Which four models are the Palo Alto Networks next-generation firewall models? (Choose four.)
a. PA-200 Series
b. PA-2000 Series
c. PA-300 Series
d.
... [Show More] PA-3200 Series
e. PA-400 Series
f. PA-5000 Series
g. PA-7000 Series
a. PA-200 Series
d. PA-3200 Series
f. PA-5000 Series
g. PA-7000 Series
Which two planes are found in Palo Alto Networks single-pass platform architecture? (Choose two.)
a. control
b. single pass
c. data
d. parallel processing
a. control
c. data
(T/F) The strength of the Palo Alto Networks firewall is its Single-Pass Parallel Processing (SP3) engine.
a. true
b. false
a. true
Which new firewall model was introduced with PAN-OS 8.1 with double the data-plane memory?
a. PA-5260
b. PA-5270
c. PA-5280
d. PA-5290
c. PA-5280
Palo Alto Networks firewalls are built with a dedicated out-of-band management port that has which three attributes? (Choose three.)
a. Labeled MGT by default.
b. Passes only management traffic for the device and cannot be configured as a standard traffic port.
c. Administrators use the out-of-band management port for direct connectivity to the management plane of
the firewall.
d. Cannot be configured to use DHCP.
a. Labeled MGT by default.
b. Passes only management traffic for the device and cannot be configured as a standard traffic port.
c. Administrators use the out-of-band management port for direct connectivity to the management plane of
Which three statements are true regarding the candidate configuration? (Choose three.)
a. You can roll back the candidate configuration by pressing the Undo button.
b. You can revert the candidate configuration to the running configuration.
c. Clicking Save creates a copy of the current candidate configuration.
d. Choosing Commit updates the running configuration with the contents of the candidate configuration.
b. You can revert the candidate configuration to the running configuration.
c. Clicking Save creates a copy of the current candidate configuration.
d. Choosing Commit updates the running configuration with the contents of the candidate configuration.
(T/F) Firewall administrator accounts can be individualized for user needs, granting or restricting permissions as appropriate?
a. true
b. false
a. true
Firewall administration can be done using which four interfaces? (Choose four.)
a. web interface
b. Panorama
c. command line interface
d. Java API
e. XML API
a. web interface
b. Panorama
c. command line interface
e. XML API
(T/F) Service routes can be used to configure an in-band port to access external services.
a. true
b. false
a. true
Virtual routers provide support for static routing and dynamic routing using which three protocols? (Choose three.)
a. OSPF
b. RIPv2
c. EGP
d. BGP
a. OSPF
b. RIPv2
d. BGP
Which three interface types are valid on a Palo Alto Networks firewall? (Choose three.)
a. FC
b. Layer 3
c. FCoE
d. Tap
e. Virtual Wire
b. Layer 3
d. Tap
e. Virtual Wire
(T/F) Intrazone traffic is allowed by default but interzone traffic is blocked by default.
a. true
b. false
a. true
Which three attributes are true regarding a Virtual Wire (vwire) interface? (Choose three.)
a. sometimes called a Bump in the Wire or Transparent In-Line
b. no support for routing or device management
c. supports NAT, Content-ID, and User-ID
d. supports SSL Decrypt Inbound traffic only
a. sometimes called a Bump in the Wire or Transparent In-Line
b. no support for routing or device management
c. supports NAT, Content-ID, and User-ID
(T/F) A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6 addresses.
a. true
b. false
a. true
Which four items are possible network traffic match criteria in a Security policy on a Palo Alto Networks firewall? (Choose four.)
a. Source Zone
b. Username
c. DNS Domain
d. URL
e. Application
a. Source Zone
b. Username
d. URL
e. Application
Which of the three types of Security policy rules that can be created is the default rule type?
a. intrazone
b. interzone
c. universal
c. universal
(T/F) The intrazone-default and interzone-default rules cannot be modified.
a. true
b. false
b. false
Which three items are names of valid source NAT translation types? (Choose three.)
a. dynamic IP
b. dynamic IP/Port
c. port forwarding
d. static
a. dynamic IP
b. dynamic IP/Port
d. static
(T/F) Logging on intrazone-default and interzone-default Security policy rules is enabled by default.
a. true
b. false
b. false
Which item is the name of an object that dynamically groups applications based on application attributes that you define: Category, Subcategory, Technology, Risk, and Characteristic?
a. application
b. application filter
c. application group
d. Application Profile
b. application filter
(T/F) In Palo Alto Networks terms, an application is a specific program or feature that can be detected, monitored, and blocked if necessary.
a. true
b. false
a. true
Before App-ID would identify traffic as facebook-base, it would first identify the traffic as which application?
a. unknown-tcp
b. unknown-udp
c. web-browsing
c. web-browsing
Which three statements are true regarding App-ID? (Choose three.)
a. It addresses the traffic classification limitations of traditional firewalls.
b. It is the Palo Alto Networks traffic classification mechanism.
c. It uses multiple identification mechanisms to determine the exact identity of applications traversing
the network.
d. It still is in the developmental stage and is not yet released.
a. It addresses the traffic classification limitations of traditional firewalls.
b. It is the Palo Alto Networks traffic classification mechanism.
c. It uses multiple identification mechanisms to determine the exact identity of applications traversing
the network.
Application groups can contain applications, filters, or other application groups.
a. true
b. false
a. true
Which anti-spyware feature enables an administrator to quickly identify a potentially infected host on the network?
a. Data Filtering log entry
b. continue response page
c. DNS sinkhole
d. CVE number
c. DNS sinkhole
(T/F) A Security Profile attached to a Security policy rule is evaluated only if the Security policy rule matches traffic and the rule action is set to "Allow."
a. true
b. false
a. true
Zone Protection Profiles are applied to which item?
a. ingress ports
b. Security policy rules
c. egress ports
d. Address Groups
b. Security policy rules
(T/F) The Antivirus Security Profile defines actions to be taken if an infected file is detected as part of an application.
a. true
b. false
a. true
(T/F) Each Anti-Spyware Security Profile contains one master rule to handle all types of threats.
a. true
b. false
b. false
Which four actions results in a URL Filtering log entry? (Choose four.)
a. alert
b. allow
c. block
d. continue
e. override
a. alert
c. block
d. continue
e. override
(T/F) URLs always are matched to a PAN-DB URL category before they match a custom URL category.
a. true
b. false
b. false
Which three statements are true regarding Safe Search Enforcement? (Choose three.)
a. Safe search is a web server setting.
b. Safe search is a web browser setting.
c. Safe search is a best-effort setting.
d. Safe search is designed to block violent web content.
b. Safe search is a web browser setting.
c. Safe search is a best-effort setting.
d. Safe search is designed to block violent web content. [Show Less]