PCNSA - Interface Configuration Exam 39 Questions with Verified Answers
Tap interface - CORRECT ANSWER firewall can connect to SPAN or mirror port to
... [Show More] identify applications running on the network. Requires no changes to existing network design. Firewall cannot control any traffic.
virtual wire - CORRECT ANSWER firewall can be inserted into existing topology without re-allocation of network addresses or redesign of topology. All protection, decryption and NAT features can be used in this mode.
Layer 3 interface - CORRECT ANSWER firewall can replace any current enterprise firewall deployment
Security Zone - CORRECT ANSWER logical grouping of traffic on the network
intrazone default security policy - CORRECT ANSWER implicit allow all
interzone default security policy - CORRECT ANSWER traffic between zones implicit deny by default
In-band network interfaces - CORRECT ANSWER includes physical interfaces and logical subinterfaces, each interface/subinterface can only be assigned to one zone. A zone can contain multiple interfaces.
Interfaces not assigned to a zone - CORRECT ANSWER MGT and HA (all other interface types must be assigned to a zone in order to process traffic)
Tap Zone type - CORRECT ANSWER for Tap interfaces only
Layer 2 zone - CORRECT ANSWER for layer 2 interfaces only
layer 3 zone - CORRECT ANSWER supports layer3 , VLAN, loopback, and tunnel interfaces
Virtual Wire Zone - CORRECT ANSWER Virtual wire interfaces
External Zone type - CORRECT ANSWER (only on some FW models) allows traffic to pass between virtual systems within the same firewall
also referred to as a 'bump in the wire' or 'transparent in-line deployment' - CORRECT ANSWER virtual wire
T/F? A virtual wire object can block or allow traffic based on 802.1Q VLAN tags? - CORRECT ANSWER True
Multicast Firewalling - CORRECT ANSWER Configured on a virtual wire object to allow filtering of multicast traffic based on security policy rules
Link-state passthrough - CORRECT ANSWER allows devices on each side of the virtual wire to see the link-state signal from each other
Supported Netflow types on all interface types except HA - CORRECT ANSWER Netflow v9 and unidirectional only
Virtual Wire subinterfaces - CORRECT ANSWER classifies and matches traffic according to VLAN tag or IP classifiers (required for untagged traffic, optional for tagged)
Layer 2 Interfaces - CORRECT ANSWER Provides switching between 2 or more interfaces through a common VLAN object
Does not support routing or firewall management traffic
Layer 2 subinterfaces - CORRECT ANSWER Can each be assigned to a separate 802.1q vlan and zones, need route between VLANs
layer 3 interface requirements - CORRECT ANSWER at least 1 ip address assigned, must be assigned to a virtual router and zone, can support firewall management traffic through service route
T/F IPv6 is enabled by default on the firewall? - CORRECT ANSWER False (enable using Device > Setup > Session > Session Settings)
Layer3 interface address assignment - CORRECT ANSWER Static, DHCP client, PPPoE (for DSL connection)
Interface Management Profile - CORRECT ANSWER defines the type of firewall management service that are accessible through a layer 3 interface
Untagged subinterface - CORRECT ANSWER creates layer 3 subinterfaces not assigned to a specific VLAN but carry untagged traffic
Layer 3 Subinterfaces - CORRECT ANSWER Used to isolate traffic on different VLANs on the same physical port. Traffic can be routed between VLANs but still need to be assigned to zones and appropriate security rules to allow traffic to pass between zones
Virtual routers - CORRECT ANSWER Used for routing between networks. Supports static routes, dynamic routing protocols, and multicase routing (PIM-SM, PIM-SSM)
Admin Distance - CORRECT ANSWER A value assigned to the source of routing information to help choose the most trustworthy routing information
Metric - CORRECT ANSWER A value assigned to tell the router which path to use to the same destination offered by the same routing protocol or static route
Route path monitoring - CORRECT ANSWER determines if a route is usable by continuously pinging a specified address. Will remove a route if it fails and re-add it when it comes back online
More Runtime Stats - CORRECT ANSWER In Virtual Router configuration, used to view the routing table, and other details
Route table - CORRECT ANSWER RIB that contains all currently known routes
Forwarding Table - CORRECT ANSWER Contains the FIB, or the firewall interfaces and IP addresses currently used to forward traffic
Static Route Monitoring - CORRECT ANSWER status of monitored paths from static routes
VLAN Interfaces - CORRECT ANSWER Assigned an IP address, provides a routable path for Layer 2 interfaces to Layer 3 interfaces (attached to a virtual router)
Loopback Interface - CORRECT ANSWER logical interface, assigned an IP address, behaves like a host interface to provide access to firewall services. IP assigned to a loopback interface must have no netmask or a /32 netmask
Policy-Based Forwarding - CORRECT ANSWER allows traffic to take an alternative path from the next hop specified in the route table. does not apply to traffic originating from the firewall itself (i.e ipsec vpn, globalprotect, or virtual router traffic)
PBF Rules - CORRECT ANSWER use match criteria to match traffic... PBF path monitoring uses heartbeats to detect reachability of the route, can specify failover route or wait-recover action [Show Less]