01. Firewall Deployment: Next-Generation Firewall Setup and Management Connection

Question 1

Which two planes are found in the Palo Alto Networks single-pass platform architecture? (Choose Two)

a. Application
b. Parallel Processing
c. Conrol
d. Data

Answer 1

Correct Answer(s):

c. Conrol
d. Data

Knowledge Area: Palo Alto Networks Product Portfolio & Architecture

Question 2

Which object cannot be segmented using virtual systems on a firewall?

a. MGT Interface
b. Administrative access
c. Data Plane Interface
d. Network Security Zone

Answer 2

Correct Answer(s):

a. MGT Interface

Knowledge Area: Palo Alto Networks Product Portfolio & Architecture

Question 3

What are the two attributes of the dedicated out-of-band network management port in Palo Alto Networks firewalls? (Choose two).

a. Requires a static, non-DHCP network configuration
b. Labeled MGT by default
c. Supports only SSH connections
d. Cannot be configured as a standard traffic port

Answer 3

Correct Answer(s):

b. Labeled MGT by default
c. Cannot be configured as a standard traffic port

Knowledge Area: Connect to the Management Network

Question 4

True or False? To register a hardware firewall, you will need the firewall’s serial number.

a. False
b. True

Answer 4

Correct Answer(s):

b. True

Knowledge Area: Connect to the Management Network

Question 5

In the web interface, what is signified when a text box is highlighted in red?

a. The value in the text box is an error.
b. The value in the text box is required.
c. The value in the text box is optional.
d. The value in the text box is controlled by Panorama.

Answer 5

Correct Answer(s):

b. The value in the text box is required.

Knowledge Area: Connect to the Management Network

Question 6

True or False? Service routes can be used to configure an in-band port to access external services.

a. False
b. True

Answer 6

Correct Answer(s):

b. True

Knowledge Area: Connect to the Management Network

Question 7

Which two statements are true regarding the candidate configuration? (Choose two.)

a. It always contains the factory default configuration.
b. It controls the current operation of the firewall.
c. It can be reverted to the current configuration.
d. It contains possible changes to the current configuration.

Answer 7

Correct Answer(s):

c. It can be reverted to the current configuration.
d. It contains possible changes to the current configuration.

Knowledge Area: Manage Firewall Configurations

Question 8

True or False? The running configuration consists of configuration changes in progress but not active on the firewall.

a. True
b. False

Answer 8

Correct Answer(s):

b. False

Knowledge Area: Manage Firewall Configurations

Question 9

When changes to a firewall are committed, what is the result of clicking the Preview Changes link?

a. compares the candidate configuration to the running configuration
b. displays any unresolved application dependencies
c. lists the individual settings for which you are committing changes
d. shows any error messages that would appear during a commit

Answer 9

Correct Answer(s):

a. compares the candidate configuration to the running configuration

Knowledge Area: Manage Firewall Configurations

Question 10

Which three types of privileges can be defined when a custom admin role is created? (Choose three.)

a. XML API
b. Panorama
c. REST API
d. WebUI
e. Java API

Answer 10

Correct Answer(s):

a. XML API
c. REST API
d. WebUI

Knowledge Area: Manage Firewall Administrator Accounts

Question 11

True or false? Server Profiles define connections that the firewall can make to external servers.

a. False
b. True

Answer 11

Correct Answer(s):

b. True

Knowledge Area: Manage Firewall Administrator Accounts

Question 12

Global user authentication is supported by which three authentication services? (Choose three.)

a. SAML
b. TACACS+
c. LDAP
d. Certificate
e. RADIUS

Answer 12

Correct Answer(s):

a. SAML
b. TACACS+
e. RADIUS

Knowledge Area: Manage Firewall Administrator Accounts

Question 13

True or false? Certificate-based authentication replaces all other forms of either local or external authentication.

a. False
b. True

Answer 13

Correct Answer(s):

b. True

Knowledge Area: Manage Firewall Administrator Accounts

Question 14

Which three MGT port configuration settings must be configured before you can remotely access the web interface? (Choose three.)

a. IP address
b. DNS server
c. netmask
d. default gateway
e. hostname

Answer 14

Correct Answer(s):

a. IP address
b. DNS server
c. netmask

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

Question 15

Which two statements are true regarding the candidate configuration? (Choose two.)

a. It controls the current operation of the firewall.
b. It always contains the factory default configuration.
c. It contains possible changes to the current configuration.
d. It can be reverted to the current configuration.

Answer 15

Correct Answer(s):

c. It contains possible changes to the current configuration.
d. It can be reverted to the current configuration.

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

Question 16

The Palo Alto Networks Cybersecurity Portfolio focuses on which three principle technologies? (Choose three.)

a. securing the enterprise
b. securing the internet of things
c. securing third-party application access
d. securing the cloud
e. securing operations response

Answer 16

Correct Answer(s):

a. securing the enterprise
d. securing the cloud
e. securing operations response

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

Question 17

What is the result of performing a firewall Commit operation?

a. The saved configuration becomes the loaded configuration.
b. The candidate configuration becomes the saved configuration.
c. The loaded configuration becomes the candidate configuration.
d. The candidate configuration becomes the running configuration.

Answer 17

Correct Answer(s):

d. The candidate configuration becomes the running configuration.

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

Question 18

Global user authentication is supported by which three authentication services? (Choose three.)

a. RADIUS
b. TACACS+
c. SAML
d. LDAP
e. Certificate

Answer 18

Correct Answer(s):

a. RADIUS
b. TACACS+
c. SAML

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

Question 19

Which object cannot be segmented using virtual systems on a firewall?

a. administrative access
b. network security zone
c. MGT interface
d. data plane interface

Answer 19

Correct Answer(s):

c. MGT interface

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

Question 20

Which two separate firewall planes comprise the PAN-OS architecture? (Choose two.)

a. data plane
b. signature processing plane
c. HA plane
d. management (control) plane
e. routing plane

Answer 20

Correct Answer(s):

a. data plane
d. management (control) plane

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

Question 21

When committing changes to a firewall, what is the result of clicking the Preview Changes link?

a. displays any unresolved application dependencies
b. shows any error messages that would appear during a commit
c. lists the individual settings for which you are committing changes
d. compares the candidate configuration to the running configuration

Answer 21

Correct Answer(s):

d. compares the candidate configuration to the running configuration

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment

Question 22

When creating a custom admin role, which four types of privileges can be defined? (Choose four.)

a. Panorama
b. Java API
c. Command Line
d. REST API
e. WebUI
f. XML API

Answer 22

Correct Answer(s):

c. Command Line
d. REST API
e. WebUI
f. XML API

Knowledge Area: Next-Generation Firewall Setup and Management Connection - Assessment