01. Firewall Deployment: Next-Generation Firewall Setup and Management Connection Flashcards
Which two planes are found in the Palo Alto Networks single-pass platform architecture? (Choose Two)
a. Application
b. Parallel Processing
c. Conrol
d. Data
Correct Answer(s):
c. Conrol
d. Data
Knowledge Area: Palo Alto Networks Product Portfolio & Architecture
Which object cannot be segmented using virtual systems on a firewall?
a. MGT Interface
b. Administrative access
c. Data Plane Interface
d. Network Security Zone
Correct Answer(s):
a. MGT Interface
Knowledge Area: Palo Alto Networks Product Portfolio & Architecture
What are the two attributes of the dedicated out-of-band network management port in Palo Alto Networks firewalls? (Choose two).
a. Requires a static, non-DHCP network configuration
b. Labeled MGT by default
c. Supports only SSH connections
d. Cannot be configured as a standard traffic port
Correct Answer(s):
b. Labeled MGT by default
c. Cannot be configured as a standard traffic port
Knowledge Area: Connect to the Management Network
True or False? To register a hardware firewall, you will need the firewall’s serial number.
a. False
b. True
Correct Answer(s):
b. True
Knowledge Area: Connect to the Management Network
In the web interface, what is signified when a text box is highlighted in red?
a. The value in the text box is an error.
b. The value in the text box is required.
c. The value in the text box is optional.
d. The value in the text box is controlled by Panorama.
Correct Answer(s):
b. The value in the text box is required.
Knowledge Area: Connect to the Management Network
True or False? Service routes can be used to configure an in-band port to access external services.
a. False
b. True
Correct Answer(s):
b. True
Knowledge Area: Connect to the Management Network
Which two statements are true regarding the candidate configuration? (Choose two.)
a. It always contains the factory default configuration.
b. It controls the current operation of the firewall.
c. It can be reverted to the current configuration.
d. It contains possible changes to the current configuration.
Correct Answer(s):
c. It can be reverted to the current configuration.
d. It contains possible changes to the current configuration.
Knowledge Area: Manage Firewall Configurations
True or False? The running configuration consists of configuration changes in progress but not active on the firewall.
a. True
b. False
Correct Answer(s):
b. False
Knowledge Area: Manage Firewall Configurations
When changes to a firewall are committed, what is the result of clicking the Preview Changes link?
a. compares the candidate configuration to the running configuration
b. displays any unresolved application dependencies
c. lists the individual settings for which you are committing changes
d. shows any error messages that would appear during a commit
Correct Answer(s):
a. compares the candidate configuration to the running configuration
Knowledge Area: Manage Firewall Configurations
Which three types of privileges can be defined when a custom admin role is created? (Choose three.)
a. XML API
b. Panorama
c. REST API
d. WebUI
e. Java API
Correct Answer(s):
a. XML API
c. REST API
d. WebUI
Knowledge Area: Manage Firewall Administrator Accounts
True or false? Server Profiles define connections that the firewall can make to external servers.
a. False
b. True
Correct Answer(s):
b. True
Knowledge Area: Manage Firewall Administrator Accounts
Global user authentication is supported by which three authentication services? (Choose three.)
a. SAML
b. TACACS+
c. LDAP
d. Certificate
e. RADIUS
Correct Answer(s):
a. SAML
b. TACACS+
e. RADIUS
Knowledge Area: Manage Firewall Administrator Accounts
True or false? Certificate-based authentication replaces all other forms of either local or external authentication.
a. False
b. True
Correct Answer(s):
b. True
Knowledge Area: Manage Firewall Administrator Accounts
Which three MGT port configuration settings must be configured before you can remotely access the web interface? (Choose three.)
a. IP address
b. DNS server
c. netmask
d. default gateway
e. hostname
Correct Answer(s):
a. IP address
b. DNS server
c. netmask
Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment
Which two statements are true regarding the candidate configuration? (Choose two.)
a. It controls the current operation of the firewall.
b. It always contains the factory default configuration.
c. It contains possible changes to the current configuration.
d. It can be reverted to the current configuration.
Correct Answer(s):
c. It contains possible changes to the current configuration.
d. It can be reverted to the current configuration.
Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment