What is the last step of packet processing in the firewall?
check allowed ports
check Security Profiles
check Security policy
forwarding lookup... [Show More]
Check Security Profiles
Which interface type requires you to configure where the next hop is for various addresses?
tap
virtual wire
Layer 2
Layer 3
Layer 3
How do you enable the firewall to be managed through a data-plane interface?
You specify Web UI in the interface properties.
You specify Management in the interface properties.
You specify HTTPS in the Interface Management Profile, and then specify in the interface properties to use that profile.
You specify Management in the Interface Management Profile, and then specify in the interface properties to use that profile.
You specify HTTPS in the Interface Management Profile, and then specify in the interface properties to use that profile.
Some devices managed by Panorama have their external interface on ethernet1/1, some on ethernet1/2. However, the zone definitions for the external zone are identical. What is the recommended solution in this case?
Create two templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices. Use the same external zone definitions in both. Apply those two templates to the appropriate devices.
Create three templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with the external zone definitions. Use those templates to create two template stacks, one with the ethernet1/1 and external zone, another with the ethernet1/2 and external zone. Apply those two template stacks to the appropriate devices.
Create three templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with the external zone definitions. Apply the external zone template to all devices, and the ethernet1/1 and ethernet1/2 as appropriate (you can apply up to five templates per device).
Create three template stacks: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with the external zone definitions. Apply the external zone template to all devices, and the ethernet1/1 and ethernet1/2 as appropriate (you can apply up to five templates per device).
Create three templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with the external zone definitions. Use those templates to create two template stacks, one with the ethernet1/1 and external zone, another with the ethernet1/2 and external zone. Apply those two template stacks to the appropriate devices.
In a Panorama managed environment, which two options show the correct order of policy evaluation? (Choose two.)
device group pre-rules, shared pre-rules, local firewall rules, intrazone-default, interzone-default
device group pre-rules, local firewall rules, shared post-rules, device group post-rules, intrazone-default, interzone-default
device group pre-rules, local firewall rules, device group post-rules, shared post-rules, intrazone-default, interzone-default
device group pre-rules, local firewall rules, intrazone-default, interzone-default, device group post-rules, shared post-rules
shared pre-rules, device group pre-rules, local firewall rules, intrazone-default, interzone-default
device group pre-rules, local firewall rules, device group post-rules, shared post-rules, intrazone-default, interzone-default
&
shared pre-rules, device group pre-rules, local firewall rules, intrazone-default, interzone-default
When you deploy the Palo Alto Networks NGFW on NSX, how many virtual network interfaces does a VM-Series firewall need?
two, one for traffic input and output and one for management traffic
four, two for traffic input and output and two for management traffic (for High
Availability)
three, one for traffic input, one for traffic output, and one for management traffic
six, two for traffic input, two for traffic output, and two for management traffic (for High Availability)
three, one for traffic input, one for traffic output, and one for management traffic
Which source of user information is not supported by the NGFW?
RACF
LDAP
Active Directory
SAML
RACF
What is the main mechanism of packet-based vulnerability attacks?
malformed packets that trigger software bugs when they are received
excess packets that fill up buffers, thus preventing legitimate traffic from being processed
packets that get responses that leak information about the system
packets that either fill up buffers or get responses that leak information
malformed packets that trigger software bugs when they are received
Which method is not a PAN-OS software decryption method?
SSH Proxy
SSL Proxy
SSL Forward Proxy
SSL Inbound Inspection
SSL Proxy
What type of identification does an Application Override policy override?
A. App-ID
B. User-IDC.
Content-ID
D. Service
App-ID
Which two types of protocols can cause an insufficient data value in the Application field in the Traffic log? (Choose two.)
A. UDP
B. TCP
C. ICMP
D. GRE
E. IGP
UDP
TCP
Which three profile types are used to prevent malware executables from entering the network? (Choose three.)
Antivirus
Anti-Spyware
WildFire Analysis
File Blocking
Vulnerability Protection
Zone Protection
Anti-Virus
WildFire Analysis
File Blocking
Which user credential detection method does not require access to an external directory?
group mapping
domain credential filter
LDAP
Certificate
Certificate
Which object type has a property to specify whether it can transfer files?
Application
Service
User
User group
Application
When destination NAT rules are configured, the associated security rule is matched using which parameters?
pre-NAT source zone and post-NAT destination zone
post-NAT source zone and pre-NAT destination zone
pre-NAT source zone and post-NAT destination IP address
E. post-NAT source zone and post-NAT destination zone
pre-NAT source zone and post-NAT destination zone
What is the initial IP address for the management interface?
A. 10.0.0.1
B. 172.16.0.1
C. 192.168.1.1
D. 192.168.255.254
192.168.1.1
In a new firewall, which port provides web interface access by default?
data port #1
any data port
management port
console port
management port [Show Less]