Exam II Flashcards
A Security policy rule displayed in italic font indicates which condition about the rule?
disabled
A Server Profile enables a firewall to locate a server that provides which type of service?
remote user accounts
In an Antivirus Security Profile, WildFire actions enable you to configure the firewall to perform which operation?
block traffic when a WildFire virus signature is detected
An Interface Management Profile can be attached to which two interface types?
Layer 3
Loopback
App-ID running on a firewall identifies applications using which three methods? (Choose three.)
- ) program heuristics
- ) application signatures
- ) known protocol decoders
Application block pages can be enabled for which types of applications?
web-based
Because a firewall examines every packet in a session, a firewall can detect application ________?
shifts
The presence of URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that you should take which action?
Validate connectivity to the PAN-DB cloud.
For which firewall feature should you create forward trust certificates and forward untrust certificates?
SSL Forward Proxy decryption
A Security policy rule in a destination NAT configuration should be written to match which type of address and zone?
original pre-NAT source and destination addresses, but the post-NAT destination zone
Which two actions does a firewall take when a Security Profile’s action is configured as Reset Server?
- ) The traffic responder is reset.
2. ) For UDP sessions, the connection is dropped.
In an HA configuration, which three functions are associated with the HA1 Control Link?
- ) exchanging hellos
- ) exchanging heartbeats
- ) synchronizing configuration
In an HA configuration, which two failure detection methods rely on ICMP ping?
heartbeats
path groups
SSL Inbound Inspection requires that the firewall be configured with which two components?
server’s private key
servers digital certificate
The firewall acts as a proxy for which two types of traffic?
SSH
SSH outbound
The Threat log records events from which three Security profiles?
Anti-virus
Anti-spyware
Vulnerability Protection
If there is an HA configuration mismatch between firewalls during peer negotiation, which state does the passive firewall enter?
NON-FUNCTIONAL
Which two separate firewall planes comprise the PAN-OS architecture?
- ) control or management plane
2. ) data plane
What are two benefits of attaching a Decryption Profile to a Decryption policy no decrypt rule?
- ) expired certificate checking
2. ) un-trusted certificate checking
What is the result of performing a firewall Commit operation?
The candidate configuration becomes the running configuration.
Which action in a File Blocking Security Profile results in the user being prompted to verify a file transfer?
Continue
Which interface type does not require any configuration changes to adjacent network devices?
Virtual Wire
Which interface type is not assigned to a security zone?
High-Availability (HA)
Which statement describes a function provided by an Interface Management Profile?
It determines what firewall services are accessible FROM external devices.
