100%無料CCME 156-836問題集PDFお試しサンプル認定ガイドカバー率 [Q20-Q38]

100%無料CCME 156-836問題集PDFお試しサンプル認定ガイドカバー率

PDF試験材料2026年最新の実際に出る156-836問題集

CCME 試験は、Check Point Maestro ソリューションを設計、構成、展開、およびトラブルシューティングする能力を試験するものです。Maestro アーキテクチャと展開、ネットワーク管理とトラブルシューティング、高度なセキュリティ機能、自動化とオーケストレーションなど、幅広いトピックをカバーしています。この試験は、90 個の多肢選択問題からなり、90 分以内に完了する必要があります。試験に合格するには、候補者は少なくとも 70% のスコアを取得する必要があります。CCME 認定は 2 年間有効であり、更新試験に合格するか、継続教育クレジットを取得することで更新することができます。

質問 # 20
Common Layer 1 issues include

A. MAC addresses
B. Distribution
C. Loose or bad cables
D. Routing

正解：C

質問 # 21
Which licenses should be issued for the Orchestrator?

A. No licenses are required for Orchestrator
B. The Orchestrator is considered a Management server, hence it's licensed the same way
C. Depends on Software Blades enabled on connected appliances
D. The Orchestrator requires NGTX license

正解：A

解説：
Orchestrators in many network environments do not require separate licenses, as they primarily function to manage and distribute network traffic.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 1: Introduction to Check Point Maestro, Lesson 1.2: Maestro Licensing, page 1-8
*Check Point R81 Maestro Administration Guide, Chapter 1: Introduction to Check Point Maestro, Section:
Maestro Licensing, page 1-6
*Activation of a Quantum Maestro Orchestrator - Check Point Software

質問 # 22
Layer 4 distribution is enabled by default in Maestro. Which is not a scenario when you would want to leave this enabled?

A. When there is a large number of source ports in use by protocols such as HTTP, HTTPS, and DNS.
B. When dynamic routing protocols, such as BGP or OSPF are used.
C. When the SG is NATing a very high percentage of traffic passing through it.
D. When there is a heavy imbalance of traffic between the SGMs that are members of the same SG.

正解：B

解説：
Explanation
This is the correct answer because Layer 4 distribution is not recommended when dynamic routing protocols are used in Maestro. Layer 4 distribution is a feature that adds the source and/or destination ports to the distribution equation, which can improve the load balancing among the SGMs. However, it can also cause issues with the correction layer, which is a mechanism that ensures the packets are processed by the correct SGM. Dynamic routing protocols, such as BGP or OSPF, use specific ports to exchange routing information and establish neighbor relationships. If Layer 4 distribution is enabled, it can interfere with the routing protocol packets and cause routing instability or failures.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-20
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-8
*Layer 4 Distribution - Yes or No? - Check Point CheckMates
*Support, Support Requests, Training ... - Check Point Software

質問 # 23
In case of Correction, where is information about Owner stored?

A. In Correction tables of all Appliances participating in Correction Layer flow
B. In Correction table of Target Appliance
C. In Connection tables of all Appliances participating in Correction Layer flow
D. In Connection table of Target Appliances

正解：A

解説：
Explanation
The Correction Layer is a mechanism that handles asymmetric connections in systems with several cluster members. It allows traffic flow to be handled by a single cluster member, even if the flow is asymmetric1 The Correction Layer works as follows:
*When a packet arrives at a cluster member, it checks if it is the owner of the connection. If yes, it processes the packet normally. If not, it checks the Correction table to find the owner of the connection.
*If the owner is found in the Correction table, the packet is forwarded to the owner with a Correction Layer header. The owner then processes the packet and removes the Correction Layer header before sending it to the destination.
*If the owner is not found in the Correction table, the packet is forwarded to the Maestro Orchestrator (MHO) with a Correction Layer header. The MHO then checks its own Correction table to find the owner of the connection. If the owner is found, the MHO forwards the packet to the owner with a Correction Layer header.
If the owner is not found, the MHO drops the packet and sends an ICMP error message to the source.
*The Correction tables are updated by the MHO whenever a new connection is established or an existing connection is terminated. The MHO sends Correction Layer messages to all clustermembers to inform them about the owner of each connection2

質問 # 24
Which command should be used to restart Orchestrator service only?

A. service orchestrator restart
B. cpstop; cpstart
C. orchd restart
D. reboot

正解：C

解説：
Explanation
Page 313 from the training manual:
- Restart the service:
orchd restart
- Restart the service without confirmation
service orchd restart

質問 # 25
What is the Correction Layer?

A. Correction Layer is a daemon which corrects errors on Backplane interfaces
B. Correction Layer is a Layer of GAIA OS which corrects misspelled commands and allows them to execute
C. Correction Layer is a mechanism which handles asymmetric connections in multi-appliance system. For example, in case of NAT
D. Correction Layer is a mechanism which activated in case of asymmetric routing

正解：C

解説：
The Correction Layer is a Maestro component that ensures that packets from the same connection are handled by the same Security Group Module (SGM) in a multi-appliance system. This is especially important when NAT is involved, as packets sent from the client to the server can be distributed to a different SGM than packets from the same session sent from the server to the client. The Correction Layer must then forward the packet to the correct SGM.
References:
*NAT and the Correction Layer on a Security Gateway - Check Point Software1
*Solved: Maestro queries - Check Point CheckMates

質問 # 26
The ______________ command will allow users to update the specified file on all SGMs.

A. g_cat
B. g_update_conf_file
C. g_all"
D. sed

正解：B

解説：
The g_update_conf_file command is a global command that allows users to update the specified file on all Security Group Members of the current Security Group. The command takes the file name and the parameter- value pair as arguments and updates the file accordingly. For example, g_update_conf_file fwkern.conf fwha_enable_arp=1 will add or modify the fwha_enable_arp parameter in the fwkern.conf file on all SGMs.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-12
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-10
*Maestro Commands for Security Groups - Check Point CheckMates

質問 # 27
What is the command 'asg diag' used for?

A. Asg diag is used for creating traffic flow diagrams
B. Asg diag used for system diagnostics on Chassis only. It does not exist on Maestro
C. Asg diag is used for system diagnostics
D. Asg diag is used for system backup

正解：C

解説：
Explanation
The asg diag command is used for system diagnostics on both Maestro and Chassis systems. The asg diag command can perform various tests and checks on the system components, such as hardware, software, network, clock, ARP, and more. The asg diag command can help identify and troubleshoot any issues or errors that may affect the system functionality or performance.
References =
*Check Point Maestro R81.X Administration Guide, page 66, section "asg diag" 1
*Check Point Maestro R81.X Getting Started Guide, page 28, section "asg diag" 2
*Check Point Maestro Under the Hood presentation by Lari Luoma, slide 25
1: https://www.manualslib.com/manual/2031661/Check-Point-Maestro-R80-20sp.html 2:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_GettingStarted/html_frame
:
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/maestro/1191/1/Check%20Mates%20M

質問 # 28
To display processes that are consuming excessive system resources, users should use the_____ command.

A. asg stat -v
B. asg perf -v
C. asg_perf_hogs
D. top

正解：C

解説：
Explanation
The asg_perf_hogs command is a script that displays the processes that are consuming excessive system resources, such as CPU, memory, disk, and network, on the orchestrator and the appliances. It can help identify performance issues and bottlenecks in the Maestro environment.
References
*Software Provision and Performance hogs failed - Check Point CheckMates1
*CHECK POINT MAESTRO EXPERT, page 33

質問 # 29
What is the throughput penalty of Security Group?

A. 10% per Security Group with no relation to the number of members
B. 1% per member
C. 5% per member
D. Depends on the type of Appliance

正解：B

解説：
Check Point reduced throughput degradation to 1% per added SGMs. For example, the overall throughput degradation is 10% for 10 SGMs in a Security Group. Check Point aims to reduce this even further in the future. https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk147853

質問 # 30
What is one benefit of a Dual MHO environment?

A. Dual MHOs allow better synchronization to occur between SGMs.
B. Dual MHOs provide redundancy to the Maestro environment by increasing throughput by at least 50 percent.
C. Dual MHOs allow additional SGMs to be added to the SG.
D. Dual MHOs can be used to achieve increased scalability and redundancy.
.

正解：D

解説：
Explanation
One of the benefits of a Dual MHO environment is that it can provide both scalability and redundancy to the Maestro system. Scalability means that the system can handle more traffic and SGMs as the demand grows, and redundancy means that the system can survive the failure of one or more components without losing functionality or performance. Dual MHOs can achieve these benefits by distributing the load and the management tasks among two orchestrators, and by providing backup and failover mechanisms for each other.
References
*Maestro Expert (CCME) Course - Check Point Software, page 251
*CheckPoint Certified Maestro Expert (CCME) - Skillzcafe, page 22
*Check Point Certified Maestro Expert (CCME) R81.X, page 23

質問 # 31
What is the default Distribution mode?

A. Network
B. Auto-topology
C. Manual-General
D. User

正解：B

解説：
Explanation
Auto-topology is the default distribution mode for Maestro Security Groups. In this mode, the Orchestrator assigns packets to a Security Group Member based on the topology of the port defined in the gateway object.
Each port is either in user mode or network mode depending on the topology. User mode means that the port is connected to the internal network and network mode means that the port is connected to the external network.
The Orchestrator uses a hash function to map each source IP or destination IP to a specific SGM, depending on the mode of the port. This mode ensures that all packets with the same source IP or destination IP are processed by the same SGM, regardless of the port or protocol.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 2: Maestro Security Groups, Lesson 2.4: Traffic Flow, page 2-18
*Check Point R81 Maestro Administration Guide, Chapter 2: Maestro Security Groups, Section: Traffic Distribution, page 2-7
*Lari Luoma | Lead Consultant | Maestro SME | Check Point Evangelist1, slide 16

質問 # 32
What type of license is required for an MHO?

A. A license is needed for each attached SGM.
B. The MHO requires a VSX license.
C. The MHO requires a NGTP license.
D. The MHO does not require a license.

正解：D

解説：
The MHO (Maestro Hyperscale Orchestrator) does not require a license by itself, but each SGM (Security Group Module) that is attached to the MHO needs a license. The license type depends on the features and blades that are enabled on the SGM. For example, if the SGM is running VSX, it needs a VSX license.
References:
*Maestro Expert (CCME) Course - Check Point Software, page 71
*Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

質問 # 33
What is the difference between Dual-Site and Dual-Room?

A. Dual-Room is Active / Standby and Dual-Site is Active / Active
B. Dual-Room is a kind of Dual-Site deployment within the same building
C. They are the same
D. Dual-Room is a Single-Site deployment where all Appliances are connected to both orchestrators

正解：B

解説：
Explanation
References =
*[Maestro Frequently Asked Questions (FAQ)]
*Maestro Dual Site configuration with a direct connection through L2 switches
*Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)
*CHECK POINT MAESTRO EXPERT

質問 # 34
The __________
command can be used during an upgrade to verify that the upgraded SGMs have returned to UP status before upgrading other SGMs.

A. asg perf -v
B. cpview
C. watch asg stat -v
D. asg monitor

正解：C

質問 # 35
What is the purpose of Management ports located on the Rear Panel of the Orchestrator MHO-140?

A. Additional ports used as uplinks
B. Reserved for internal purposes. Not in use.
C. Out-of-band interfaces for access to Orchestrator itself
D. 1Gbps connectivity for Security Groups

正解：C

解説：
Explanation
The Management ports located on the Rear Panel of the Orchestrator MHO-140 are out-of-band interfaces that provide access to the Orchestrator itself for configuration and management purposes. They are not used for traffic distribution or connectivity to the Security Groups or the external networks. They are 1Gbps RJ-45 ports that can be connected to a switch or a router.
References
*Maestro Hyperscale Orchestrator Datasheet - Check Point Software1, page 2
*Quantum Maestro Getting Started Guide - Check Point CheckMates2, page 4

質問 # 36
What will happen in case of NAT of the traffic passing through Management network?

A. This traffic will pass with no inspection
B. This traffic will not pass correction, since it will be dropped
C. Since Management traffic is always going to SMO, it will take a care for Correction Layer and will re-distribute traffic to other Appliances
D. Orchestrator will disable NAT and traffic will pass with no issue

正解：D

解説：
Explanation
According to the Check Point MAESTRO R80.20SP Administration Manual1, NAT is not supported on the management network. If you configure NAT on the management network, the Orchestrator will disable NAT and allow the traffic to pass without translation. This is to ensure that the management traffic can reach the Security Group members and the SmartConsole without any issues.
References
*Check Point MAESTRO R80.20SP Administration Manual, page 291

質問 # 37
What happens if you apply a hotfix using gClish?

A. If you apply a hotfix using gclish, it causes an outage for the entire SG as all members reboot at roughly the same time.
B. If you apply a hotfix using gclish, each SG members installs the hotfix and reboots after waiting it's turn to do so.
C. If you apply a hotfix using gclish, the operation will fail because an outage would occur.
D. Logical groups "A" and "B" are created. Members of group "A" install and reboot first. Then members of group "B" does the same once reboots have finished with group "A."

正解：D

解説：
Explanation
This is the correct answer because it describes the hotfix installation process using gClish on a Maestro Security Group. gClish is the global Clish that allows users to run commands on all UP SG members of the current Security Group at once. When a hotfix is applied using gClish, the SG members are divided into two logical groups: "A" and "B". The members of group "A" install the hotfix and reboot first, while the members of group "B" wait for their turn. After all the members of group "A" are back online, the members of group
"B" install the hotfix and reboot.This way, the SG maintains high availability and does not cause an outage.
References
*Check Point Certified Maestro Expert (CCME) R81.X Courseware, Module 4: Using the Command Line Interface and WebUI, Lesson 4.3: Global Commands, page 4-11
*Check Point R81 Maestro Administration Guide, Chapter 4: Using the Command Line Interface and WebUI, Section: Global Commands, page 4-9
*Global Expert Mode Commands - Check Point CheckMates

質問 # 38
......

更新されたのはCheckPoint 156-836問題集PDFオンラインエンジン：https://www.jpntest.com/shiken/156-836-mondaishu

156-836.PDFで問題解答PDFサンプル問題信頼され続ける：https://drive.google.com/open?id=1Lwb6GlYoa9BbRF5c-T-Q49MJxAsv8Ra7