Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Beta-10-pcnse > Domain 1 – Planning and Core Concepts > Flashcards

Domain 1 – Planning and Core Concepts Flashcards

1
Q
  1. Which component of the integrated Palo Alto Networks security solution limits network-attached
    workstation access to a corporate mainframe?
    a. threat intelligence cloud
    b. advanced endpoint protection
    c. next-generation firewall
    d. tunnel inspection
A

c. next-generation firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
2. Which Palo Alto Networks product is designed primarily to provide threat context with deeper
information about attacks?
a. Prisma Cloud
b. WildFire
c. AutoFocus
d. Threat Prevention
A

c. AutoFocus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Which Palo Alto Networks product is designed primarily to provide normalization of threat
    intelligence feeds with the potential for automated response?
    a. MineMeld
    b. WildFire
    c. AutoFocus
    d. Threat Prevention
A

a. MineMeld

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
4. Which Palo Alto Networks product is designed primarily to prevent endpoints from successfully
running malware programs?
a. GlobalProtect
b. Cortex XDR - Analytics
c. Cortex XDR
d. Prisma Cloud
A

c. Cortex XDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
5. The Palo Alto Networks Cortex Data Lake can accept logging data from which two products?
(Choose two.)
a. Cortex XDR
b. NGFWs
c. Prisma SaaS
d. MineMeld
e. AutoFocus
A

a. Cortex XDR

b. NGFWs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which Palo Alto Networks product is a cloud-based storage service designed to hold log information?
    a. Prisma Cloud
    b. Cortex XDR
    c. NGFW
    d. Cortex Data Lake
A

d. Cortex Data Lake

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which product is an example of an application designed to analyze Cortex Data Lake information?
    a. Cortex XDR – Analytics
    b. Prisma Cloud
    c. Cortex XDR – Automated Response
    d. AutoFocus
A

a. Cortex XDR – Analytics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. A potential customer says it wants to maximize the threat detection capability of its next-generation
    firewall. Which three additional services should it consider implementing to enhance its firewall’s
    capability to detect threats? (Choose three.)
    a. Cortex XDR
    b. WildFire
    c. URL Filtering
    d. Expedition
    e. DNS Security
A

b. WildFire
c. URL Filtering
e. DNS Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. How does a VM-Series virtual firewall differ from a physical Palo Alto Networks firewall?
    a. A VM-Series firewall cannot be managed by Panorama.
    b. A VM-Series firewall supports fewer traffic interface types.
    c. A VM-Series firewall cannot terminate VPN site-to-site tunnels.
    d. A VM-Series firewall cannot use dynamic routing protocols.
A

b. A VM-Series firewall supports fewer traffic interface types.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which product would best secure east-west traffic within a public cloud implementation?
    a. Prisma Cloud
    b. MineMeld
    c. VM-Series firewall
    d. Cortex
A

c. VM-Series firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which part of a VM-Series firewall should be updated to provide maximum feature support for a
    public cloud?
    a. latest PAN-OS update
    b. latest VM-Series plugin
    c. capacity license for the target public cloud
    d. latest dynamic updates appropriate for the implemented PAN-OS version
A

b. latest VM-Series plugin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
5. Which two types of firewall interfaces are most likely to be supported in public cloud deployments?
(Choose two.)
a. tap
b. virtual wire
c. Layer 3
d. tunnel
e. aggregate Ethernet
A

c. Layer 3

d. tunnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. From where can you buy and download a VM-Series virtual firewall appliance for a public cloud
    deployment?
    a. Palo Alto Networks Support Portal
    b. cloud vendor’s “Solution Marketplace”
    c. via the download link supplied on the same site as the license server
    d. Palo Alto Networks Product Download Portal
A

b. cloud vendor’s “Solution Marketplace”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which two conditions must be met to manage Palo Alto Networks firewalls that are deployed in
    multiple cloud environments from a central Panorama? (Choose two.)
    a. The Panorama and firewall must be able to communicate.
    b. The Panorama must be licensed for each cloud environment that contains managed
    firewalls.
    c. The firewalls must have the latest VM-Series plugin installed.
    d. The firewalls and Panorama must be running the same version of PAN-OS software.
    e. Firewalls must be running a version of PAN-OS software that is equal to or less than the
    version on Panorama
A

a. The Panorama and firewall must be able to communicate.
b. The Panorama must be licensed for each cloud environment that contains managed
firewalls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. A private cloud has 20 VLANs spread over 5 ESXi hypervisors, managed by a single vCenter. How
    many firewall VMs are needed to implement micro-segmentation?
    a. 1
    b. 4
    c. 5
    d. 20
A

c. 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. When you deploy the Palo Alto Networks NGFW on NSX, packets that come to an application VM
    from VMs that run on different hardware go through which modules?
    a. network, vSwitch, NSX firewall, Palo Alto Networks NGFW, application VM
    b. network, vSwitch, Palo Alto Networks NGFW, NSX firewall, application VM
    c. network, vSwitch, NSX firewall, Palo Alto Networks NGFW, NSX firewall, application VM
    d. vSwitch, network, Palo Alto Networks NGFW, NSX firewall, application VM
A
  1. When you deploy the Palo Alto Networks NGFW on NSX, packets that come to an application VM
    from VMs that run on different hardware go through which modules?
    a. network, vSwitch, NSX firewall, Palo Alto Networks NGFW, application VM
    b. network, vSwitch, Palo Alto Networks NGFW, NSX firewall, application VM
    c. network, vSwitch, NSX firewall, Palo Alto Networks NGFW, NSX firewall, application VM
    d. vSwitch, network, Palo Alto Networks NGFW, NSX firewall, application VM
17
Q
  1. Which option shows the interface types that ESXi supports in the VM-Series firewalls?
    a. tap, Layer 2, Layer 3, virtual wire
    b. Layer 3 only
    c. tap, Layer 2, Layer 3
    d. Layer 3, virtual wire
A
  1. Which option shows the interface types that ESXi supports in the VM-Series firewalls?
    a. tap, Layer 2, Layer 3, virtual wire
    b. Layer 3 only
    c. tap, Layer 2, Layer 3
    d. Layer 3, virtual wire
18
Q
  1. Which virtual interface is used for management on a VM-Series firewall that is running on ESXi?
    a. vNIC #1
    b. vNIC #2
    c. vNIC #9
    d. vNIC #10
A
  1. Which virtual interface is used for management on a VM-Series firewall that is running on ESXi?
    a. vNIC #1
    b. vNIC #2
    c. vNIC #9
    d. vNIC #10
19
Q
  1. Which three items of information are required, at a minimum, to install and configure VM-Series
    firewalls? (Choose three.)
    a. VLANs to be connected through the firewall
    b. management port IP address
    c. IP addresses for the data interfaces
    d. management port default gateway
    e. management port netmask
    f. IP address for the external (internet-facing) interface
A
  1. Which three items of information are required, at a minimum, to install and configure VM-Series
    firewalls? (Choose three.)
    a. VLANs to be connected through the firewall
    b. management port IP address
    c. IP addresses for the data interfaces
    d. management port default gateway
    e. management port netmask
    f. IP address for the external (internet-facing) interface
20
Q
  1. Compared to a physical firewall, VM-Series firewalls require you to apply which additional license?
    a. Base Capacity
    b. Cloud Services
    c. Site License
    d. VM Update
A
  1. Compared to a physical firewall, VM-Series firewalls require you to apply which additional license?
    a. Base Capacity
    b. Cloud Services
    c. Site License
    d. VM Update
21
Q
  1. A VM-Series firewall that is being deployed in Azure can be automatically configured by
    bootstrapping. Azure requires which feature for bootstrapping to work?
    a. Storage account configured for Azure Files Service
    b. PowerShell script that feeds a configuration file to the firewall
    c. XML configuration file included in the base firewall provisioning
    d. Azure Backup services configured with a config file and included in the firewall provisioning
A
  1. A VM-Series firewall that is being deployed in Azure can be automatically configured by
    bootstrapping. Azure requires which feature for bootstrapping to work?
    a. Storage account configured for Azure Files Service
    b. PowerShell script that feeds a configuration file to the firewall
    c. XML configuration file included in the base firewall provisioning
    d. Azure Backup services configured with a config file and included in the firewall provisioning
22
Q
  1. Virtual wire does not switch VLAN ______.
    a. addresses
    b. subnets
    c. tags
    d. wires
A
  1. Virtual wire does not switch VLAN ______.
    a. addresses
    b. subnets
    c. tags
    d. wires
23
Q
  1. For return-path traffic, the firewall compares the destination IP address as defined in the IP classifier
    on the customer-facing subinterface and selects the appropriate virtual wire to route traffic through
    the accurate _______.
    a. service routes
    b. static routes
    c. virtual systems
    d. subinterface
A
  1. For return-path traffic, the firewall compares the destination IP address as defined in the IP classifier
    on the customer-facing subinterface and selects the appropriate virtual wire to route traffic through
    the accurate _______.
    a. service routes
    b. static routes
    c. virtual systems
    d. subinterface
24
Q
  1. With SSH Proxy, PAN-OS firewalls can be configured to detect ________. Select all that apply.
    a. SSH traffic
    b. SSH port forwarding
    c. Hidden applications inside a SSH tunnel
    d. Breached security policies
A
  1. With SSH Proxy, PAN-OS firewalls can be configured to detect ________. Select all that apply.
    a. SSH traffic
