Exam Flashcards by David Taing

On the Next Generation firewall, DNS sinkhole allows administration to quickly identify infected host on the network using DNS traffic.

True

How well did you know this?

Not at all

Perfectly

What two interface types on the Next Generation firewall provide support for Network Address Translation?

Layer 3 and Virtual Wire

How well did you know this?

Not at all

Perfectly

Which URL filtering security profile action logs the category to the URL filtering log?

Alert

How well did you know this?

Not at all

Perfectly

Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?

Block, Allow, Custom URL, External

Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

How well did you know this?

Not at all

Perfectly

On the Next Generation firewall, application groups are always automatically updated when new applications are added to the App-ID database.

False

How well did you know this?

Not at all

Perfectly

In which stage of the Cyber Attack Lifecycle model do attackers gain access “inside” an organization and activate attack code on the victim’s host and ultimately take control of the target machine?

Exploitation

How well did you know this?

Not at all

Perfectly

What type of interface allows the Next Generation firewall to provide switching between two or more networks?

Layer 2

How well did you know this?

Not at all

Perfectly

Which Next Generation FW configuration type has settings active on the firewall?

Running

How well did you know this?

Not at all

Perfectly

In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for Wildfire updates?

5 Minutes

How well did you know this?

Not at all

Perfectly

What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application?

Application-default

How well did you know this?

Not at all

Perfectly

Which type of interface will allow the firewall to be inserted into an existing topology without requiring any reallocation of network addresses or redesign on the network topology?

Virtual Wire

How well did you know this?

Not at all

Perfectly

When creating an application filter, which of the following is true?

They are called dynamic because they will automatically include new applications from an application signature update if the new application’s type is included in the filter

How well did you know this?

Not at all

Perfectly

On the Next Generation firewall, what type of security profile detects infected files being transferred with the application.

Anti-Virus

How well did you know this?

Not at all

Perfectly

What should be configured as the destination zone on the original packet tab of the NAT Policy rule in the Next Generation firewall?

Untrust-L3

How well did you know this?

Not at all

Perfectly

On the Next Generation firewall, If there is a NAT policy, there must also be a security policy.

True

How well did you know this?

Not at all

Perfectly

Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user’s browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log?

Override

How well did you know this?

Not at all

Perfectly

A “continue” action can be configured on the following security profiles in the Next Generation firewalls

URL Filtering and File Blocking

How well did you know this?

Not at all

Perfectly

What is the benefit of enabling the “passive DNS monitoring” checkbox on the Next Generation firewall?

Improved malware detection in Wildfire
Improved DNS based command and control
signatures
Improved PAN DB malware detection

How well did you know this?

Not at all

Perfectly

Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo, Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option.

Safe Search Enforcement

How well did you know this?

Not at all

Perfectly

What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall?

Filter the data filtering logs for the user’s traffic and the name of the PDF file.

How well did you know this?

Not at all

Perfectly

Without a Wildfire subscription, which of the following les can be submitted by the Next Generation Firewall to the hosted Wild re virtualized sandbox?

MS Office doc/docx, xls/xlsx, and ppt/pptx files only

How well did you know this?

Not at all

Perfectly

Which of the following services are enabled on the

Next Generation firewall MGT interface by default

HTTPS, SSH, Telnet

How well did you know this?

Not at all

Perfectly

Traffic protection from external locations where the egress point is the perimeter is commonly referred to as “North-South” traffic.

True

How well did you know this?

Not at all

Perfectly

What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?

Application Command Center (ACC)

How well did you know this?

Not at all

Perfectly

Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?

deviceadmin

What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)?

Network Traffic, Threat Activity, Blocked Activity

What is the maximum size of .EXE files uploaded from the Next Generation firewall to Wildfire?

Configuration up to 10 megabytes

Which NGFW security policy rule applies to all | matching traffic within the specified source zones?

Intrazone

Which built-in role on the Next Generation firewall is the same as superuser except for creation of administration accounts?

deviceadmin

To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics

Action: Protect, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured

Which Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity?

