Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Firewalls and Network Security > 210 Final Exam > Flashcards

210 Final Exam Flashcards

1
Q

A “continue” action can be configured on the following security profiles in the Next Generation firewall:
Select one:

a. URL Filtering, File Blocking, and Data Filtering

b. URL Filtering

c. URL Filtering and Antivirus

d. URL Filtering and File Blocking

A

d. URL Filtering and File Blocking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A critical consideration when defining Network Segmentation is ____________.
Select one:

a. third party management

b. eliminating security zones

c. understanding your business and organizational drivers

d. password management

A

understanding your business and organizational drivers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A strength of the Palo Alto Networks firewall is:
Select one:

a. hardware consolidation - data and control plane processing is improved and performed in successive linear fasion

b. its single-pass parallel processing (SP3) engine and software performs operations once per packet

c. increased buffering capability.

A

a. its single-pass parallel processing (SP3) engine and software performs operations once per packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A Zone Protection Profile is applied to which item?
Select one:

a. Ingress Ports

b. Egress Ports

c. Security Policy Rules

d. Address Groups

A

Ingress Ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Assume you have a WildFire subscription. Which file state or condition might result in a file not being analyzed by WildFire?
Select one:

a. file size limit exceeded

b. file located in a JAR or RAR archive

c. file already has WildFire hash

d. executable file signed by trusted signer

A

file located in a JAR or RAR archive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

For guidance on continuing to deploy the security platform features to address your network security needs, review the PAN-OS Administrator’s Guide section titled ______________________________________________.
Select one:

a. Best Practices for Completing the Firewall Deployment

b. Set Up a Basic Security Policy

c. Best Practices for Securing Administrative Access

d. Register the Firewall

A

Best Practices for Completing the Firewall Deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

From the reading “Four Ps of 5G Network Security”: Which of the following is NOT one of the ‘Four Ps’?
Select one:

a. Perimeter

b. Permissions

c. Protection

d. Packets

A

Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

From the reading “Securing OT to enable Manufacturing Digital Transformation”: The risk of operations managing security at the local level is the potential of having _______________ approaches to security.
Select one:

a. IT administered

b. third party management

c. centralized

d. multiple,disjointed

A

multiple,disjointed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Global user authentication is not supported by which authentication service?
Select one:

a. LDAP

b. TACACS +

c. RADIUS

d. SAML

A

LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How would App-ID label TCP traffic when the three-way handshake completes, but not enough data is sent to identify an application?
Select one:

a. incomplete

b. insufficient-data

c. not-applicable

d. unknown-tcp

A

insufficient-data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a Next Generation firewall, how many packet does it take to identify the application in a TCP exchange?
Select one:

a. Two

b. One

c. Four or five

d. Three

A

Four or five

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for Wildfire updates?
Select one:

a. 30 Minutes

b. 5 Minutes

c. 1 Hour

d. 15 Minutes

A

5 Minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?
Select one:

a. Universal

b. Global

c. Local

d. Group

A

Global

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In the web interface, what is signified when a text box is highlighted in red?
Select one:

a. The value in the text box is an error

b. The value in the text box is required

c. The value in the text box is optional

d. The value in the text box is controlled by Panorama

A

The value in the text box is required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

NGFW QoS policies can be configured to apply:
Select one:

a. either preferential treatment or bandwidth-limiting traffic rules

b. data encryption

c. forwarding for anti-virus screening

d. third party authentication

A

either preferential treatment or bandwidth-limiting traffic rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

On a Palo Alto Networks firewall, which technique is used to manage traffic through NAT policies based on destination port numbers?
Select one:

a. Port Forwarding

b. Translated Address

c. Address Translation

d. Static/Dynamic Translation

A

a. Port Forwarding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

On the Palo Alto Networks Next Generation Firewall, which is the default port for transporting Syslog traffic?
Select one:

a. 514

b. 443

c. 8080

d. 6514

A

514

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Select the answer that best completes this sentence. Source NAT commonly is used for _________ users to access the ________ internet.
Select one:

a. private, private

b. private, public

c. public, private

d. public, public

A

private, public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Select the answer that completes this sentence. DIPP source NAT will support a maximum of about ______________ concurrent sessions on each IP address configured within the NAT pool.
Select one:

a. 16,300

b. 8100

c. 64,000

d. 250

A

64,000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Select True or False. A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6 addresses.
Select one:

a. False

b. True

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Select True or False. All of the interfaces on a Next Generation firewall must be the same interface type.
Select one:

a. False

b. True

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Select True or False. By default, the firewall uses the management (MGT) interface to access external services, such as DNS servers, external authentication servers, Palo Alto Networks services such as software, URL updates, licenses and AutoFocus.
Select one:

a. False

b. True

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Select True or False. Destination NAT often is used to provide hosts on the public (external) network access to private (internal) servers.
Select one:

a. True

b. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Select True or False. In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic.
Select one:

a. False

b. True

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Select True or False. In addition to routing to other network devices, virtual routers on the Next Generation firewall can route to other virtual routers.
Select one:

a. True

b. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Select True or False. Logging on intrazone-default and interzone-default Security policy rules is enabled by default.
Select one:

a. False

b. True

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Select True or False. On the Next Generation firewall, a commit lock blocks other administrators from committing changes until all of the locks have been released.
Select one:

a. True

b. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Select True or False. On the Next Generation firewall, application groups are always automatically updated when new applications are added to the App-ID database.
Select one:

a. False

b. True

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Select True or False. On the Next Generation firewall, if there is a NAT policy - there must also be a security policy.
Select one:

a. True

b. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Select True or False. Server Profiles define connections that the firewall can make to external servers.
Select one:

a. False

b. True

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Select True or false. Service routes can be used to configure an in-band port to access external services.
Select one:

a. False

b. True

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Select True or False. Source NAT commonly is used for private (internal) users to access the public internet (outbound traffic).
Select one:

a. True

b. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Select True or false. The CN-Series firewalls deliver the same capabilities as the PA-Series and VM-Series firewalls.
Select one:

a. True

b. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Select True or False. The running configuration consists of configuration changes in progress but not active on the firewall.
Select one:

a. True

b. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Select True or False. Traffic protection from external locations where the egress point is the perimeter is commonly referred to as “North-South” traffic.
Select one:

a. False

b. True

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Select True or False. Security policy rules on the Next Generation firewall specify a source and a destination interface.
Select one:

a. True

b. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The first important task of building a Zero Trust Architecture is to identify __________________.
Select one:

a. interdependencies

b. the protect surface

c. traffic

d. microperimeter

A

the protect surface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

The Gartner Magic Quadrant for Network Firewalls rates company’s:
Select one:

a. Regulatory Compliance / Intellectual Properties

b. Growth Potential / Profitability

c. Ability to Execute / Completeness of Vision

A

Ability to Execute / Completeness of Vision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics:
Select one:

a. Action: Protect, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured

b. Action: Deny, Aggregate Profile with “Resources Protection” configured

c. Action: Protect, Aggregate Profile with “Resources Protection” configured

d. Action: Deny, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured

A

Action: Protect, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Traffic going to a public IP address is being translated by a Next Generation firewall to an internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server?
Select one:

a. The server private IP

b. The server public IP

c. The firewall Management port IP

d. The firewall gateway IP

A

The server public IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

True or false? Certificate-based authentication replaces all other forms of either local or external authentication.
Select one:

a. False

b. True

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall?
Select one:

a. Filter the data filtering logs for the user’s traffic and the name of the PDF file

b. Filter the system log for failed download messages

c. Filter the session browser for all sessions from a user with the application adobe

d. Filter the traffic logs for all traffic from the user that resulted in a deny action

A

Filter the data filtering logs for the user’s traffic and the name of the PDF file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What component of the Next Generation Firewall will protect from port scans?
Select one:

a. DOS Protection

b. Anti-Virus Protection

c. Zone protection

d. Vulnerability protection

A

Zone protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?
Select one:

a. Quality of Service Log

b. Quality of Service Statistics

c. Applications Report

d. Application Command Center (ACC)