    b. SSH port forwarding
    c. Hidden applications inside a SSH tunnel
    d. Breached security policies
25
Q
  1. A Decryption Policy Rule allows administrators to:
    a. Require certificates
    b. Inspect inside encrypted sessions
    c. Re-encrypt firewall settings
    d. Decrypt VPN traffic
A
  1. A Decryption Policy Rule allows administrators to:
    a. Require certificates
    b. Inspect inside encrypted sessions
    c. Re-encrypt firewall settings
    d. Decrypt VPN traffic
26
Q
  1. Select a use case for a Decryption Profile to block and control various aspects of the decrypted
    traffic.
    a. Terminate idle encrypted user-sessions after 300 seconds
    b. Search for admin users after business hours
    c. Retrieve a list of user groups from Microsoft Active Directory using TLS
    d. Terminate sessions using unsupported versions and unsupported algorithms
A
  1. Select a use case for a Decryption Profile to block and control various aspects of the decrypted
    traffic.
    a. Terminate idle encrypted user-sessions after 300 seconds
    b. Search for admin users after business hours
    c. Retrieve a list of user groups from Microsoft Active Directory using TLS
    d. Terminate sessions using unsupported versions and unsupported algorithms
27
Q
  1. Which feature is not negatively affected by the lack of a Decryption policy?
    a. antivirus
    b. App-ID
    c. file blocking
    d. network address translation
A
  1. Which feature is not negatively affected by the lack of a Decryption policy?
    a. antivirus
    b. App-ID
    c. file blocking
    d. network address translation
28
Q
  1. How can the next-generation firewall inform web browsers that a web server’s certificate is from an
    unknown CA?
    a. Show a “the certificate is untrusted, are you SURE you want to go there” response page
    before accessing the website
    b. Relay the untrusted certificate directly to the browser
    c. Have two certificates in the firewall, one used for sites whose original certificate is trusted,
    and the other for sites whose original certificate is untrusted
    d. Have two certificate authority certificates in the firewall, one used to produce certificates
    for sites whose original certificate is trusted, and the other used for certificates for sites
    whose original certificate is untrusted
A
  1. How can the next-generation firewall inform web browsers that a web server’s certificate is from an
    unknown CA?
    a. Show a “the certificate is untrusted, are you SURE you want to go there” response page
    before accessing the website
    b. Relay the untrusted certificate directly to the browser
    c. Have two certificates in the firewall, one used for sites whose original certificate is trusted,
    and the other for sites whose original certificate is untrusted
    d. Have two certificate authority certificates in the firewall, one used to produce certificates
    for sites whose original certificate is trusted, and the other used for certificates for sites
    whose original certificate is untrusted
29
Q
  1. Which two firewall features can be used to support an organization’s requirement of decrypting and
    recording all encrypted traffic? (Choose two.)
    a. Decryption broker
    b. Policy-based forwarding
    c. Default Router setting of Forward Cleartext
    d. Interface setting of Decryption Port Mirroring
    e. Decryption policy rule action set to Forward Cleartext
A
  1. Which two firewall features can be used to support an organization’s requirement of decrypting and
    recording all encrypted traffic? (Choose two.)
    a. Decryption broker
    b. Policy-based forwarding
    c. Default Router setting of Forward Cleartext
    d. Interface setting of Decryption Port Mirroring
    e. Decryption policy rule action set to Forward Cleartext
30
Q
  1. PAN-OS firewalls support the following directory services. Select all that apply.
    a. Microsoft Active Directory (AD)
    b. Novell eDirectory
    c. Sun ONE Directory Server
    d. Apache directory
A
  1. PAN-OS firewalls support the following directory services. Select all that apply.
    a. Microsoft Active Directory (AD)
    b. Novell eDirectory
    c. Sun ONE Directory Server
    d. Apache directory
31
Q
  1. When you enable a user- or group-based policy, what network security issues could occur if an
    administrator enables User-ID on an external untrusted zone?
    a. Disclose internal IP address spacing
    b. Traffic will be treated as intrazone traffic and by default will be allowed
    c. No security issues occur
    d. Allow an attacker to gain unauthorized access to protected services and applications
A
  1. When you enable a user- or group-based policy, what network security issues could occur if an
    administrator enables User-ID on an external untrusted zone?
    a. Disclose internal IP address spacing
    b. Traffic will be treated as intrazone traffic and by default will be allowed
    c. No security issues occur
    d. Allow an attacker to gain unauthorized access to protected services and applications

Beta-10-pcnse (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions