Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Security#1 > PCNSE#4 > Flashcards

PCNSE#4 Flashcards

1
Q 
A network administrator uses Panorama to push security polices to managed firewalls at branch offices. Which policy type should be configured on Panorama if the administrators at the branch office sites to override these products?
A. Pre Rules
B. Post Rules
C. Explicit Rules
D. Implicit Rules
A

A. Pre Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Given the following table. Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?
A. Configuring the administrative Distance for RIP to be lower than that of OSPF Int.
B. Configuring the metric for RIP to be higher than that of OSPF Int.
C. Configuring the administrative Distance for RIP to be higher than that of OSPF Ext.
D. Configuring the metric for RIP to be lower than that OSPF Ext.

A

A. Configuring the administrative Distance for RIP to be lower than that of OSPF Int.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which Zone Pair and Rule Type will allow a successful connection for a user on the internetzone to a web server hosted in the DMZ zone? The web server is reachable using a destination Natpolicy in the Palo Alto Networks firewall.
A. Zone Pair: Source Zone: Internet Destination Zone: DMZ Rule Type: intrazone
B. Internet Destination Zone: DMZ Rule Type: Interzone or “universal”
C. Zone Pair: Source Zone: Internet Destination Zone: Internet Rule Type: intrazone or “universal”
D. Zone Pair: Source Zone: Internet Destination Zone: Internet Rule Type: intrazone

A

B. Internet Destination Zone: DMZ Rule Type: Interzone or “universal”(samo sam prepravio intra u interzone)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
What are three possible verdicts that WildFire can provide for an analyzed sample? (Choose three)
A. Clean
B. Bengin
C. Adware
D. Suspicious
E. Grayware
F. Malware
A

B. Bengin
E. Grayware
F. Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)
A. Configure the management interface as HA3 Backup
B. Configure Ethernet 1/1 as HA1 Backup
C. Configure Ethernet 1/1 as HA2 Backup
D. Configure the management interface as HA2 Backup
E. Configure the management interface as HA1 Backup
F. Configure ethernet1/1 as HA3 Backup

A

B. Configure Ethernet 1/1 as HA1 Backup

E. Configure the management interface as HA1 Backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Click the Exhibit button an administrator has noticed a large increase in BitTorrent activity. The administrator wants to determine where the traffic is going on the company. What would be the administrator’s next step?

A. Right-Click on the BitTorrent link and select Value from the context menu
B. Create a global filter for BitTorrent traffic and then view Traffic logs.
C. Create local filter for BitTorrent traffic and then view Traffic logs.
D. Click on the BitTorrent application link to view network activity

A

D. Click on the BitTorrent application link to view network activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which CLI command displays the current management plane memory utilization?

A. > debug management-server show
B. > show running resource-monitor
C. > show system info
D. > show system resources

A

D. > show system resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does Panorama handle incoming logs when it reaches the maximum storage capacity?

A. Panorama discards incoming logs when storage capacity full.
B. Panorama stops accepting logs until licenses for additional storage space are applied
C. Panorama stops accepting logs until a reboot to clean storage space.
D. Panorama automatically deletes older logs to create space for new ones.

A

D. Panorama automatically deletes older logs to create space for new ones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

. Refer to Exhibit: A firewall has three PDF rules and a default route with a next hop of 172.29.19.1 that is configured in the default VR. A user named XX-bes a PC with a 192.168.101.10 IP address. He makes an HTTPS connection to 172.16.10.29.What is the next hop IP address for the HTTPS traffic from Wills PC.

A. 172.20.30.1
B. 172.20.20.1
C. 172.20.10.1
D. 172.20.40.1

A

B. 172.20.20.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which two options are required on an M-100 appliance to configure it as a Log Collector? (Choose two)
A. From the Panorama tab of the Panorama GUI select Log Collector mode and then commit changes
B. Enter the command request system system-mode logger then enter Y to confirm the change toLog Collector mode.
C. From the Device tab of the Panorama GUI select Log Collector mode and then commit changes.
D. Enter the command logger-mode enable the enter to confirm the change to Log Collector mode.
E. Log in the Panorama CLI of the dedicated Log Collector

A

B. Enter the command request system system-mode logger then enter Y to confirm the change toLog
E. Log in the Panorama CLI of the dedicated Log Collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)

A. Run the User-ID Agent using an Active Directory account that has “event log viewer” permissions
B. Enable User-ID on the zone object for the destination zone
C. Run the User-ID Agent using an Active Directory account that has “domain administrator” permissions
D. Enable User-ID on the zone object for the source zone
E. Configure a RADIUS server profile to point to a domain controller

A

A. Run the User-ID Agent using an Active Directory account that has “event log viewer” permissions
D. Enable User-ID on the zone object for the source zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An Administrator is configuring an IPSec VPN toa Cisco ASA at the administrator’s home and experiencing issues completing the connection. The following is the output from the command:less mp-log ikemgr.log: What could be the cause of this problem?

A. The public IP addresses do not match for both the Palo Alto Networks Firewall and the ASA.
B. The Proxy IDs on the Palo Alto Networks Firewall do not match the settings on the ASA.
C. The shared secrets do not match between the Palo Alto firewall and the ASA
D. The deed peer detection settings do not match between the Palo Alto Networks Firewall and the ASA

A

B. The Proxy IDs on the Palo Alto Networks Firewall do not match the settings on the ASA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
Which option is an IPv6 routing protocol?
A. RIPv3
B. OSPFv3
C. OSPv3
D. BGP NG
A

B. OSPFv3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What can missing SSL packets when performing a packet capture on data plane interfaces?

A. The packets are hardware offloaded to the offloaded processor on the data plane
B. The missing packets are offloaded to the management plane CPU
C. The packets are not captured because they are encrypted
D. There is a hardware problem with offloading FPGA on the management plane

A

A. The packets are hardware offloaded to the offloaded processor on the data plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
Which two features does PAN-OS software use to identify applications? (Choose two)
A. port number
B. session number
C. transaction characteristics
D. application layer payload
A

C. transaction characteristics

D. application layer payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)
A. The firewalls must have the same set of licenses.
B. The management interfaces must to be on the same network.
C. The peer HA1 IP address must be the same on both firewalls.
D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device

A

A. The firewalls must have the same set of licenses.

D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?

A. Disable Server Response Inspection
B. Apply an Application Override
C. Disable HIP Profile
D. Add server IP Security Policy exception

A

A. Disable Server Response Inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In an enterprise deployment, a network security engineer wants to assign to a group ofadministrators without creating local administrator accounts on the firewall.Which authentication method must be used?
A. LDAP
B. Kerberos
C. Certification based authentication
D. RADIUS with Vendor-Specific Attributes

A

D. RADIUS with Vendor-Specific Attributes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A network design calls for a “router on a stick” implementation with a PA-5060 performing inter-VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1qtrunk interface Which interface type and configuration setting will support this design?
A. Trunk interface type with specified tag
B. Layer 3 interface type with specified tag
C. Layer 2 interface type with a VLAN assigned
D. Layer 3 sub interface type with specified tag

A

D. Layer 3 sub interface type with specified tag

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Only two Trust to Untrust allow rules have been created in the Security policy Rule1 allows google-based Rule2 allows YouTube-base the YouTube-base App-ID depends on google-base to function. The google-base App-ID implicitly uses SSL and web-browsing. When user tries to access https://www.youtube.com in a web browser, they get an error indicating that the server cannot be found. Which action will allow YouTube.com display in the browser correctly?
A. Add SSL App-ID to Rule1
B. Create an additional Trust to Untrust Rule, add the web-browsing, and SSL App-ID’s to it
C. Add the DNS App-ID to Rule2
D. Add the Web-browsing App-ID to Rule2

A

A. Add SSL App-ID to Rule1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q 
What must be used in Security Policy Rule that contain addresses where NAT policy applies?
A. Pre-NAT addresses and Pre-NAT zones
B. Post-NAT addresses and Post-Nat zones
C. Pre-NAT addresses and Post-Nat zones
D. Post-Nat addresses and Pre-NAT zones
A

C. Pre-NAT addresses and Post-Nat zones

22
Q 
Which URL Filtering Security Profile action logs the URL Filtering category to the URLFiltering log?
A. Log
B. Alert
C. Allow
D. Default
A

B. Alert

23
Q 
What will be the source address in the ICMP packet?
A. 10.30.0.93
B. 10.46.72.93
C. 10.46.64.94
D. 192.168.93.1
A

C. 10.46.64.94

24
Q

A VPN connection is set up between Site-A and Site-B, but no traffic is passing in the system log of Site-A, there is an event logged as like-nego-p1-fail-psk.What action will bring the VPN up and allow traffic to start passing between the sites?
A. Change the Site-B IKE Gateway profile version to match Site-A.
B. Change the Site-A IKE Gateway profile exchange mode to aggressive mode.
C. Enable NAT Traversal on the Site-A IKE Gateway profile.
D. Change the pre-shared key of Site-B to match the pre-shared key of Site-A

A

D. Change the pre-shared key of Site-B to match the pre-shared key of Site-A

25
Q

YouTube videos are consuming too much bandwidth on the network, causing delays in mission-critical traffic. The administrator wants to throttle YouTube traffic. The following interfaces and zones are in use on the firewall:* ethernet1/1, Zone: Untrust (Internet-facing)* ethernet1/2, Zone: Trust (client-facing)A QoS profile has been created, and QoS has been enabled on both interfaces. A QoS rule exists to put the YouTube application into QoS class 6. Interface Ethernet1/1 has a QoS profile called Outbound, and interface Ethernet1/2 has a QoS profile called Inbound. Which setting for class 6 with throttle YouTube traffic?
A. Outbound profile with Guaranteed Ingress
B. Outbound profile with Maximum Ingress
C. Inbound profile with Guaranteed Egress
D. Inbound profile with Maximum Egress

A

D. Inbound profile with Maximum Egress

26
Q 
Which field is optional when creating a new Security Policy rule?
A. Name
B. Description
C. Source Zone
D. Destination Zone
E. Action
A

B. Description

27
Q 
Which User-ID method maps IP address to usernames for users connecting through a web proxy that has already authenticated the user?
A. Client Probing
B. Port mapping
C. Server monitoring
D. Syslog listening
A

D. Syslog listening

28
Q 
What are three valid method of user mapping? (Choose three)
A. Syslog
B. XML API
C. 802.1X
D. WildFire
E. Server Monitoring
A

A. Syslog
B. XML API
E. Server Monitoring

29
Q 
What are three valid actions in a File Blocking Profile? (Choose three)
A. Forward
B. Block
C. Alert
D. Upload
E. Reset-both
F. Continue
A

A. Forward
B. Block
C. Alert

30
Q 
A network design change requires an existing firewall to start accessing Palo Alto Updatesfrom a data plane interface address instead of the management interface.Which configuration setting needs to be modified?
A. Service route
B. Default route
C. Management profile
D. Authentication profile
A

A. Service route

31
Q

A company has a pair of Palo Alto Networks firewalls configured as an Active/Passive High Availability (HA) pair. What allows the firewall administrator to determine the last date a failover event occurred?
A. From the CLI issue use the show System log / system info command
B. Apply the filter subtype eq ha to the System log
C. Apply the filter subtype eq ha to the configuration log
D. Check the status of the High Availability widget on the Dashboard of the GUI

A

A. From the CLI issue use the show System log / system info command

32
Q 
Which CLI command displays the current management plan memory utilization?
A. > show system info
B. > show system resources
C. > debug management-server show
D. > show running resource-monitor
A

B. > show system resources

33
Q 
Which client software can be used to connect remote Linux client into a Palo Alto Networks Infrastructure without sacrificing the ability to scan traffic and protect against threats?
A. X-Auth IPsec VPN
B. Global Protect Apple IOS
C. Global Protect SSL
D. Global Protect Linux
A

D. Global Protect Linux

34
Q 
Which interface configuration will accept specific VLAN IDs?
A. Tab Mode
B. Sub interface
C. Access Interface
D. Trunk Interface
A

B. Sub interface

35
Q

Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tuner is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-Bis using the wrong Link Type for one of its interfaces. Which Link Type setting will correct the error?

A. Set tunnel. 1 to p2p
B. Set tunnel. 1 to p2mp
C. Set Ethernet 1/1 to p2mp
D. Set Ethernet 1/1 to p2p

A

A. Set tunnel. 1 to p2p

36
Q

Which three function are found on the dataplane of a PA-5050? (Choose three)

A. Protocol Decoder
B. Dynamic routing
C. Management
D. Network Processing
E. Signature Match
A

B. Dynamic routing
D. Network Processing
E. Signature Match

37
Q

A network engineer has revived a report of problems reaching 98.139.183.24 through vr1 on the firewall. The routing table on this firewall is extensive and complex. Which CLI command will help identify the issue?

A. test routing fib virtual-router vr1
B. show routing route type static destination 98.139.183.24
C. test routing fib-lookup ip 98.139.183.24 virtual-router vr1
D. show routing interface

A

C. test routing fib-lookup ip 98.139.183.24 virtual-router vr1

38
Q

A file sharing application is being permitted and no one knows what this application is used for. How should this application be blocked?

A. Block all unauthorized applications using a security policy
B. Block all known internal custom applications
C. Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7 attacks
D. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks

A

D. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks

39
Q

How are IPV6 DNS queries configured to user interface ethernet1/3?

A. Network > Virtual Router > DNS Interface
B. Objects > CustomerObjects > DNS
C. Network > Interface Mgrnt
D. Device > Setup > Services > Service Route Configuration

A

D. Device > Setup > Services > Service Route Configuration

40
Q

Which three rule types are available when defining policies in Panorama? (Choose three.)

A. Pre Rules
B. Post Rules
C. Default Rules
D. Stealth Rules
E. Clean Up Rules
A

A. Pre Rules
B. Post Rules
C. Default Rules

41
Q

A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens thousands of bogus UDP connections per second to a single destination IP address and post. Which option when enabled with the correction threshold would mitigate this attack without dropping legitimate traffic to other hosts insides the network?

A. Zone Protection Policy with UDP Flood Protection
B. QoS Policy to throttle traffic below maximum limit
C. Security Policy rule to deny traffic to the IP address and port that is under attack
D. Classified DoS Protection Policy using destination IP only with a Protect action

A

D. Classified DoS Protection Policy using destination IP only with a Protect action

42
Q

A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external server. What can be done to simplify the NAT policy?

A. Configure ECMP to handle matching NAT traffic
B. Configure a NAT Policy rule with Dynamic IP and Port
C. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bidirectional option
D. Create a new Destination NAT Policy rule that matches the existing traffic and enable the Bidirectional option

A

C. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bidirectional option

43
Q

A company hosts a publicly accessible web server behind a Palo Alto Networks next generation firewall with the following configuration information: * Users outside the company are in the “Untrust-L3” zone.* The web server physically resides in the “Trust-L3” zone.* Web server public IP address: 23.54.6.10* Web server private IP address: 192.168.1.10Which two items must the NAT policy contain to allow users in the Untrust-L3 zone to access the webserver?(Choose two.)

A. Destination IP of 23.54.6.10
B. UntrustL3 for both Source and Destination Zone
C. Destination IP of 192.168.1.10
D. UntrustL3 for Source Zone and Trust-L3 for Destination Zone

A

A. Destination IP of 23.54.6.10

B. UntrustL3 for both Source and Destination Zone

44
Q

A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured. What can be the cause of this problem?

A. No Zone has been configured on Ethernet 1/4.
B. Interface Ethernet 1/1 is in Virtual Wire Mode.
C. DNS has not been properly configured on the firewall.
D. DNS has not been properly configured on the host.

A

A. No Zone has been configured on Ethernet 1/4.

45
Q

Which three fields can be included in a pcap filter? (Choose three)

A. Egress interface
B. Source IP
C. Rule number
D. Destination IP
E. Ingress interface
A

B. Source IP
C. Rule number
D. Destination IP

46
Q

A logging infrastructure may need to handle more than 10,000 logs per second.
Which two options support a dedicated log collector function? (Choose two.)
A. Panorama virtual appliance on ESX(i) only
B. M-500
C. M-100 with Panorama installed
D. M-100

A

B. M-500

C. M-100 with Panorama installed

47
Q

Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?

A. Microsoft Active Directory
B. Microsoft Terminal Services
C. Aerohive Wireless Access Point
D. Palo Alto Networks Captive Portal

A

B. Microsoft Terminal Services

48
Q

Several offices are connected with VPNs using static IPV4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accomplish this goal?

A. Assign an IP address on each tunnel interface at each site
B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
D. Create new VPN zones at each site to terminate each VPN connection

A

C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces

49
Q

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinkhole enabled, generating a traffic log. What will be the destination IP Address in that log entry?

A. The IP Address of sinkhole.paloaltonetworks.com
B. The IP Address of the command-and-control server
C. The IP Address specified in the sinkhole configuration
D. The IP Address of one of the external DNS servers identified in the anti-spyware database

A

C. The IP Address specified in the sinkhole configuration

50
Q

Which two methods can be used to mitigate resource exhaustion of an application server? (Choose two.)

A. Vulnerability Object
B. DoS Protection Profile
C. Data Filtering Profile
D. Zone Protection Profile

A

B. DoS Protection Profile

D. Zone Protection Profile

Cyber Security#1 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions