Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

firewalls > lesson 4 > Flashcards

lesson 4 Flashcards

1
Q

pan-os

A
  • operating platform of next generation firewall software by palo alto
  • supports all business sizes
  • can be controlled by command line, web gui, panorama api, and snmp
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

pan-os standard features

A
  • dual stack networking
  • zone based architecture
  • vpn
  • high availability
  • qos traffic shaping
  • virtual routing and firewall configurations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

three tenants of pan-os

A
  • identifying the app (app-id)
  • identifying the user (user-id)
  • identifying the content (content-id)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

pan-os security zones

A
  • allow for granular policy-based control

- traffic between zone interfaces can be independently identified and controlled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

pan-os security policies

A

-enforced by configuring rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

pan-os security policy defaults

A
  • intrazone-default, allows traffic within a zone

- interzone-default, denies traffic between zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

pan-os objects

A
  • represent physical and virtual network components

- divided into categories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

pan-os object categories

A
  • network objects
  • applications and services
  • security profiles
  • user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

pan-os network objects object category

A

-addresses, hosts, address groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

pan-os applications and services object category

A
  • applications
  • application types
  • services
  • protocols
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

pan-os security profiles object category

A
  • antivirus
  • anti-spyware
  • url filtering
  • data filtering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

pan-os user object category

A
  • users

- user groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

pan-os tags

A
  • colour coded labels that can be assigned to identify items throughout the firewall configuration
  • allow you to easier identify related items
  • allow you to use alternate view options when working with large configs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

pan-os management interface

A
  • out of band

- physical or virtual interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

pan-os software updates

A
  • system software
  • antivirus and spyware definitions (daily)
  • malicious domains and urls
  • application and threat signatures (weekly/monthly)
  • wildfire (every 5 minutes)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

pan-os deployment options

A
  • tap
  • virtual wire
  • layer 3
17
Q

pan-os flow logic for new sessions

A
  • source zone
  • zone and/or dos protection
  • forwarding lookup (pbf)
  • destination zone (plus dnat check)
  • security policy check (app-id ignored)
  • assign session id
  • inspect app-id and content-id
  • check for encryption (if there is a decrypt policy, move back to inspection)
  • enforce security policy and profiles
  • forward traffic (re-encrypt if decrypted)
18
Q

pan-os flow logic for existing sessions

A
  • inspect app-id and content-id
  • check for encryption (if there is a decrypt policy, move back to inspection)
  • enforce security policy and profiles
  • forward traffic (re-encrypt if decrypted)
19
Q

pan-os security policy data plane fundamentals

A
  • all traffic passing through the data plane is matched to a security policy
  • management traffic does not pass through the data plane
20
Q

pan-os security policy rules fundamentals

A
  • policy rules are defined using zones, apps, addresses, users and host information profiles (HIP)
  • evaluated from top to bottom, stops when a match is found
  • policy rules are directional but replies are always allowed
  • if traffic will be initiated from both zones two policies are required
  • universally unique identifiers (UUIDs) are assigned to a policy rule upon creation which provides a trail that captures all changes made to a rule and who made the most recent change
21
Q

pan-os firewall type

A

-stateful

22
Q

pan-os security policy session fundamentals

A
  • sessions are identified by source and destination ip address, source and destination port numbers, protocol, and source security zone
  • each session is assigned a unique session id
  • each session consists of two flows, client-to-server and server-to-client, with clients considered to be the initiating device
23
Q

pan-os security policy rule types

A
  • intrazone
  • interzone
  • universal
24
Q

pan-os nat types

A
  • source nat

- destination nat

25
Q

pan-os source nat

A
  • modifies source address

- used by internal clients with private ips when they access hosts on the internet

26
Q

pan-os destination nat

A
  • modifies the destination address

- used to provide hosts on the internet access to private (internal) servers

firewalls (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions