01. Firewall Deployment: Next-Generation Firewall Setup and Management Connection Flashcards

1
Q

Which two planes are found in the Palo Alto Networks single-pass platform architecture? (Choose Two)

a. Application
b. Parallel Processing
c. Conrol
d. Data

A

Correct Answer(s):

c. Conrol
d. Data

Knowledge Area: Palo Alto Networks Product Portfolio & Architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which object cannot be segmented using virtual systems on a firewall?

a. MGT Interface
b. Administrative access
c. Data Plane Interface
d. Network Security Zone

A

Correct Answer(s):

a. MGT Interface

Knowledge Area: Palo Alto Networks Product Portfolio & Architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the two attributes of the dedicated out-of-band network management port in Palo Alto Networks firewalls? (Choose two).

a. Requires a static, non-DHCP network configuration
b. Labeled MGT by default
c. Supports only SSH connections
d. Cannot be configured as a standard traffic port

A

Correct Answer(s):

b. Labeled MGT by default
c. Cannot be configured as a standard traffic port

Knowledge Area: Connect to the Management Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False? To register a hardware firewall, you will need the firewall’s serial number.

a. False
b. True

A

Correct Answer(s):

b. True

Knowledge Area: Connect to the Management Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In the web interface, what is signified when a text box is highlighted in red?

a. The value in the text box is an error.
b. The value in the text box is required.
c. The value in the text box is optional.
d. The value in the text box is controlled by Panorama.

A

Correct Answer(s):

b. The value in the text box is required.

Knowledge Area: Connect to the Management Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or False? Service routes can be used to configure an in-band port to access external services.

a. False
b. True

A

Correct Answer(s):

b. True

Knowledge Area: Connect to the Management Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which two statements are true regarding the candidate configuration? (Choose two.)

a. It always contains the factory default configuration.
b. It controls the current operation of the firewall.
c. It can be reverted to the current configuration.
d. It contains possible changes to the current configuration.

A

Correct Answer(s):

c. It can be reverted to the current configuration.
d. It contains possible changes to the current configuration.

Knowledge Area: Manage Firewall Configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True or False? The running configuration consists of configuration changes in progress but not active on the firewall.

a. True
b. False

A

Correct Answer(s):

b. False

Knowledge Area: Manage Firewall Configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When changes to a firewall are committed, what is the result of clicking the Preview Changes link?

a. compares the candidate configuration to the running configuration
b. displays any unresolved application dependencies
c. lists the individual settings for which you are committing changes
d. shows any error messages that would appear during a commit

A

Correct Answer(s):

a. compares the candidate configuration to the running configuration

Knowledge Area: Manage Firewall Configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which three types of privileges can be defined when a custom admin role is created? (Choose three.)

a. XML API
b. Panorama
c. REST API
d. WebUI
e. Java API

A

Correct Answer(s):

a. XML API
c. REST API
d. WebUI

Knowledge Area: Manage Firewall Administrator Accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or false? Server Profiles define connections that the firewall can make to external servers.

a. False
b. True

A

Correct Answer(s):

b. True

Knowledge Area: Manage Firewall Administrator Accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Global user authentication is supported by which three authentication services? (Choose three.)

a. SAML
b. TACACS+
c. LDAP
d. Certificate
e. RADIUS

A

Correct Answer(s):

a. SAML
b. TACACS+
e. RADIUS

Knowledge Area: Manage Firewall Administrator Accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True or false? Certificate-based authentication replaces all other forms of either local or external authentication.

a. False
b. True

A

Correct Answer(s):

b. True

Knowledge Area: Manage Firewall Administrator Accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which three MGT port configuration settings must be configured before you can remotely access the web interface? (Choose three.)

a. IP address
b. DNS server
c. netmask
d. default gateway
e. hostname

A

Correct Answer(s):

a. IP address
b. DNS server
c. netmask

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which two statements are true regarding the candidate configuration? (Choose two.)

a. It controls the current operation of the firewall.
b. It always contains the factory default configuration.
c. It contains possible changes to the current configuration.
d. It can be reverted to the current configuration.

A

Correct Answer(s):

c. It contains possible changes to the current configuration.
d. It can be reverted to the current configuration.

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The Palo Alto Networks Cybersecurity Portfolio focuses on which three principle technologies? (Choose three.)

a. securing the enterprise
b. securing the internet of things
c. securing third-party application access
d. securing the cloud
e. securing operations response

A

Correct Answer(s):

a. securing the enterprise
d. securing the cloud
e. securing operations response

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

17
Q

What is the result of performing a firewall Commit operation?

a. The saved configuration becomes the loaded configuration.
b. The candidate configuration becomes the saved configuration.
c. The loaded configuration becomes the candidate configuration.
d. The candidate configuration becomes the running configuration.

A

Correct Answer(s):

d. The candidate configuration becomes the running configuration.

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

18
Q

Global user authentication is supported by which three authentication services? (Choose three.)

a. RADIUS
b. TACACS+
c. SAML
d. LDAP
e. Certificate

A

Correct Answer(s):

a. RADIUS
b. TACACS+
c. SAML

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

19
Q

Which object cannot be segmented using virtual systems on a firewall?

a. administrative access
b. network security zone
c. MGT interface
d. data plane interface

A

Correct Answer(s):

c. MGT interface

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

20
Q

Which two separate firewall planes comprise the PAN-OS architecture? (Choose two.)

a. data plane
b. signature processing plane
c. HA plane
d. management (control) plane
e. routing plane

A

Correct Answer(s):

a. data plane
d. management (control) plane

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

21
Q

When committing changes to a firewall, what is the result of clicking the Preview Changes link?

a. displays any unresolved application dependencies
b. shows any error messages that would appear during a commit
c. lists the individual settings for which you are committing changes
d. compares the candidate configuration to the running configuration

A

Correct Answer(s):

d. compares the candidate configuration to the running configuration

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

22
Q

When creating a custom admin role, which four types of privileges can be defined? (Choose four.)

a. Panorama
b. Java API
c. Command Line
d. REST API
e. WebUI
f. XML API

A

Correct Answer(s):

c. Command Line
d. REST API
e. WebUI
f. XML API

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment