Exam Domain 5 – Core Concepts Flashcards
1
Q
- What is the correct order of evaluation between the Security policy and the NAT policy?
A. NAT policy evaluated, Security policy evaluated, NAT policy applied, Security policy
applied
B. NAT policy evaluated, NAT policy applied, Security policy evaluated, Security policy
applied
C. NAT policy evaluated, Security policy evaluated, Security policy applied, NAT policy
applied
D. Security policy evaluated, NAT evaluated, NAT policy applied, Security policy applied
A
C. NAT policy evaluated, Security policy evaluated, Security policy applied, NAT policy applied
2
Q
- Which two statements are true regarding firewall policy? (Choose two.)
A. All policy rules are evaluated, and the most specific rule will match.
B. Policy rules are evaluated from the top down, and the first rule matched processes the
traffic.
C. Interzone traffic is allowed by default.
D. Intrazone traffic is allowed by default.
E. Outbound traffic is allowed by default. Only inbound traffic is evaluated.
A
B. Policy rules are evaluated from the top down, and the first rule matched processes the traffic.
D. Intrazone traffic is allowed by default.
3
Q
- Which firewall operation order correct?
A. decryption, check allowed ports, App-ID identification, check Security policy
B. decryption, App-ID identification, check allowed ports, check Security policy
C. check allowed ports, decryption, App-ID identification, check Security policy
D. decryption, App-ID identification, check Security policy, check allowed ports
A
C. check allowed ports, decryption, App-ID identification, check Security policy
4
Q
178. Packet Buffer Protection defends against which type of denial-of-service attack? A. from distributed sessions B. from a single App-ID source C. from multiple App-ID sources D. from a single session
A
D. from a single session
5
Q
- Which defense is turned on when a Packet Buffer Protection event is detected?
A. SYN cookie management of attacking session traffic
B. Random Early Drop of packets from the attacking session
C. block all packets from the attacking session for the configured duration
D. block all packets from the attacking IP address for the configured duration
A
B. Random Early Drop of packets from the attacking session
6
Q
180. A URL Filtering Profile is part of which type of identification? A. App-ID B. Content-ID C. User-ID D. Service
A
B. Content-ID
7
Q
181. Which stage of the attack lifecycle is most likely to be stopped by dividing the network into separate security zones and enabling packet-based zone protection? A. Reconnaissance B. Execution C. Lateral movement D. Data exfiltration
A
A. Reconnaissance
8
Q
182. Which component can tell you if an attack is an APT or a broad attack designed to produce a botnet for future abuse? A. next-generation firewall B. WildFire C. MineMeld D. AutoFocus
A
D. AutoFocus
9
Q
183. User-ID maps users to which type of information? A. MAC addresses B. IP addresses C. IP address and port number D. port numbers
A
B. IP addresses
10
Q
184. User-ID uses which protocol to map between user identities and groups? A. NetBIOS B. LDAP C. syslog D. HTTPS
A
B. LDAP
11
Q
185. What format do you use when calling the API to inform the firewall of a new IP address-to- User-ID mapping? A. XML B. JSON C. YAML D. Base64
A
A. XML
12
Q
186. On a PA-7000 Series firewall, which management function runs on a separate, dedicated card? A. configuration management B. logging C. reporting D. management web service
A
B. logging
13
Q
- Do some next-generation firewall models use FPGA chips?
A. no, never
B. yes, on the data plane, but only on higher-end models
C. yes, on the management plane, but only on higher-end models
D. on both data the data plane and the management plane, but only on higher-end models
A
B. yes, on the data plane, but only on higher-end models
14
Q
188. Which function resides on the management plane? A. App-ID matching B. route lookup C. policy match D. logging
A
D. logging
15
Q
189. Which parameter is important for QoS policy match decisions? A. App-ID B. Content-ID C. User-ID D. Ingress interface
A
A. App-ID
16
Q
190. What is the maximum number of QoS classes supported by the next-generation firewall? A. 4 B. 8 C. 16 D. 32
A
B. 8
17
Q
191. Which file type is not supported by WildFire? A. iOS B. Android C. Windows PE D. Microsoft Excel
A
A. iOS
18
Q
- The firewall will skip the upload to WildFire in which three cases? (Choose three.)
A. The file has been signed by a trusted signer.
B. The file is being uploaded rather than downloaded.
C. The file is an attachment in an email.
D. The file hash matches a previous submission.
E. The file is larger than 50MB.
F. The file is transferred through HTTPS.
A
A. The file has been signed by a trusted signer.
D. The file hash matches a previous submission.
E. The file is larger than 50MB.
19
Q
193. Which feature is not supported on the WF-500 appliance? A. Bare metal analysis B. Microsoft Windows XP 32-bit analysis C. Microsoft Windows 7 64-bit analysis D. static analysis
A
A. Bare metal analysis
20
Q
194. What are the two purposes of multi-factor authentication? (Choose two.) A. reduce the value of stolen passwords B. simplify password resets C. reduce and prevent password sharing D. ensure strong passwords E. provide single sign-on functionality
A
A. reduce the value of stolen passwords
C. reduce and prevent password sharing
21
Q
195. Which MFA factor is not supported by the next-generation firewall? A. voice B. push C. SMS D. S/Key
A
D. S/Key
22
Q
- What is the meaning of setting the source user to known-user in an Authentication policy
rule?
A. The user identity is known (linked to an IP address), but the resource is sensitive
enough to require additional authentication.
B. The next-generation firewall will demand user authentication, and only then will the
resource be available.
C. The source device is a known device that is used only by a single person.
D. The firewall attempts to match only users defined in the firewall’s local user database.
A
A. The user identity is known (linked to an IP address), but the resource is sensitive
enough to require additional authentication.
23
Q
197. What are the two Captive Portal modes? (Choose two.) A. proxy B. transparent C. web form D. certificate E. redirect
A
B. transparent
E. redirect
24
Q
198. Which action is not required when multi-factor authentication and a SAML Identity Provider (IdP) are configured? A. create an Authentication policy rule B. configure NTLM settings C. create an Authentication object D. create an Authentication Profile
A
B. configure NTLM settings
25
199. An Authentication policy rule has a HIP Profile. Where are the users being authenticated
coming from?
A. internal devices, such as Linux workstations
B. external devices belonging to customers of the organization
C. internal servers running UNIX (Solaris, HPUX, AIX, etc.)
D. GlobalProtect connections through the internet
D. GlobalProtect connections through the internet
26
200. A company has strict security requirements that require inspection of every connection
between two internal computers. Those internal computers are connected and disconnected
by non-technical users in an environment without a DHCP server. How does traffic get
forwarded between those internal computers?
A. a switch
B. a firewall configured as a switch, with Layer 2 interfaces
C. a firewall configured as a router, with Layer 3 interfaces
D. a firewall in TAP mode or Virtual Mirror mode
B. a firewall configured as a switch, with Layer 2 interfaces
27
201. Two links to the internet go through two ISPs (for backup purposes). Link A has a lower
latency, and link B supports a higher bandwidth. How would you force a specific application to
use only Link B when the route table enables the application to use either link?
A. specify the application in a Policy Based Forwarding rule
B. specify the application in the virtual router’s route table
C. specify the application in a QoS policy rule
D. specify the application in an Application Override policy rule
A. specify the application in a Policy Based Forwarding rule
28
202. Can you put a device on each end of a VPN tunnel on the same Ethernet segment?
A. No, because this requirement never happens.
B. No, because Ethernet at Layer 2 is a lower layer than a Layer 3 VPN tunnel.
C. Yes, if you tunnel Ethernet over IP.
D. Yes, because VPN tunnels can be Layer 2 tunnels.
C. Yes, if you tunnel Ethernet over IP.
29
```
203. Which action specifies that Security Profiles are relevant in a policy rule?
A. deny
B. drop
C. reset
D. allow
```
D. allow
30
204. Are files quarantined while WildFire checks if they are malware or legitimate?
A. always yes
B. always no
C. by default, yes, but you can change the settings
D. by default, no, but you can change the settings
B. always no
31
```
205. Which feature of the next-generation firewall allows you to block websites that are not
business-appropriate?
A. App-ID
B. File Blocking
C. Exploit Protection
D. URL Filtering
```
D. URL Filtering
32
```
206. Which operating system do you select to use for a Palo Alto Networks firewall running in
Microsoft Azure?
A. Windows
B. BSD
C. Linux
D. UNIX
```
C. Linux
33
207. What option lists the four component directories of a Palo Alto Networks bootstrap
container?
A. software, config, license, and content
B. software, config, lic, and content
C. software, configuration, license, and content
D. software, configuration, lic, and content
A. software, config, license, and content
34
```
208. Which environment supports a USB drive for the firewall bootstrap?
A. VMware ESXi
B. physical firewall
C. Microsoft Hyper-V
D. KVM
```
B. physical firewall
