Exam Domain 5 – Core Concepts Flashcards
- What is the correct order of evaluation between the Security policy and the NAT policy?
A. NAT policy evaluated, Security policy evaluated, NAT policy applied, Security policy
applied
B. NAT policy evaluated, NAT policy applied, Security policy evaluated, Security policy
applied
C. NAT policy evaluated, Security policy evaluated, Security policy applied, NAT policy
applied
D. Security policy evaluated, NAT evaluated, NAT policy applied, Security policy applied
C. NAT policy evaluated, Security policy evaluated, Security policy applied, NAT policy applied
- Which two statements are true regarding firewall policy? (Choose two.)
A. All policy rules are evaluated, and the most specific rule will match.
B. Policy rules are evaluated from the top down, and the first rule matched processes the
traffic.
C. Interzone traffic is allowed by default.
D. Intrazone traffic is allowed by default.
E. Outbound traffic is allowed by default. Only inbound traffic is evaluated.
B. Policy rules are evaluated from the top down, and the first rule matched processes the traffic.
D. Intrazone traffic is allowed by default.
- Which firewall operation order correct?
A. decryption, check allowed ports, App-ID identification, check Security policy
B. decryption, App-ID identification, check allowed ports, check Security policy
C. check allowed ports, decryption, App-ID identification, check Security policy
D. decryption, App-ID identification, check Security policy, check allowed ports
C. check allowed ports, decryption, App-ID identification, check Security policy
178. Packet Buffer Protection defends against which type of denial-of-service attack? A. from distributed sessions B. from a single App-ID source C. from multiple App-ID sources D. from a single session
D. from a single session
- Which defense is turned on when a Packet Buffer Protection event is detected?
A. SYN cookie management of attacking session traffic
B. Random Early Drop of packets from the attacking session
C. block all packets from the attacking session for the configured duration
D. block all packets from the attacking IP address for the configured duration
B. Random Early Drop of packets from the attacking session
180. A URL Filtering Profile is part of which type of identification? A. App-ID B. Content-ID C. User-ID D. Service
B. Content-ID
181. Which stage of the attack lifecycle is most likely to be stopped by dividing the network into separate security zones and enabling packet-based zone protection? A. Reconnaissance B. Execution C. Lateral movement D. Data exfiltration
A. Reconnaissance
182. Which component can tell you if an attack is an APT or a broad attack designed to produce a botnet for future abuse? A. next-generation firewall B. WildFire C. MineMeld D. AutoFocus
D. AutoFocus
183. User-ID maps users to which type of information? A. MAC addresses B. IP addresses C. IP address and port number D. port numbers
B. IP addresses
184. User-ID uses which protocol to map between user identities and groups? A. NetBIOS B. LDAP C. syslog D. HTTPS
B. LDAP
185. What format do you use when calling the API to inform the firewall of a new IP address-to- User-ID mapping? A. XML B. JSON C. YAML D. Base64
A. XML
186. On a PA-7000 Series firewall, which management function runs on a separate, dedicated card? A. configuration management B. logging C. reporting D. management web service
B. logging
- Do some next-generation firewall models use FPGA chips?
A. no, never
B. yes, on the data plane, but only on higher-end models
C. yes, on the management plane, but only on higher-end models
D. on both data the data plane and the management plane, but only on higher-end models
B. yes, on the data plane, but only on higher-end models
188. Which function resides on the management plane? A. App-ID matching B. route lookup C. policy match D. logging
D. logging
189. Which parameter is important for QoS policy match decisions? A. App-ID B. Content-ID C. User-ID D. Ingress interface
A. App-ID
190. What is the maximum number of QoS classes supported by the next-generation firewall? A. 4 B. 8 C. 16 D. 32
B. 8
191. Which file type is not supported by WildFire? A. iOS B. Android C. Windows PE D. Microsoft Excel
A. iOS
- The firewall will skip the upload to WildFire in which three cases? (Choose three.)
A. The file has been signed by a trusted signer.
B. The file is being uploaded rather than downloaded.
C. The file is an attachment in an email.
D. The file hash matches a previous submission.
E. The file is larger than 50MB.
F. The file is transferred through HTTPS.
A. The file has been signed by a trusted signer.
D. The file hash matches a previous submission.
E. The file is larger than 50MB.
193. Which feature is not supported on the WF-500 appliance? A. Bare metal analysis B. Microsoft Windows XP 32-bit analysis C. Microsoft Windows 7 64-bit analysis D. static analysis
A. Bare metal analysis
194. What are the two purposes of multi-factor authentication? (Choose two.) A. reduce the value of stolen passwords B. simplify password resets C. reduce and prevent password sharing D. ensure strong passwords E. provide single sign-on functionality
A. reduce the value of stolen passwords
C. reduce and prevent password sharing
195. Which MFA factor is not supported by the next-generation firewall? A. voice B. push C. SMS D. S/Key
D. S/Key
- What is the meaning of setting the source user to known-user in an Authentication policy
rule?
A. The user identity is known (linked to an IP address), but the resource is sensitive
enough to require additional authentication.
B. The next-generation firewall will demand user authentication, and only then will the
resource be available.
C. The source device is a known device that is used only by a single person.
D. The firewall attempts to match only users defined in the firewall’s local user database.
A. The user identity is known (linked to an IP address), but the resource is sensitive
enough to require additional authentication.
197. What are the two Captive Portal modes? (Choose two.) A. proxy B. transparent C. web form D. certificate E. redirect
B. transparent
E. redirect
198. Which action is not required when multi-factor authentication and a SAML Identity Provider (IdP) are configured? A. create an Authentication policy rule B. configure NTLM settings C. create an Authentication object D. create an Authentication Profile
B. configure NTLM settings