VM-500

Which of the following is a routing protocol supported in a Next Generation firewall

RIPV2

In a Next Generation firewall, how many packet does it take to identify the application in a TCP exchange?

Four or Five

Which three engines are built into the Single Pass Parallel Processing Architecture of the Next Generation firewall?

``` Application Identification (App-ID) Content Identification (Content-ID) User Identification (User-ID) ```

In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic.

True

On the Next Generation firewall, a commit lock blocks other administrators from committing changes until all of the locks have been released.

True

When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal?

Change

Security policy rules on the Next Generation Firewall specify a source and a destination interface

False

Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule?

Dynamic IP and Port

Which command will reset a next generation firewall to its factory default settings if you know the admin account password?

request system private-data-reset

All of the interfaces on a Next Generation Firewall must be of the same interface type.

False

In addition to routing to other network devices, virtual routers on the Next Generation Firewall can route to other virtual routers.

True

Which feature can be configured with an IPv6 address?

Static Route

Which Next Generation Firewall feature protects cloud-based applications such as Box, Salesforce, and Dropbox by managing permissions and scanning files for external exposure and sensitive information

Aperture

Traffic going to a public IP address is being translated by a Next Generation firewall to an Internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server.

The server public IP

What component of the Next Generation Firewall will protect from port scans?

Zone Protection

Which feature can be configured to block sessions that the firewall cannot decrypt?

Decryption profile in decryption policy

What is default setting for "Action" in a decryption policy rule?

No-decrypt

Which type of Next Generation Firewall decryption inspects SSL traffic between an internal host and an external web server?

SSL Forward Proxy

When SSL encrypted traffic first arrives at the Next Generation Firewall, which technology initially identifies the application as web-browsing?

App-ID

On the Next Generation Firewall, which is the first configuration step for SSL Forward Proxy decryption?

Forward Trust Certificate

Which type of Next Generation Firewall decryption inspects SSL traffic coming from external users to internal servers?

SSL Inbound Inspection

In the Next Generation Firewall, even if the Decryption policy rule action is “no-decrypt,” the Decryption Profile attached to the rule can still be configured to block sessions with expired or untrusted certificates.

True

What is the prerequisite for configuring a pair of Next Generation firewalls in an Active/Passive High Availability (HA) pair?

The firewalls must have the same set of licenses

The firewalls in an HA pair can be assigned a Device Priority value to indicate a preference for which firewall should assume the active role. If you need to designate a specific firewall in the HA pair as the active firewall, you must enable the preemptive behavior on both the firewalls and assign a Device Priority value for each firewall. The Firewall with which Device Priority value is designated as the higher priority and active firewall?

Lower

During which Palo Alto Networks Active/Passive Firewall Sate is normal traffic discarded?

Passive

During the Palo Alto Networks Active/Passive HA Pair Start-Up, the firewall remains in the INITIAL state after boot-up until it discovers a peer and negotiations begin. After how long of a timeout does the firewall become ACTIVE if HA negotiation has not started?

60-seconds

Which Palo Alto Networks High Availability configuration is not designed to increase throughput?

Active/Active

What mechanism on a Next Generation firewall is used to trigger a High Availability failover if the interface goes down?

Link monitoring

To enable High Availability on a Palo Alto Networks device, both firewalls must be the same model.

True

In which Palo Alto Networks GlobalProtect client connection method does the user explicitly initiate the connection?

On-demand

Which Palo Alto Networks GlobalProtect component is responsible for coordinating communications and interaction between all other GlobalProtect components?

Portal

Which Palo Alto Networks GlobalProtect deployment component provides security enforcement for traffic from GlobalProtect agents and applications?

Gateway

On a Palo Alto Networks Firewall, what is the maximum number of IPsec tunnels that can be associated with a tunnel interface?

What three basic requirements are necessary to create a VPN in the Next Generation firewall

