Exam Flashcards

1
Q

On the Next Generation firewall, DNS sinkhole allows administration to quickly identify infected host on the network using DNS traffic.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What two interface types on the Next Generation firewall provide support for Network Address Translation?

A

Layer 3 and Virtual Wire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which URL filtering security profile action logs the category to the URL filtering log?

A

Alert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?

A

Block, Allow, Custom URL, External

Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

On the Next Generation firewall, application groups are always automatically updated when new applications are added to the App-ID database.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In which stage of the Cyber Attack Lifecycle model do attackers gain access “inside” an organization and activate attack code on the victim’s host and ultimately take control of the target machine?

A

Exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of interface allows the Next Generation firewall to provide switching between two or more networks?

A

Layer 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which Next Generation FW configuration type has settings active on the firewall?

A

Running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for Wildfire updates?

A

5 Minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application?

A

Application-default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which type of interface will allow the firewall to be inserted into an existing topology without requiring any reallocation of network addresses or redesign on the network topology?

A

Virtual Wire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When creating an application filter, which of the following is true?

A

They are called dynamic because they will automatically include new applications from an application signature update if the new application’s type is included in the filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

On the Next Generation firewall, what type of security profile detects infected files being transferred with the application.

A

Anti-Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What should be configured as the destination zone on the original packet tab of the NAT Policy rule in the Next Generation firewall?

A

Untrust-L3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

On the Next Generation firewall, If there is a NAT policy, there must also be a security policy.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user’s browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log?

A

Override

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A “continue” action can be configured on the following security profiles in the Next Generation firewalls

A

URL Filtering and File Blocking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the benefit of enabling the “passive DNS monitoring” checkbox on the Next Generation firewall?

A
  1. Improved malware detection in Wildfire
  2. Improved DNS based command and control
    signatures
  3. Improved PAN DB malware detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo, Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option.

A

Safe Search Enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall?

A

Filter the data filtering logs for the user’s traffic and the name of the PDF file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Without a Wildfire subscription, which of the following les can be submitted by the Next Generation Firewall to the hosted Wild re virtualized sandbox?

A

MS Office doc/docx, xls/xlsx, and ppt/pptx files only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following services are enabled on the

Next Generation firewall MGT interface by default

A

HTTPS, SSH, Telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Traffic protection from external locations where the egress point is the perimeter is commonly referred to as “North-South” traffic.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?

A

Application Command Center (ACC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?

A

deviceadmin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)?

A

Network Traffic,
Threat Activity,
Blocked Activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the maximum size of .EXE files uploaded from the Next Generation firewall to Wildfire?

A

Configuration up to 10 megabytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which NGFW security policy rule applies to all

matching traffic within the specified source zones?

A

Intrazone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which built-in role on the Next Generation firewall is the same as superuser except for creation of administration accounts?

A

deviceadmin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics

A

Action: Protect, Classified
Profile with “Resources Protection” configured, and
Classified Address with “source-ip-only” configured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity?

A

VM-500

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following is a routing protocol supported in a Next Generation firewall

A

RIPV2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

In a Next Generation firewall, how many packet does it take to identify the application in a TCP exchange?

A

Four or Five

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which three engines are built into the Single Pass Parallel Processing Architecture of the Next Generation firewall?

A
Application Identification (App-ID)
Content Identification (Content-ID)
User Identification (User-ID)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

On the Next Generation firewall, a commit lock blocks other administrators from committing changes until all of the locks have been released.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal?

A

Change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Security policy rules on the Next Generation Firewall specify a source and a destination interface

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule?

A

Dynamic IP and Port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which command will reset a next generation firewall to its factory default settings if you know the admin account password?

A

request system private-data-reset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

All of the interfaces on a Next Generation Firewall must be of the same interface type.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

In addition to routing to other network devices, virtual routers on the Next Generation Firewall can route to other virtual routers.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which feature can be configured with an IPv6 address?

A

Static Route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which Next Generation Firewall feature
protects cloud-based applications such as Box, Salesforce, and Dropbox by managing permissions and scanning files for external exposure and sensitive information

A

Aperture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Traffic going to a public IP address is being translated by a Next Generation firewall to an Internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server.

A

The server public IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What component of the Next Generation Firewall will protect from port scans?

A

Zone Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which feature can be configured to block sessions that the firewall cannot decrypt?

A

Decryption profile in decryption policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is default setting for “Action” in a decryption policy rule?

A

No-decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which type of Next Generation Firewall decryption
inspects SSL traffic between an internal host and
an external web server?

A

SSL Forward Proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

When SSL encrypted traffic first arrives at the Next
Generation Firewall, which technology initially
identifies the application as web-browsing?

A

App-ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

On the Next Generation Firewall, which is the first configuration step for SSL Forward Proxy
decryption?

A

Forward Trust Certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Which type of Next Generation Firewall decryption inspects SSL traffic coming from external users to internal servers?

A

SSL Inbound Inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

In the Next Generation Firewall, even if the Decryption policy rule action is “no-decrypt,” the Decryption Profile attached to the rule can still be configured to block sessions with expired or untrusted certificates.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is the prerequisite for configuring a pair of Next Generation firewalls in an Active/Passive High Availability (HA) pair?

A

The firewalls must have the same set of licenses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

The firewalls in an HA pair can be assigned a Device Priority value to indicate a preference for which firewall should assume the active role. If you need to designate a specific firewall in the HA pair as the active firewall, you must enable the preemptive behavior on both the firewalls and assign a Device Priority value for each firewall. The Firewall with which Device Priority value is designated as the higher priority and active firewall?

A

Lower

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

During which Palo Alto Networks Active/Passive Firewall Sate is normal traffic discarded?

A

Passive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

During the Palo Alto Networks Active/Passive HA Pair Start-Up, the firewall remains in the INITIAL state after boot-up until it discovers a peer and negotiations begin. After how long of a timeout does the firewall become ACTIVE if HA negotiation has not started?

A

60-seconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which Palo Alto Networks High Availability configuration is not designed to increase throughput?

A

Active/Active

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What mechanism on a Next Generation firewall is used to trigger a High Availability failover if the interface goes down?

A

Link monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

To enable High Availability on a Palo Alto Networks device, both firewalls must be the same model.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

In which Palo Alto Networks GlobalProtect client connection method does the user explicitly initiate the connection?

A

On-demand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which Palo Alto Networks GlobalProtect component is responsible for coordinating communications and interaction between all other GlobalProtect components?

A

Portal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which Palo Alto Networks GlobalProtect deployment component provides security enforcement for traffic from GlobalProtect agents and applications?

A

Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

On a Palo Alto Networks Firewall, what is the maximum number of IPsec tunnels that can be associated with a tunnel interface?

A

10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What three basic requirements are necessary to create a VPN in the Next Generation firewall

A

Create the tunnel interface, Configure he IPSec tunnel, Add a static route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

In the Palo Alto Networks GlobalProtect connection sequence, there is direct communication among gateways or between gateways and portals.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Virtual Private Networks (VPNs) allow systems to connect securely over public networks as if they were connecting over a Local Area Network (LAN).

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?

A

Global

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What feature on the Next Generation firewall can be used to identify, in real time, the application staking up the most bandwidth?

A

Application Command Center (ACC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What are the three pre-defined tabs in the Next Generation firewall Application Command Center(ACC)?

A

Network Traffic, Threat Activity, Blocked Activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

In the Palo Alto Networks Firewall WebUI, which type of report can be compiled into a single emailed PDF?

A

Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

On the Palo Alto Networks Next Generation Firewall, which is the default port for transporting Syslog traffic?

A

6514

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What are two sources of information for determining whether the Next Generation firewall has been successful in communication with an external User-ID Agent?

A

System logs and the indicator light under the User-ID Agent settings in the firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

For the Palo Alto Networks Next Generation Firewall to access a Global Catalog server, LDAP must be set to communicate with which port?

A

3268

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Which Palo alto Networks User-ID component runs on Microsoft and Citrix terminal servers?

A

Palo Alto Networks Terminal Services agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Which User-ID component and mapping method is recommended for web clients that do not use the domain server?

A

Captive Portal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Which port does the Palo Alto Networks Windows-based User-ID agent use by default?

A

TCP port 5007

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What options are available for selecting users for a security policy on the Next Generation firewall?

