event timelines. It is a general health check tool for the entire Maestro environment.
* B. Performs a system health check and is meant to replace both a CPInfo and the health check script:
Correct, as HCP's primary function is to perform system health checks, replacing CPInfo and health check scripts, as per the documentation.
* C. Can be used to let you visualize the Firewall topology...: Incorrect, as HCP does not provide visualization of firewall topology or live statistics like throughput and CPU utilization.
* D. Is a self-updatable suite of tools for SGMs...: Incorrect, as HCP is not exclusive to SGMs and does not include topology visualization or event timeline features.
References:
Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.4: System Diagnostics, page 4-15 Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: HealthCheck Point, page 4-12


NEW QUESTION # 55
......

Maximum Grades By Making ready With 156-836 Dumps: https://passcertification.preppdf.com/CheckPoint/156-836-prepaway-exam-dumps.html

Related Articles

more
CheckPoint 156-836 Certification Practice Exam