Create the tunnel interface, Configure he IPSec tunnel, Add a static route

In the Palo Alto Networks GlobalProtect connection sequence, there is direct communication among gateways or between gateways and portals.

False

Virtual Private Networks (VPNs) allow systems to connect securely over public networks as if they were connecting over a Local Area Network (LAN).

True

In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?

Global

What feature on the Next Generation firewall can be used to identify, in real time, the application staking up the most bandwidth?

Application Command Center (ACC)

What are the three pre-defined tabs in the Next Generation firewall Application Command Center(ACC)?

Network Traffic, Threat Activity, Blocked Activity

In the Palo Alto Networks Firewall WebUI, which type of report can be compiled into a single emailed PDF?

Group

On the Palo Alto Networks Next Generation Firewall, which is the default port for transporting Syslog traffic?

6514

What are two sources of information for determining whether the Next Generation firewall has been successful in communication with an external User-ID Agent?

System logs and the indicator light under the User-ID Agent settings in the firewall

For the Palo Alto Networks Next Generation Firewall to access a Global Catalog server, LDAP must be set to communicate with which port?

3268

Which Palo alto Networks User-ID component runs on Microsoft and Citrix terminal servers?

Palo Alto Networks Terminal Services agent

Which User-ID component and mapping method is recommended for web clients that do not use the domain server?

Captive Portal

Which port does the Palo Alto Networks Windows-based User-ID agent use by default?

TCP port 5007

What options are available for selecting users for a security policy on the Next Generation firewall?

Pre-logon, Known-user, Unknown-user

The User-ID feature identifies the user and IP address of the computer the user is logged into for Next Generation firewall policy enforcement.

True

On the Next Generation firewall, what type of security profile detects infected files being transferred with the application.

Anti-Virus

Which Wildfire verdict includes viruses, worms, trojans, remote access tools, rootkits, and botnets?

Malware

Which CLI command is used to verify successful file uploads to Wildfire?

debug wildfire upload-log show

Which WildFire verdict indicates no security threat but might display obtrusive behavior?

Grayware

If a file type is matched in the File Blocking Profile and Wildfire Analysis Profile, and if the File Blocking Profile action is set to “block,” then the file is not forwarded to WildFire.

True

Without a Wildfire subscription, which of the following files can be submitted by the Next Generation Firewall to the hosted Wildfire virtualized sandbox?

PE Files Only

What are two sources of information for determining whether the Next Generation firewall has been successful in communicating with an external User-ID Agent?

System Logs and the indicator light under the User-ID Agent settings in the firewall

Which Palo alto Networks User-ID component runs on Microsoft and Citrix terminal servers?

Palo Alto Networks Terminal Services agent

Which is the 3rd message used to acquire a certificate using the Public Key Infrastructure (PKI) Certificate Signing Request (CSR) process?

Applicant sends signed information and public key

What is default setting for "Action" in a decryption policy rule?

None

In the Public Key Infrastructure (PKI) hierarchy, what does the issuing Certificate Authority (CA) use to prevent tampering of the hash value and other critical information in the certificate?

Private Key Encryption

Which type of patch management technology has one or more servers that perform network scanning of each host to be patched and determine what patches each host needs?

Agentless Scanning

Which type of monitoring technologies for patch management monitor local network traffic to identify applications (and in some cases, operating systems) that are in need of patching?

Passive Network Monitoring

A security control assessment is the testing and/or evaluation of the management, operational, and technical security controls on a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

True

Which phase of the Internet Key Exchange (IKE) is concerned with data traffic that crosses the tunnel?

Phase 2

Which phase of the Internet Key Exchange (IKE) is concerned with authenticating the endpoints?

Phase 1

Which type of IDPS includes the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations?

Anomaly-Based

Which type of IDPS technique includes agents that often include a host-based firewall that can restrict incoming and outgoing traffic for each application on the system, preventing unauthorized access and acceptable use policy violations (e.g., use of inappropriate external services)?

Network Traffic Filtering