A

Application Command Center (ACC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application?
Select one:

a. Application-dependent

b. Application-custom

c. Application-implicit

d. Application-default

A

Application-default

46
Q

What is default setting for “Action” in a decryption policy rule?
Select one:

a. Any

b. No-decrypt

c. None

d. Decrypt

A

None

47
Q

What is the maximum size of .EXE files uploaded from the Next Generation firewall to WIldfire?
Select one:

a. Configurable up to 2 megabytes

b. Always 10 megabytes

c. Always 2 megabytes

d. Configurable up to 10 megabytes

A

Configurable up to 10 megabytes

48
Q

What is the method used to create a Zero Trust policy that answers the ‘who, what, when, where, why and how’ definition?
Select one:

a. Kipling

b. Never Trust - Always Verify

c. Logging

d. Full Authentication

A

Never Trust - Always Verify

49
Q

What should be configured as the destination zone on the original packet tab of the NAT Policy rule in the Next Generation firewall?
Select one:

a. Trust-L3

b. Untrust-L3

c. Any

d. DMZ-L3

A

Untrust-L3

50
Q

What type of interface allows the Next Generation firewall to provide switching between two or more networks?
Select one:

a. Layer2

b. Virtual Wire

c. Tap

d. Layer3

A

Layer2

51
Q

When an Applications and Threats content update is performed, which is the earliest point where you can review the impact of new application signatures on existing policies?
Select one:

a. after clicking Check Now

b. after download

c. after commit

d. after install

A

after download

52
Q

When committing changes to a firewall, what is the result of clicking the Preview Changes link?
Select one:

a. Lists the individual settings for which you are committing changes

b. Compares the candidate configuration to the running configuration

c. Displays any unresolved application dependencies

d. Shows any error messages that would appear during a commit

A

Compares the candidate configuration to the running configuration

53
Q

When creating a custom admin role, which type of privileges can not be defined?
Select one:

a. Command Line

b. Panorama

c. WebUI

d. XML API

e. REST API

A

Panorama

54
Q

When creating an application filter, which of the following is true?
Select one:

a. They are called dynamic because they automatically adapt to new IP addresses

b. They are called dynamic because they will automatically include new applications from an application signature update if the new application’s type is included in the filter

c. They are used by malware

d. Excessive bandwidth may be used as a filter match criteria

A

They are called dynamic because they will automatically include new applications from an application signature update if the new application’s type is included in the filter

55
Q

When creating PAN-OS firewall administrator accounts, which configuration step is required for Non-Local Administrators, but not for Local Administrators?
Select one:

a. Directory Services Replication

b. Authentication Profile

c. API Interface

d. Authentication Sequence

A

Authentication Profile

56
Q

When defining Security policy rules, why should you consider only the c2s flow direction, and define policy rules that allow or deny traffic from the source zone to the destination zone, that is, in the c2s direction?
Select one:

a. The return c2s flow does not require a separate rule because communications are automatically allowed.

b. Default rules are predefined to allow all interzone traffic (between zones) and deny all intrazone traffic (within a zone).

c. The return s2c flow does not require a separate rule because the return traffic automatically is allowed

d. For traffic that does not match any custom defined rules, all communications are conducted in a separate traffic buffer

A

The return s2c flow does not require a separate rule because the return traffic automatically is allowed

57
Q

When making changes to configuration settings on the PAN-OS firewall, which of the following options lists the individual changes for which you are committing changes:
Select one:

a. Validate Commit

b. Preview Changes for selected administrators.

