Get CheckPoint 156-836 Exam Dumps

Answer : A

Reference =

* [Maestro Frequently Asked Questions (FAQ)]

* Maestro Dual Site configuration with a direct connection through L2 switches

* Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)

* CHECK POINT MAESTRO EXPERT

Answer : A

This is not one of the ways to configure a Security Group in a Dual Site environment, because load balancers are not required or supported for the inter-site communication between the Maestro Orchestrators (MHOs). The MHOs use the Site-Sync port and VLANs to synchronize the resources and connections across the sites. The three valid scenarios for Dual Site configuration are:

* Direct connectivity between remote site Orchestrators: This scenario requires two orchestrators, one for each site, and a direct connection between them using the site-sync port.

* Two orchestrators on the same site are connected to the remote site orchestrators through two different switches: This scenario requires four orchestrators, two for each site, and a connection between them using the site-sync port and two external switches that support QinQ and MTU increment.

* Two orchestrators on the same site are connected to the remote site orchestrators through one switch: This scenario also requires four orchestrators, two for each site, and a connection between them using the site-sync port and one external switch that support QinQ and MTU increment.

Reference =

* Maestro Dual Site configuration with a direct connection through L2 switches

* [Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)]

* [Maestro Frequently Asked Questions (FAQ)]

Answer : A

A Dual Site environment can include either two or four orchestrators, depending on the scenario. There are three primary scenarios for Dual Site configuration:

* Direct connectivity between remote site orchestrators: This scenario requires two orchestrators, one for each site, and a direct connection between them using the site-sync port.

* Two orchestrators on the same site are connected to the remote site orchestrators through two different switches: This scenario requires four orchestrators, two for each site, and a connection between them using the site-sync port and two external switches that support QinQ and MTU increment.

* Two orchestrators on the same site are connected to the remote site orchestrators through one switch: This scenario also requires four orchestrators, two for each site, and a connection between them using the site-sync port and one external switch that supports QinQ and MTU increment.

Reference =

* Maestro Dual Site configuration with a direct connection through L2 switches

* Dual Site Single Maestro Hyperscale Orchestrator Cluster (Dual Site Single MHO Redundancy)

* Maestro Frequently Asked Questions (FAQ)

Answer : D

In a Maestro Dual Site environment, there are two sites that can host Security Group Members (SGMs) for each Security Group (SG). The Active Site is the one that is currently processing the traffic for a specific SG, while the Standby Site is the one that is ready to take over in case of a failover. The Active Site and the Standby Site can be different for different SGs, depending on the load balancing and failover policies. The Active Site and the Standby Site are synchronized by the Maestro Orchestrators (MHOs) using the Site-Sync port and VLANs.

Reference =

* Solved: Maestro dual site failover - Check Point CheckMates

* Maestro Dual Site configuration with a direct connection through L2 switches

Answer : B

Dual Orchestrators work as an Active-Active cluster, which means that both Orchestrators are active and share the load of the traffic that is sent to and from the Security Group Members (SGMs). Active-Active cluster provides better performance and scalability than Active-Standby cluster, which only uses one Orchestrator at a time and keeps the other as a backup. Active-Active cluster also allows for faster failover and recovery in case of an Orchestrator failure, as the surviving Orchestrator can take over the traffic without interruption.

Reference

* Maestro Expert (CCME) Course - Check Point Software, page 25

* CheckPoint Certified Maestro Expert (CCME) - Skillzcafe, page 2

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, page 2