Which type of cybersecurity technology changes the security environment and controls to disrupt an attack?

Intrusion Prevention System (IPS)

Which type of IDPS technology examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware (e.g., worms, backdoors), and policy violations (e.g., a client system providing unauthorized network services to other systems)?

Network Behavior Analysis

A common attribute of all IDPS technologies is that they can provide completely accurate detection.

False

Which section of the NIST Cybersecurity Framework Core Functions is used to develop and implement appropriate safeguards to ensure delivery of critical infrastructure services?

Protect

Which section of the NIST Cybersecurity Framework Core Functions is used to develop and implement the appropriate activities to take action regarding a detected cybersecurity event?

Respond

Which NIST Cybersecurity Coordination of Framework Implementation level communicates the mission priorities, available resources, and overall risk tolerance to the business process level?

Senior Executive

Traffic going to a public IP address is being translated by a Next Generation firewall to an internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server?

The firewall gateway IP

Which role in the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations ensures that an effective program is established and implemented for the organization by establishing expectations and requirements for the organizations's ISCM program; working closely with authorizing officials to provide funding, personnel, and other resources to support ISCM; and maintaining high-level communications and working group relationships among organizational entities?

Chief Information Officer (CIO)

In the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, which Tier ensures that all system-level security controls (technical, operational, and management) are implemented correctly, operate as intended, produce the desired outcome with respect to meeting the security requirements for the system, and continue to be effective over time?

Tier 3 - Information Systems

Which is the correct order for the Risk Management Framework (RMF) structured process in the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations System?

Categorize, Select, Implement, Assess, Authorize, Monitor

Which type of social engineering attack involves hackers who impersonate IT service people and who spam call as many direct numbers that belong to a company as they can find? These attackers offer IT assistance to each and every one of their victims.

Quid Pro Quo

Which web development program is an object-oriented, class-based and concurrent language that was developed by Sun Microsystems in the 1990s?

Java

Which color of the Traffic Light Protocol (TLP) indicates that information requires support to be acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved?

Amber

Which two actions are available for antivirus security profiles?

Allow | Alert

Which two HTTP Header Logging options are within a URL filtering profile?

User‐Agent | X‐Forward‐For

What are the two components of Denial‐of‐Service Protection?

zone protection profile | DoS protection profile and policy rules

Which two types of attacks does the PAN‐DB prevent?

phishing sites | HTTP based command‐and‐control

Which two valid URLs can be used in a custom URL category?

www. youtube.com | * .youtube.com

What are three methods of mapping usernames to IP addresses?

Server Monitoring syslog port mapping

Which type of server profile is used to create group mappings?

LDAP

The Server Monitoring user mapping method can monitor which three types of servers?

Microsoft Domain Controllers Exchange Servers Novell eDirectory Servers

The Windows User‐ID Agent can be installed on which two operating systems?

Server 2016 | Server 2008

A Heatmap provides an adoption rate for which three features?

WildFire File Blocking User‐ID

What are three Best Practice Assessment tool primary categories?

Security Decryption DoS Protection

Which two security features normally do not achieve an adoption rate of 100%?

DNS Sinkhole | URL Filtering

Which type of file is used to generate the Heatmap report and the BPA report?

Technical Support

What are two components of the BPA tool?

Security Policy Adoption Heatmap | BPA

The Palo Alto Networks Security Operating Platform is designed for which three purposes?

consume innovations quickly focus on what matters prevent successful cyberattacks

Which item is not one of the six primary components of the Palo Alto Networks Security Operating Platform?

WildFire

Which cloud‐delivered security service provides instant access to community‐based threat data?

AutoFocus - It provides instant access to community‐based threat data, enhanced with deep context and attribution from the Unit 42 threat research team

Which cloud‐delivered security services provides security for branches and mobile users?

Global Protect

Which Palo Alto Networks Security Operating Platform component provides access to apps from Palo Alto Networks, third parties, and customers?

Application Framework

Which Palo Alto Networks firewall feature provides all of the following abilities? Stops malware, exploits, and ransomware before they can compromise endpoints Provides protection while endpoints are online and offline, on network and off Coordinates enforcement with network and cloud security to prevent successful attacks Detects threats and automates containment to minimize impact Includes WildFire cloud‐based threat analysis service with your Traps subscription Integrates with the Palo Alto Networks Security Operating Platform

Traps

Which management features does the control plane provide?

logging reporting firewall configuration

Which three data processing features does the data plane provide?

network processing security processing signature matching

What are three components of the Network Processing module?

QoS NAT flow control

Which approach most accurately defines the Palo Alto Networks SP3 architecture?

scan it all, scan it once

What is the result of using a stream‐based design of architecture?

superior performance

Palo Alto Networks has reduced latency enormously, using the Single‐Pass Parallel Processing (SP3) architecture, which combines two complementary components:

Single‐Pass Software | Parallel Processing Hardware

Which security model does Palo Alto Networks recommend that you deploy?

Zero Trust

The Zero Trust model is implemented to specifically address which type of traffic?

east‐west

What are the three main concepts of Zero Trust?

A. All resources are accessed in a secure manner, regardless of location. B. Access control is on a "need‐to‐know" basis and is strictly enforced. D. All traffic is logged and inspected.

Which two statements are true about the Zero Trust model?

Traffic is inspected laterally. | Traffic is inspected east‐west.

Which three Palo Alto Networks products secure your network?

Aperture URL filtering WildFire

Blocking just one stage in the Cyber‐Attack Lifecycle is all that is needed to protect a company's network from attack.

False

What are two stages of the Cyber‐Attack Lifecycle?

Weaponization and delivery | Command and Control

Command and control be prevented through which two methods?

DNS Sinkholing | URL filtering

Exploitation can be mitigated by which two actions?

keeping systems patched | blocking known and unknown vulnerability exploits on the endpoint

What are two firewall management methods?

CLI | XML API

Which two devices are used to can connect a computer to the firewall for management purposes?

serial cable | RJ‐45 Ethernet cable

What is the default IP address on the MGT interfaces of a Palo Alto Networks firewall?

192.168.1.1

What are the two default services that are available on the MGT interface?

HTTPS | SSH

Service route traffic has Security policy rules applied against it.

True

Service routes may be used to forward which two traffic types out a data port?

External Dynamic Lists | Palo Alto Networks updates

Which plane does the running‐config reside on?

Data

Which plane does the candidate config reside on?

Control

Candidate config and running config files are saved as which file type?

XML

Which command must be performed on the firewall to activate any changes?

commit

Which command backs up configuration files to a remote network device?

export

The command load named configuration snapshot overwrites the current candidate configuration with which three items? (Choose three.)

A. custom‐named candidate configuration snapshot (instead of the default snapshot) B. custom‐named running configuration that you imported D. current running configuration (running‐config.xml)

What is the shortest time interval that you can configure a Palo Alto Networks firewall to download WildFire updates?

1 minute

What is the publishing interval for WildFire updates, with a valid WildFire license?

5 minutes

A Palo Alto Networks firewall automatically provides a backup of the config during a software upgrade.

True

If you have a Threat Prevention subscription and not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update?

12 to 48 hours

Which three actions should you complete before you upgrade to a newer version of software? (Choose three.)

A. Review the release notes to determine any impact of upgrading to a newer version of software. B. Ensure the firewall is connected to a reliable power source. D. Create and externally store a backup before you upgrade.

What are five ways to download software? (Choose five.)

A. over the MGT interface on the control plane B. over a data interface on the data plane C. upload from a computer D. from the Palo Alto Networks Customer Support Portal F. from Panorama

Which two statements are true about an admin role profile role? (Choose two.)

B. It can be used for CLI commands. | C. It can be used for XML API.

PAN‐OS® software supports which two authentication types? (Choose two.)

A. RADIUS | C. TACACS+

Which two dynamic role types are available on the PAN‐OS software? (Choose two.)

A. Superuser | D. Device administrator (read‐only)

Which type of profile does an Authentication Sequence include?

Authentication

An authentication profile includes which other type of profile?

Server

Dynamic roles are called "dynamic" because you can customize them.

False | These are dynamic because they are predefined roles that update with the firewall during updates

What is used to override global Minimum Password Complexity Requirements?

password profile

Which two default zones are included with the PAN‐OS® software? (Choose two.)

A. Interzone | C. Intrazone

Which two zone types are valid? (Choose two.)

B. Tap | C. Virtual Wire

What is the zone of type External used to pass traffic between?

D. virtual systems A sixth zone type named External is a special zone that is available only on some firewall models.

Which two statements are correct? (Choose two.)

B. Interfaces do not have to be configured before you can create a zone. C. An interface can belong to only one zone.

Which three interface types can belong in a Layer 3 zone? (Choose three.)

A. loopback B. Layer 3 C. tunnel

What are used to control traffic through zones?

security policy rules

Which two actions can be done with a Tap interface? (Choose two.)

B. decrypt traffic | D. log traffic

Which two actions can be done with a Virtual Wire interface? (Choose two.)

A. NAT | D. log traffic

Which two actions can be done with a Layer 3 interface? (Choose two.)

A. NAT | B. route

Layer 3 interfaces support which two items? (Choose two.)

A. NAT | B. IPv6

What are some examples of Layer 3 loopback interfaces?

They can be destination configurations for DNS sinkholes, GlobalProtect service interfaces (portals and gateways), routing identification, and more.

What is required for a complete Virtual Wire configuration

2 virtual wire interfaces, each in a virtual wire zone, and a virtual wire object

route and switching are done on a virtual wire interface?

False

Layer 3 interfaces support which three advance settings? (Choose three.)

D. NDP configuration E. link speed configuration F. link duplex configuration

Layer 2 interfaces support which three items? (Choose three.)

B. traffic examination C. forwarding of spanning tree BPDUs D. traffic shaping via QoS

Which two interface types support subinterfaces?

A. Virtual Wire | B. Layer 2

Which two statements are true regarding Layer 3 interfaces?

A. You can configure a Layer 3 interface with one or more as a DHCP client. D. You can apply an interface management profile to the interface.

Dynamic routing protocols available on a Palo Alto Networks firewall are as follows:

BGP4 OSPFv2 OSPVv3 RIPv2

Multicast routing protocols available on a Palo Alto Networks firewall are as follows:

IGMPv1, IGMPv2, IGMPv3 | PIM‐SM, PIM‐ASM, PIM‐SSM

What is the firewall's RIB? (Virtual Router)

Forwarding Information Base The virtual router obtains the best route from the RIB, and then places it in the forwarding information base (FIB). Packets then are forwarded to the next hop router defined in the FIB.

What is the default administrative distance of a static route within the PAN‐OS ® software?

Which two dynamic routing protocols are available in the PAN‐OS ® software? (Choose two.)

B. RIPv2 | C. OSPFv3

Which value is used to distinguish the preference of routing protocols?

Metric

In path monitoring, what is used to monitor remote network devices?

Ping

What are the two default (predefined) security policy types in PAN‐OS ® software? (Choose two.)

B. Interzone | C. Intrazone

Because the first rule that matches the traffic is applied, the more specific rules must follow the more general ones.

False

Which statement is true?

For Universal traffic, traffic logging is enabled by default.

What will be the result of one or more occurrences of shadowing?

a warning

Which type of security policy rules always exist above the two predefined security policies?

universal

What are two source NAT types? (Choose two.)

B. static | C. dynamic

A simple way to remember how to configure security policies where NAT was implemented is to memorize the following:

pre‐NAT IP, post‐NAT zone

What are two types of destination NAT? (Choose two.)

A. dynamic IP (with session distribution) | D. static

What are two possible values for DIPP NAT oversubscription?

A. 1x | B. 4x

Which statement is true regarding bidirectional NAT? A. For static translations, bidirectional NAT allows the firewall to create a corresponding translation in the opposite direction of the translation you configure.

A. For static translations, bidirectional NAT allows the firewall to create a corresponding translation in the opposite direction of the translation you configure.

What are two application dependencies for icloud‐mail? (Choose two.)

A. ssl | D. icloud‐base

What does an application filter enable an administrator to do?

dynamically categorize multiple applications

Which two items can be added to an application group? (Choose two.)

A. application groups | C. application filters

What does the TCP Half Closed setting mean?

C. maximum length of time that a session remains in the session table between receiving the first FIN and receiving the second FIN or RST.

What are two application characteristics? (Choose two.)

B. excessive bandwidth use | D. evasive

What is a TCP Timeout (Application Timeouts)

Number of seconds before an idle TCP application flow is terminated. A zero indicates that the default timeout of the application is used.

What is a UDP Timeout (Application Timeouts)

Number of seconds before an idle UDP application flow is terminated. A zero indicates that the default timeout of the application is used.

What is a TCP Time Wait (Application Timeouts)

Maximum length of time that a session remains in the session table after receiving the second FIN or RST. If the timer expires, the session is closed. If this time is not configured at the application level, the global setting is used (range is 1 to 600 seconds). If this value is configured at the application level, it overrides the global TCP Time Wait setting.

Which column in the Applications and Threats screen includes the options Review Apps and Review Policies?

Action

What can you select to minimize the risk using of installing new App‐ID updates?

C. Disable new apps in content Installation of new App‐IDs included in a content release version sometimes can cause a change in policy enforcement for the application that now is uniquely identified.

What are two benefits of vulnerability protection security profiles? (Choose two.)

D. prevent unauthorized access to systems | C. prevent exploitation of system flaws

Sometimes you do not have to explicitly allow access to the dependent applications for the traffic to flow because the firewall can determine the dependencies and allow them implicitly.

True

Which Layer 2 interfaces used to switch traffic between?

other Layer 2 interfaces

How often are new and modified threat signatures and modified applications signatures published?

Weekly

The Application Framework consists of which two components? (Choose two.)

The Application Framework consists of the following components: Infrastructure: A suite of cloud APIs, services, compute, and native access to customer‐specific data stores Customer‐specific data store: The Palo Alto Networks Logging Service Apps: Apps that are delivered from the cloud to extend the capabilities of the platform, including the ability to effortlessly collaborate between different apps, share threat context and intelligence, and drive automated response and enforcement.

Cloud security is delivered in which three ways? (Choose three.)

Auto Focus contextual threat intel, Global Protect Cloud, URL Filtering Web Security, Threat Prevention (IPS), Wildfire, MineMeld Threat Intel Sharing

What is the difference between Palo Alto URL Filtering and BrightCloud URL Filtering Settings?

BrightCloud URL Filtering is updated once a day, where Palo Alto URL Filtering is updated every 5-10 minutes

Under the Application and Threats updates configuration, what does Review Policies do?

Displays policy rules that might enforce traffic different if the app is modified on a content update and lets you add or remove apps from those policies.

What are data filtering profile matches logged as?

Low

What are url profile matches logged as?

Informational

How often are antivirus signatures downloaded?

Daily for Threat Prevention subscribers, sub hourly for Wildfire subscribers

Antispyware policies primarily do what?

Detect C2 activity

What is user credential submission?

Url filtering option that controls users ability to submit corporate credentials to a url category

packets must meet all of the criteria in a security policy to match it?

True

What are the default protocols identified by the Antivirus Security Profile and their actions?

Alert - smtp, imap, pop3 | Block - ftp, http, smb

What are the two pre defined anti-spyware policies?

Default - uses the default option for all matches | Strict - overrides critical, high, and medium matches and sets to block

What are the three HTTP header logging attributes?

User agent - identifier of the browser that accessed Referrer - url that linked to another url X forward to - preserves ip if user that connected to page

What zone are zone protection profiles applied to?

Ingress

What protections does a zone policy offer?

Protection against floods, reconnaissance attacks, and other packet based attacks

What are the five types of floods in zone protection?

Syn, udp, icmp, icmp6, other ip