c. Change Summary

d. Preview Changes for all

A

Change Summary

58
Q

When resetting the PAN-OS firewall to factory defaults, you can save all configuration settings and logs by performing the following:
Select one:

a. Pressing Shift-C when prompted

b. None of the above

c. Executing the CLI command when in maintenance mode: rebuild/FactoryReset

d. Selecting ‘yes’ when prompted

A

None of the above

59
Q

When SSL encrypted traffic first arrives at the Next Generation Firewall, which technology initially identifies the application as web-browsing?
Select one:

a. User-ID

b. App-ID

c. Encryption-ID

d. Content-ID

A

App-ID

60
Q

Which action in a Security policy rule results in traffic being silently rejected?
Select one:

a. Deny

b. Reset Server

c. Drop

d. Reset Client

A

Reset Server

61
Q

Which anti-spyware feature enables an administrator to quickly identify a potentially infected host on the network?
Select one:

a. DNS SInkhole

b. CVE Number

c. continue response page

d. data filtering log entry

A

DNS SInkhole

62
Q

Which attribute is associated with the dedicated out-of-band network management port in Palo Alto Networks firewalls?
Select one:

a. Supports only SSH connections

b. Cannot be configured as a standard traffic port

c. Requires a static, non-DHCP network configuration

d. Supports DHCP only

A

Cannot be configured as a standard traffic port

63
Q

Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?
Select one:

a. superuser

b. vsysadmin

c. deviceadmin

d. Custom role

A

deviceadmin

64
Q

Which built-in role on the Next Generation firewall is the same as superuser except for creation of administrative accounts?
Select one:

a. vsysadmin

b. deviceadmin

c. devicereader

d. sysadmin

A

deviceadmin

65
Q

Which CLI command is used to verify successful file uploads to WildFire?
Select one:

a. debug wildfire upload-log show

b. debug wildfire upload-log

c. debug wildfire upload-threat show

d. debug wildfire download-log show

A

debug wildfire upload-log show

66
Q

Which command will reset a next generation firewall to its factory default settings if you know the admin account password?
Select one:

a. reload

b. reset system settings

c. request system private-data-reset

d. reset startup-config

A

request system private-data-reset

67
Q

Which feature can be configured to block sessions that the firewall cannot decrypt?
Select one:

a. Decryption profile in security policy

b. Decryption profile in security profile

c. Decryption profile in decryption policy

d. Decryption profile in PBF

A

Decryption profile in decryption policy

68
Q

Which feature can be configured with an IPv6 address?
Select one:

a. Static Route

b. RIPv2

c. BGP

d. DHCP Server

A

Static Route

69
Q

Which file type can a firewall send to WildFire when the firewall does not have a WildFire subscription?
Select one:

a. JAR

b. APK

c. PDF

d. EXE

A

EXE

70
Q

Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?
Select one:

a. Block, Allow, External Dynamic, Custom URL, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

b. Block, Allow, Custom URL, External Dynamic, PAN-DB Download, PAN-DB Cloud, PAN-DB Cache

c. Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

d. Allow, Block, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

A

Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

71
Q

Which item is not a valid choice when the Source User field is configured in a Security policy rule?
Select one:

a. unknown

b. any

c. known-user

d. all

A

all

72
Q

Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo, Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option.
Select one:

a. HTTP Header Logging

b. User Credential Detection

c. Safe Search Enforcement

d. Log Container Page Only

A

Safe Search Enforcement

73
Q

Which Next Generation FW configuration type has settings active on the firewall?
Select one:

a. Startup

b. Legacy

c. Candidate

d. Running

A

Running

74
Q

Which NGFW security policy rule applies to all matching traffic within the specified source zones?
Select one:

a. Interzone

b. Default

c. Universal

d. Intrazone

A

Intrazone

75
Q

Which object cannot be segmented using virtual systems on a firewall?
Select one:

a. Administrative Access

b. MGT interface

c. Network Security Zone

d. Data Plane Interface

A

MGT interface

76
Q

Which of the following are NOT traffic attributes or criteria that can be defined in a Security policy rule?
Select one:

a. Source user

b. Traffic that does not pass through the firewall data plane

c. Source / Destination zones

d. URL Catgegory

A

Traffic that does not pass through the firewall data plane

77
Q

Which of the following is a routing protocol supported in a Next Generation firewall?
Select one:

a. IGRP

b. RIPV2

c. ISIS

d. EIGRP

A

RIPV2

78
Q

Which of the following is NOT a PAN-OS Firewall Administrator Dynamic Role?
Select one:

a. Superuser

b. Device administrator (read-only)

c. Virtual system administrator

d. Local only administrator

A

Local only administrator

79
Q

Which one of the following statements is true about NAT rules?
Select one:

a. NAT rules provide address translation, while security policy rules allow or deny packets.