A

Pre-logon, Known-user, Unknown-user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

The User-ID feature identifies the user and IP address of the computer the user is logged into for Next Generation firewall policy enforcement.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

On the Next Generation firewall, what type of security profile detects infected files being transferred with the application.

A

Anti-Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Which Wildfire verdict includes viruses, worms, trojans, remote access tools, rootkits, and botnets?

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Which CLI command is used to verify successful file uploads to Wildfire?

A

debug wildfire upload-log show

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Which WildFire verdict indicates no security threat but might display obtrusive behavior?

A

Grayware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

If a file type is matched in the File Blocking Profile and Wildfire Analysis Profile, and if the File Blocking Profile action is set to “block,” then the file is not forwarded to WildFire.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Without a Wildfire subscription, which of the following files can be submitted by the Next Generation Firewall to the hosted Wildfire virtualized sandbox?

A

PE Files Only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

What are two sources of information for determining whether the Next Generation firewall has been successful in communicating with an external User-ID Agent?

A

System Logs and the indicator light under the User-ID Agent settings in the firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Which Palo alto Networks User-ID component runs on Microsoft and Citrix terminal servers?

A

Palo Alto Networks Terminal Services agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which is the 3rd message used to acquire a certificate using the Public Key Infrastructure (PKI) Certificate Signing Request (CSR) process?

A

Applicant sends signed information and public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

What is default setting for “Action” in a decryption policy rule?

A

None

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

In the Public Key Infrastructure (PKI) hierarchy, what does the issuing Certificate Authority (CA) use to prevent tampering of the hash value and other critical information in the certificate?

A

Private Key Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Which type of patch management technology has one or more servers that perform network scanning of each host to be patched and determine what patches each host needs?

A

Agentless Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Which type of monitoring technologies for patch management monitor local network traffic to identify applications (and in some cases, operating systems) that are in need of patching?

A

Passive Network Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

A security control assessment is the testing and/or evaluation of the management, operational, and technical security controls on a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Which phase of the Internet Key Exchange (IKE) is concerned with data traffic that crosses the tunnel?

A

Phase 2

95
Q

Which phase of the Internet Key Exchange (IKE) is concerned with authenticating the endpoints?

A

Phase 1

96
Q

Which type of IDPS includes the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations?

A

Anomaly-Based

97
Q

Which type of IDPS technique includes agents that often include a host-based firewall that can restrict incoming and outgoing traffic for each application on the system, preventing unauthorized access and acceptable use policy violations (e.g., use of inappropriate external services)?

A

Network Traffic Filtering

98
Q

Which type of cybersecurity technology changes the security environment and controls to disrupt an attack?

A

Intrusion Prevention System (IPS)

99
Q

Which type of IDPS technology examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware (e.g., worms, backdoors), and policy violations (e.g., a client system providing unauthorized network services to other systems)?

A

Network Behavior Analysis

100
Q

A common attribute of all IDPS technologies is that they can provide completely accurate detection.

A

False

101
Q

Which section of the NIST Cybersecurity Framework Core Functions is used to develop and implement appropriate safeguards to ensure delivery of critical infrastructure services?

A

Protect

102
Q

Which section of the NIST Cybersecurity Framework Core Functions is used to develop and implement the appropriate activities to take action regarding a detected cybersecurity event?

A

Respond

103
Q

Which NIST Cybersecurity Coordination of Framework Implementation level communicates the mission priorities, available resources, and overall risk tolerance to the business process level?

A

Senior Executive

104
Q

Traffic going to a public IP address is being translated by a Next Generation firewall to an internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server?

A

The firewall gateway IP

105
Q

Which role in the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations ensures that an effective program is established and implemented for the organization by establishing expectations and requirements for the organizations’s ISCM program; working closely with authorizing officials to provide funding, personnel, and other resources to support ISCM; and maintaining high-level communications and working group relationships among organizational entities?

A

Chief Information Officer (CIO)

106
Q

In the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, which Tier ensures that all system-level security controls (technical, operational, and management) are implemented correctly, operate as intended, produce the desired outcome with respect to meeting the security requirements for the system, and continue to be effective over time?

A

Tier 3 - Information Systems

107
Q

Which is the correct order for the Risk Management Framework (RMF) structured process in the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations System?

A

Categorize, Select, Implement, Assess, Authorize, Monitor

108
Q

Which type of social engineering attack involves hackers who impersonate IT service people and who spam call as many direct numbers that belong to a company as they can find? These attackers offer IT assistance to each and every one of their victims.

A

Quid Pro Quo

109
Q

Which web development program is an object-oriented, class-based and concurrent language that was developed by Sun Microsystems in the 1990s?

A

Java

110
Q

Which color of the Traffic Light Protocol (TLP) indicates that information requires support to be acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved?

A

Amber

111
Q

Which two actions are available for antivirus security profiles?

A

Allow

Alert

112
Q

Which two HTTP Header Logging options are within a URL filtering profile?

A

User‐Agent

X‐Forward‐For

113
Q

What are the two components of Denial‐of‐Service Protection?

A

zone protection profile

DoS protection profile and policy rules

114
Q

Which two types of attacks does the PAN‐DB prevent?

A

phishing sites

HTTP based command‐and‐control

115
Q

Which two valid URLs can be used in a custom URL category?

A

www. youtube.com

* .youtube.com

116
Q

What are three methods of mapping usernames to IP addresses?

A

Server Monitoring
syslog
port mapping

117
Q

Which type of server profile is used to create group mappings?

A

LDAP

118
Q

The Server Monitoring user mapping method can monitor which three types of
servers?

A

Microsoft Domain Controllers
Exchange Servers
Novell eDirectory Servers

119
Q

The Windows User‐ID Agent can be installed on which two operating systems?

A

Server 2016

Server 2008

120
Q

A Heatmap provides an adoption rate for which three features?

A

WildFire
File Blocking
User‐ID

121
Q

What are three Best Practice Assessment tool primary categories?

A

Security
Decryption
DoS Protection

122
Q

Which two security features normally do not achieve an adoption rate of 100%?

A

DNS Sinkhole

URL Filtering

123
Q

Which type of file is used to generate the Heatmap report and the BPA report?

A

Technical Support

124
Q

What are two components of the BPA tool?

A

Security Policy Adoption Heatmap

BPA

125
Q

The Palo Alto Networks Security Operating Platform is designed for which three
purposes?

A

consume innovations quickly
focus on what matters
prevent successful cyberattacks

126
Q

Which item is not one of the six primary components of the Palo Alto Networks
Security Operating Platform?

A

WildFire

127
Q

Which cloud‐delivered security service provides instant access to community‐based threat data?

A

AutoFocus - It provides
instant access to community‐based threat data, enhanced with deep context and
attribution from the Unit 42 threat research team

128
Q

Which cloud‐delivered security services provides security for branches and mobile users?

A

Global Protect

129
Q

Which Palo Alto Networks Security Operating Platform component provides access to
apps from Palo Alto Networks, third parties, and customers?

A

Application Framework

130
Q

Which Palo Alto Networks firewall feature provides all of the following abilities?
Stops malware, exploits, and ransomware before they can compromise endpoints
Provides protection while endpoints are online and offline, on network and off
Coordinates enforcement with network and cloud security to prevent
successful attacks
Detects threats and automates containment to minimize impact
Includes WildFire cloud‐based threat analysis service with your Traps subscription
Integrates with the Palo Alto Networks Security Operating Platform

A

Traps

131
Q

Which management features does the control plane provide?

A

logging
reporting
firewall configuration

132
Q

Which three data processing features does the data plane provide?

A

network processing
security processing
signature matching

133
Q

What are three components of the Network Processing module?

A

QoS
NAT
flow control

134
Q

Which approach most accurately defines the Palo Alto Networks SP3 architecture?

A

scan it all, scan it once

135
Q

What is the result of using a stream‐based design of architecture?

A

superior performance

136
Q

Palo Alto Networks has reduced latency enormously, using the Single‐Pass Parallel Processing (SP3)
architecture, which combines two complementary components:

A

Single‐Pass Software

Parallel Processing Hardware

137
Q

Which security model does Palo Alto Networks recommend that you deploy?

A

Zero Trust

138
Q

The Zero Trust model is implemented to specifically address which type of traffic?

A

east‐west

139
Q

What are the three main concepts of Zero Trust?

A

A. All resources are accessed in a secure manner, regardless of location.
B. Access control is on a “need‐to‐know” basis and is strictly enforced.
D. All traffic is logged and inspected.

140
Q

Which two statements are true about the Zero Trust model?

A

Traffic is inspected laterally.

Traffic is inspected east‐west.

141
Q

Which three Palo Alto Networks products secure your network?

A

Aperture
URL filtering
WildFire

142
Q

Blocking just one stage in the Cyber‐Attack Lifecycle is all that is
needed to protect a company’s network from attack.

A

False

143
Q

What are two stages of the Cyber‐Attack Lifecycle?

A

Weaponization and delivery

Command and Control

144
Q

Command and control be prevented through which two methods?

A

DNS Sinkholing

URL filtering

145
Q

Exploitation can be mitigated by which two actions?

A

keeping systems patched

blocking known and unknown vulnerability exploits on the endpoint

146
Q

What are two firewall management methods?

A

CLI

XML API

147
Q

Which two devices are used to can connect a computer to the firewall for management purposes?

A

serial cable

RJ‐45 Ethernet cable

148
Q

What is the default IP address on the MGT interfaces of a Palo Alto Networks firewall?

A

192.168.1.1

149
Q

What are the two default services that are available on the MGT interface?

A

HTTPS

SSH

150
Q

Service route traffic has Security policy rules applied against it.

A

True

151
Q

Service routes may be used to forward which two traffic types out a data port?

A

External Dynamic Lists

Palo Alto Networks updates

152
Q

Which plane does the running‐config reside on?

A

Data

153
Q

Which plane does the candidate config reside on?

A

Control

154
Q

Candidate config and running config files are saved as which file type?

A

XML

155
Q

Which command must be performed on the firewall to activate any changes?

A

commit

156
Q

Which command backs up configuration files to a remote network device?

A

export

157
Q

The command load named configuration snapshot overwrites the current candidate
configuration with which three items? (Choose three.)

A

A. custom‐named candidate configuration snapshot (instead of the default snapshot)
B. custom‐named running configuration that you imported
D. current running configuration (running‐config.xml)

158
Q

What is the shortest time interval that you can configure a Palo Alto Networks
firewall to download WildFire updates?

A

1 minute

159
Q

What is the publishing interval for WildFire updates, with a valid WildFire
license?

A

5 minutes

160
Q

A Palo Alto Networks firewall automatically provides a backup of
the config during a software upgrade.

A

True

161
Q

If you have a Threat Prevention subscription and not a WildFire subscription,
how long must you wait for the WildFire signatures to be added into the
antivirus update?

A

12 to 48 hours

162
Q

Which three actions should you complete before you upgrade to a newer
version of software? (Choose three.)

A

A. Review the release notes to determine any impact of upgrading to a newer version of
software.
B. Ensure the firewall is connected to a reliable power source.
D. Create and externally store a backup before you upgrade.

163
Q

What are five ways to download software? (Choose five.)

A

A. over the MGT interface on the control plane
B. over a data interface on the data plane
C. upload from a computer
D. from the Palo Alto Networks Customer Support Portal
F. from Panorama

164
Q

Which two statements are true about an admin role profile role? (Choose two.)

A

B. It can be used for CLI commands.

C. It can be used for XML API.

165
Q

PAN‐OS® software supports which two authentication types? (Choose two.)

A

A. RADIUS

C. TACACS+

166
Q

Which two dynamic role types are available on the PAN‐OS software? (Choose two.)

A

A. Superuser

D. Device administrator (read‐only)

167
Q

Which type of profile does an Authentication Sequence include?

A

Authentication

168
Q

An authentication profile includes which other type of profile?

A

Server

169
Q

Dynamic roles are called “dynamic” because you can customize them.

A

False

These are dynamic because they are predefined roles that update with the firewall during updates

170
Q

What is used to override global Minimum Password Complexity Requirements?

A

password profile

171
Q

Which two default zones are included with the PAN‐OS® software? (Choose two.)

A

A. Interzone

C. Intrazone

172
Q

Which two zone types are valid? (Choose two.)

A

B. Tap

C. Virtual Wire

173
Q

What is the zone of type External used to pass traffic between?

A

D. virtual systems

A sixth zone type named External is a special zone that is available only on some firewall models.

174
Q

Which two statements are correct? (Choose two.)

A

B. Interfaces do not have to be configured before you can create a zone.
C. An interface can belong to only one zone.

175
Q

Which three interface types can belong in a Layer 3 zone? (Choose three.)

A

A. loopback
B. Layer 3
C. tunnel

176
Q

What are used to control traffic through zones?

A

security policy rules

177
Q

Which two actions can be done with a Tap interface? (Choose two.)

A

B. decrypt traffic

D. log traffic

178
Q

Which two actions can be done with a Virtual Wire interface? (Choose two.)

A

A. NAT

D. log traffic

179
Q

Which two actions can be done with a Layer 3 interface? (Choose two.)

A

A. NAT

B. route

180
Q

Layer 3 interfaces support which two items? (Choose two.)

A

A. NAT

B. IPv6

181
Q

What are some examples of Layer 3 loopback interfaces?

A

They can be
destination configurations for DNS sinkholes, GlobalProtect service interfaces (portals and gateways),
routing identification, and more.

182
Q

What is required for a complete Virtual Wire configuration

A

2 virtual wire interfaces, each in a virtual wire zone, and a virtual wire object

183
Q

route and switching are done on a virtual wire interface?

A

False

184
Q

Layer 3 interfaces support which three advance settings? (Choose three.)

A

D. NDP configuration
E. link speed configuration
F. link duplex configuration

185
Q

Layer 2 interfaces support which three items? (Choose three.)

A

B. traffic examination
C. forwarding of spanning tree BPDUs
D. traffic shaping via QoS

186
Q

Which two interface types support subinterfaces?

A

A. Virtual Wire

B. Layer 2

187
Q

Which two statements are true regarding Layer 3 interfaces?

A

A. You can configure a Layer 3 interface with one or more as a DHCP client.
D. You can apply an interface management profile to the interface.

188
Q

Dynamic routing protocols available on a Palo Alto Networks firewall are as follows:

A

BGP4
OSPFv2
OSPVv3
RIPv2

189
Q

Multicast routing protocols available on a Palo Alto Networks firewall are as follows:

A

IGMPv1, IGMPv2, IGMPv3

PIM‐SM, PIM‐ASM, PIM‐SSM

190
Q

What is the firewall’s RIB? (Virtual Router)

A

Forwarding Information Base
The
virtual router obtains the best route from the RIB, and then places it in the forwarding information base
(FIB). Packets then are forwarded to the next hop router defined in the FIB.

191
Q

What is the default administrative distance of a static route within the PAN‐OS ® software?

A

10

192
Q

Which two dynamic routing protocols are available in the PAN‐OS ® software? (Choose two.)

A

B. RIPv2

C. OSPFv3

193
Q

Which value is used to distinguish the preference of routing protocols?

A

Metric

194
Q

In path monitoring, what is used to monitor remote network devices?

A

Ping

195
Q

What are the two default (predefined) security policy types in PAN‐OS ® software?
(Choose two.)

A

B. Interzone

C. Intrazone

196
Q

Because the first rule that matches the traffic is applied, the more
specific rules must follow the more general ones.

A

False

197
Q

Which statement is true?

A

For Universal traffic, traffic logging is enabled by default.

198
Q

What will be the result of one or more occurrences of shadowing?

A

a warning

199
Q

Which type of security policy rules always exist above the two predefined security policies?

A

universal

200
Q

What are two source NAT types? (Choose two.)

A

B. static

C. dynamic

201
Q

A simple way to remember how to configure security policies where NAT was implemented is to
memorize the following:

A

pre‐NAT IP, post‐NAT zone

202
Q

What are two types of destination NAT? (Choose two.)

A

A. dynamic IP (with session distribution)

D. static

203
Q

What are two possible values for DIPP NAT oversubscription?

A

A. 1x

B. 4x

204
Q

Which statement is true regarding bidirectional NAT?
A. For static translations, bidirectional NAT allows the firewall to create a corresponding
translation in the opposite direction of the translation you configure.

A

A. For static translations, bidirectional NAT allows the firewall to create a corresponding
translation in the opposite direction of the translation you configure.

205
Q

What are two application dependencies for icloud‐mail? (Choose two.)

A

A. ssl

D. icloud‐base

206
Q

What does an application filter enable an administrator to do?

A

dynamically categorize multiple applications

207
Q

Which two items can be added to an application group? (Choose two.)

A

A. application groups

C. application filters

208
Q

What does the TCP Half Closed setting mean?

A

C. maximum length of time that a session remains in the session table between receiving the
first FIN and receiving the second FIN or RST.

209
Q

What are two application characteristics? (Choose two.)

A

B. excessive bandwidth use

D. evasive

210
Q

What is a TCP Timeout (Application Timeouts)

A

Number of seconds before an idle TCP application flow is terminated. A zero
indicates that the default timeout of the application is used.

211
Q

What is a UDP Timeout (Application Timeouts)

A

Number of seconds before an idle UDP application flow is terminated. A zero
indicates that the default timeout of the application is used.

212
Q

What is a TCP Time Wait (Application Timeouts)

A

Maximum length of time that a session remains in the session table after
receiving the second FIN or RST. If the timer expires, the session is closed. If this
time is not configured at the application level, the global setting is used (range is
1 to 600 seconds). If this value is configured at the application level, it overrides
the global TCP Time Wait setting.

213
Q

Which column in the Applications and Threats screen includes the options Review Apps and
Review Policies?

A

Action

214
Q

What can you select to minimize the risk using of installing new App‐ID updates?

A

C. Disable new apps in content

Installation of new App‐IDs included in a content release
version sometimes can cause a change in policy enforcement for the application that now is uniquely
identified.

215
Q

What are two benefits of vulnerability protection security profiles? (Choose two.)

A

D. prevent unauthorized access to systems

C. prevent exploitation of system flaws

216
Q

Sometimes you do not have to explicitly allow access to the dependent applications for the traffic to flow because the firewall can determine the dependencies and allow them implicitly.

A

True

217
Q

Which Layer 2 interfaces used to switch traffic between?

A

other Layer 2 interfaces

218
Q

How often are new and modified threat signatures and modified applications signatures published?

A

Weekly

219
Q

The Application Framework consists of which two components? (Choose two.)

A

The Application Framework consists of the following components:
Infrastructure: A suite of cloud APIs, services, compute, and native access to
customer‐specific data stores
Customer‐specific data store: The Palo Alto Networks Logging Service
Apps: Apps that are delivered from the cloud to extend the capabilities of the platform,
including the ability to effortlessly collaborate between different apps, share threat
context and intelligence, and drive automated response and enforcement.

220
Q

Cloud security is delivered in which three ways? (Choose three.)

A

Auto Focus contextual threat intel, Global Protect Cloud, URL Filtering Web Security, Threat Prevention (IPS), Wildfire, MineMeld Threat Intel Sharing

221
Q

What is the difference between Palo Alto URL Filtering and BrightCloud URL Filtering Settings?

A

BrightCloud URL Filtering is updated once a day, where Palo Alto URL Filtering is updated every 5-10 minutes

222
Q

Under the Application and Threats updates configuration, what does Review Policies do?

A

Displays policy rules that might enforce traffic different if the app is modified on a content update and lets you add or remove apps from those policies.

223
Q

What are data filtering profile matches logged as?

A

Low

224
Q

What are url profile matches logged as?

A

Informational

225
Q

How often are antivirus signatures downloaded?

A

Daily for Threat Prevention subscribers, sub hourly for Wildfire subscribers

226
Q

Antispyware policies primarily do what?

A

Detect C2 activity

227
Q

What is user credential submission?

A

Url filtering option that controls users ability to submit corporate credentials to a url category

228
Q

packets must meet all of the criteria in a security policy to match it?

A

True

229
Q

What are the default protocols identified by the Antivirus Security Profile and their actions?

A

Alert - smtp, imap, pop3

Block - ftp, http, smb

230
Q

What are the two pre defined anti-spyware policies?

A

Default - uses the default option for all matches

Strict - overrides critical, high, and medium matches and sets to block

231
Q

What are the three HTTP header logging attributes?

A

User agent - identifier of the browser that accessed
Referrer - url that linked to another url
X forward to - preserves ip if user that connected to page

232
Q

What zone are zone protection profiles applied to?

A

Ingress

233
Q

What protections does a zone policy offer?

A

Protection against floods, reconnaissance attacks, and other packet based attacks

234
Q

What are the five types of floods in zone protection?

A

Syn, udp, icmp, icmp6, other ip