b. The addresses used in source NAT rules always refer to the original IP address in the packet (that is, the pre-translated address).

c. NAT rules are applied after security policy rules.

d. The destination zone in the security rule is determined before the route lookup of the post-NAT destination IP address.

A

NAT rules provide address translation, while security policy rules allow or deny packets.

80
Q

Which Palo Alto Networks Cortex technology prevents malware, blocks exploits, and analyzes suspicious patterns through behavioral threat protection?
Select one:

a. AutoFocus

b. XDR

c. Data Lake

d. XSOAR

A

XDR

81
Q

Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user’s browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log?
Select one:

a. block

b. override

c. continue

d. alert

A

override

82
Q

Which Palo Alto Networks Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity?
Select one:

a. VM-100

b. VM-500

c. VM-700

d. VM-50

A

VM-500

83
Q

Which Palo Alto Networks Prisma technology provides continuous security monitoring, compliance validation, and cloud storage security capabilities across multi-cloud environments. In addition, you can simplify security operations through effective threat protections enhanced with comprehensive cloud context?
Select one:

a. SaaS

b. Cloud

c. Compliance

d. Access

A

Cloud

84
Q

Which Palo Alto Networks product for securing the enterprise extends the enterprise perimeter to remote offices and mobile users?
Select one:

a. Panorama

b. WildFire

c. GlobalProtect

d. VM-Series

A

GlobalProtect

85
Q

Which port does the Palo Alto Networks Windows-based User-ID agent use by default?
Select one:

a. TCP port 5007

b. TCP port 80

c. TCP port 443

d. TCP port 4125

A

TCP port 5007

86
Q

Which profile type is designed to protect against reconnaissance attacks such as host sweeps and port scans?
Select one:

a. Data Filtering

b. Anti-Spyware

c. DOS Protection

d. Zone Protection

A

Zone Protection

87
Q

Which role-based privilege allows full access to the Palo Alto Networks firewall, including defining new administrator accounts and virtual systems?
Select one:

a. devicereader

b. superuser

c. deviceadmin

d. superreader

A

superuser

88
Q

Which routing protocol is supported on a virtual router?
Select one:

a. PPP

b. EGP

c. IGRP

d. OSPF

A

OSPF

89
Q

Which series of firewall is a high-performance physical appliance solution?
Select one:

a. HA

b. PA

c. VM

d. CN

A

PA

90
Q

Which series of Palo Alto Networks Next Generation Firewall offers two modes, Secure Mode, and Express Mode?
Select one:

a. VM

b. CN

c. VS

d. K2

A

K2

91
Q

Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule on the Next Generation firewall?
Select one:

a. Static IP

b. Dynamic IP and Port

c. Bi-Directional

d. Dynamic IP

A

Dynamic IP and Port

92
Q

Which Source NAT type allows multiple clients to use the same public IP addresses with different source port numbers?
Select one:

a. Dynamic IP and Port (DIPP)

b. Static IP and Port (SIPP)

c. Static IP

d. Dynamic IP

A

Dynamic IP and Port (DIPP)

93
Q

Which statement about the automated correlation engine is not correct?
Select one:

a. It is available only in Panorama

b. It uses correlation objects as input.

c. It detects possible infected hosts.

d. It outputs correlation events.

A

It is available only in Panorama

94
Q

Which statement about the predefined reports is not correct?
Select one:

a. They are emailed daily to users

b. They are grouped in 5 categories

c. They are generated daily by default

d. There are more than 40 predefined reports

A

They are emailed daily to users

95
Q

Which statement is not true regarding Safe Search Enforcement?
Select one:

a. Safe search works only in conjunction with credential submission websites

b. Safe search is a web server setting

c. Safe search is a web browser setting

d. Safe search is a best effort setting

A

Safe search works only in conjunction with credential submission websites

96
Q

Which statement is true regarding the Palo Alto Networks Firewall candidate configuration?
Select one:

a. It does not control changes to the current configuration.

b. It controls the current operation of the firewall.

c. It always contains the factory default configuration.

d. It can be reverted to the current configuration.

A

It can be reverted to the current configuration.

97
Q

Which statement is true regarding User-ID and Security policy rules?
Select one:

a. Users can be used in policy rules only if they are known by the firewall

b. The Source User field can match only users, not groups.

c. If the user associated with an IP address cannot be determined, all traffic from that address will be dropped.

d. The Source IP and Source User fields cannot be used in the same policy.

A

Users can be used in policy rules only if they are known by the firewall

98
Q

Which Strata product provides centralized firewall management and logging?
Select one:

a. WildFire

b. GlobalProtect

c. Prisma Access

d. Panorama

A

Panorama

99
Q

Which type of firewall decryption requires the administrator to import a server certificate and a private key into the firewall?
Select one:

a. SSH Tunnel Decryption

b. SSL Inbound Inspection Decryption

c. SSL Forward Proxy Decryption

d. SSH Decryption

A

SSL Inbound Inspection Decryption

100
Q

Which type of firewall interface enables passive monitoring of network traffic?
Select one:

a. Tap

b. Virtual wire

c. Loopback

d. Tunnel

A

Tap

101
Q

Which type of firewall license or subscription provides a graphical analysis of firewall traffic logs and identifies potential risks to your network by using threat intelligence from a portal?
Select one:

a. Threat Prevention

b. GlobalProtect

c. WildFire

d. AutoFocus

A

AutoFocus

102
Q

Which type of interface will allow the firewall to be inserted into an existing topology without requiring any reallocation of network addresses or redesign on the network topology?
Select one:

a. Layer 2

b. Layer 3

c. Virtual Wire

d. Tap

A

Virtual Wire

103
Q

Which type of Next Generation Firewall decryption inspects SSL traffic between an internal host and an external web server?
Select one:

a. SSH

b. SSL Outbound Inspection

c. SSL Forward Proxy

d. SSL Inbound Inspection

A

SSL Forward Proxy

104
Q

Which type of Next Generation Firewall decryption inspects SSL traffic coming from external users to internal servers?
Select one:

a. SSL Forward Proxy

b. SSL Outbound Inspection

c. SSH

d. SSL Inbound Inspection

A

SSL Inbound Inspection

105
Q

Which type of Security policy rule is the default rule type?
Select one:

a. Intrazone

b. Universal

c. Default

d. Interzone

A

Interzone

106
Q

Which URL Filtering Profile action will result in a user being interactively prompted for a password?
Select one:

a. allow

b. override

c. continue

d. alert

A

override

107
Q

Which URL filtering security profile action logs the category to the URL filtering log?
Select one:

a. Alert

b. Log

c. Allow

d. Default

A

Alert

108
Q

Which User-ID component and mapping method is recommended for web clients that do not use the domain server?
Select one:

a. Captive Portal

b. Terminal Services agent

c. GlobalProtect

d. XML API

A

Captive Portal

109
Q

Which WildFire verdict might indicate obtrusive behavior but not a security threat?
Select one:

a. malware

b. phishing

c. grayware

d. benign

A

grayware

110
Q

Without a Wildfire subscription, which of the following files can be submitted by the Next Generation FIrewall to the hosted Wildfire virtualized sandbox?
Select one:

a. PE and Java Applet only

b. PDF files only

c. MS Office doc/docx, xls/xlsx, and ppt/pptx files only

d. PE files only

A

MS Office doc/docx, xls/xlsx, and ppt/pptx files only

Firewalls and Network Security (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions