Palo Alto Firewall Essentials
A strength of the Palo Alto Networks firewall is:
A. Increased buffering capability.
B. Its single-pass parallel processing (SP3) engine and software performs operations once per packet
C. Hardware consolidation - data and control plane processing is improved and performed in successive linear fashion
Select True or false. The CN-Series firewalls deliver the same capabilities as the PA-Series and VM-Series firewalls.
True
False
Select True or False. Traffic protection from external locations where the egress point is the perimeter is commonly referred to as “North-South” traffic.
True
False
The first important task of building a Zero Trust Architecture is to identify __________________.
A. microperimeter
B. The protect surface
C. traffic
D. interdependencies
What is the method used to create a Zero Trust policy that answers the 'who, what, when, where, why and how' definition?
A. Logging
B. Never Trust - Always Verify
C. Kipling
D. Full Authentication
Which object cannot be segmented using virtual systems on a firewall?
A. MGT interface
B. Data Plane Interface
C. Administrative Access
D. Network Security Zone
Which Palo Alto Networks Cortex technology prevents malware, blocks exploits, and analyzes suspicious patterns through behavioral threat protection?
A. AutoFocus
B. XDR
C. Data Lake
D. XSOAR
Which Palo Alto Networks Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity?
A. VM-100
B. VM-700
C. VM-500
D. VM-50
Which Palo Alto Networks Prisma technology provides continuous security monitoring, compliance validation, and cloud storage security capabilities across multi-cloud environments? In addition, you can simplify security operations through effective threat protections enhanced with comprehensive cloud context.
A. Access
B. Compliance
C. SaaS
D. Cloud
Which Palo Alto Networks product for securing the enterprise extends the enterprise perimeter to remote offices and mobile users?
A. WildFire
B. Panorama
C. GlobalProtect
D. VM-Series
Which series of a firewall is a high-performance physical appliance solution?
A. VM
B. CN
C. PA
D. HA
Which series of Palo Alto Networks Next Generation Firewall offers two modes, Secure Mode, and Express Mode?
A. VS
B. CN
C. VM
D. K2
Which Strata product provides centralized firewall management and logging?
A. WildFire
B. Panorama
C. Prisma Access
D. GlobalProtect
What are the two attributes of the dedicated out-of-band network management port in Palo Alto Networks firewalls? (Choose two.)
A. labeled MGT by default
B. Cannot be configured as a standard traffic port
C. Supports only SSH connections
D. Requires a static, non-DHCP network configuration
Select True or False. To register a hardware firewall you will need the firewall's serial number..
True
False
Select True or False. Service routes can be used to configure an in-band port to access external services.
True
False
In the web interface, what is signified when a text box is highlighted in red?
A. The value in the text box is optional
B. The value in the text box is required
C. The value in the text box is an error
D. The value in the text box is controlled by Panorama
Which two planes are found in the Palo Alto Networks single-pass platform architecture? (Choose two.)
A. control
B. application
C. data
D. Parallel processing
Which object cannot be segmented using virtual systems on a firewall?
A. Network security zone
B. Data plane interface
C. Administrative access
D. MGT interface
Which series of a firewall is a high-performance physical appliance solution?
A. CN (containerized unit)
B. PA (physical appliance)
C. VM (virtual machine)
Which strata product provides centralized firewall management and logging?
A. WildFire
B. Panorama
C. GlobalProtect
D. Prisma Access
Select True or False. The CN-series firewalls deliver the same capabilities as the PA-series and VM-series firewalls.
True
False
Which two statements are true regarding the candidate configuration? (Choose two.)
A. It controls the current operation of the firewall
B. It contains possible changes to the current configuration
C. It can be reverted to the current configuration
D. It always contains the factory default configuration
Select True or False. The running configuration consists of configuration changes in progress but not active on the firewall.
True
False
When committing changes to a firewall, what is the result of clicking the Preview Changes link?
A. Shows any error messages that would appear during a commit
B. Lists the individual settings for which you are committing changes
C. Compares the candidate configuration to the running configuration
D. Displays any unresolved application dependencies
Select True or False. The Export operations transfer configurations as XML-formatted files from the firewall..
True
False
For guidance on continuing to deploy the security platform features to address your network security needs, review the PAN-OS Administrator's Guide section titled
A. Best Practices for Securing Administrative Access
B. Set Up a Basic Security Policy
C. Register the Firewall
D. Best Practices for Completing the Firewall Deployment
In the web interface, what is signified when a text box is highlighted in red?
A. The value in the text box is controlled by Panorama
B. The value in the text box is required
C. The value in the text box is an error
D. The value in the text box is optional
Select True or False. By default, the firewall uses the management (MGT) interface to access external services, such as DNS servers, external authentication servers, Palo Alto Networks services such as software, URL updates, licenses and AutoFocus.
True
False
Select True or false. Service routes can be used to configure an in-band port to access external services.
True
False
The Gartner Magic Quadrant for Network Firewalls rates company's:
A. Regulatory Compliance / Intellectual Properties
B. Ability to Execute / Completeness of Vision
C. Growth Potential / Profitability
Which attribute is associated with the dedicated out-of-band network management port in Palo Alto Networks firewalls?
A. Supports only SSH connections
B. Requires a static, non-DHCP network configuration
C. Supports DHCP only
D. Cannot be configured as a standard traffic port
Which command will reset a next generation firewall to its factory default settings if you know the admin account password?
A. Request system private-data-reset
B. Reset startup-config
C. reload
D. Reset system settings
Which type of firewall license or subscription provides a graphical analysis of firewall traffic logs and identifies potential risks to your network by using threat intelligence from a portal?
A. AutoFocus
B. GlobalProtect
C. WildFire
D. Threat Prevention
When committing changes to a firewall, what is the result of clicking the Preview Changes link?
A. Lists the individual settings for which you are committing changes
B. Shows any error messages that would appear during a commit
C. Compares the candidate configuration to the running configuration
D. Displays any unresolved application dependencies
When making changes to configuration settings on the PAN-OS firewall, which of the following options lists the individual changes for which you are committing changes:
A. Preview Changes for all
B. Change Summary
C. Preview Changes for selected administrators.
D. Validate Commit
Which Next Generation FW configuration type has settings active on the firewall?
A. Running
B. Legacy
C. Startup
D. Candidate
Which statement is true regarding the Palo Alto Networks Firewall candidate configuration?
A. It controls the current operation of the firewall.
B. It can be reverted to the current configuration.
C. It does not control changes to the current configuration.
D. It always contains the factory default configuration.
Select True or False. The running configuration consists of configuration changes in progress but not active on the firewall.
True
False
When creating a custom admin role, which four types of privileges can be defined? (Choose four.)
A. WebUI
B. Panorama
C. REST API
D. Command Line
E. JAVA API
F. XML API
Global user authentication is supported by which three authentication services? (Choose three.)
A. SAML
B. LDAP
C. RADIUS
D. Certificate
E. TACACS+
Select True or False. Server profiles define connections that the firewall can make to external servers.
True
False
Select True or False. Certificate-based authentication replaces all other forms of either local or external authentication..
True
False
Global user authentication is not supported by which authentication service?
A. SAML
B. RADIUS
C. LDAP
D. TACACS +
Select True or False. On the Next Generation firewall, a commit lock blocks other administrators from committing changes until all of the locks have been released.
True
False
Select True or False. Server Profiles define connections that the firewall can make to external servers.
True
False
True or false? Certificate-based authentication replaces all other forms of either local or external authentication.
True
False
When creating a custom admin role, which type of privileges can not be defined?
A. WebUI
B. Command Line
C. Panorama
D. XML API
E. REST API
When creating PAN-OS firewall administrator accounts, which configuration step is required for Non-Local Administrators, but not for Local Administrators?
A. API Interface
B. Authentication Sequence
C. Directory Services Replication
D. Authentication Profile
When resetting the PAN-OS firewall to factory defaults, you can save all configuration settings and logs by performing the following:
A. Pressing Shift-C when prompted
B. Selecting 'yes' when prompted
C. Executing the CLI command when in maintenance mode: rebuild/FactoryReset
D. None of the above
Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?
A. Custom role
B. vsysadmin
C. deviceadmin
D. superuser
Which built-in role on the Next Generation firewall is the same as superuser except for creation of administrative accounts?
A. vsysadmin
B. deviceadmin
C. sysadmin
D. devicereader
Which of the following is NOT a PAN-OS Firewall Administrator Dynamic Role?
A. Virtual system administrator
B. Local only administrator
C. Superuser
D. Device administrator (read-only)
Which role-based privilege allows full access to the Palo Alto Networks firewall, including defining new administrator accounts and virtual systems?
A. superuser
B. superreader
C. deviceadmin
D. devicereader
Which two items are supported routing protocols on a virtual router? (Choose two.)
A. OSPF
B. IGRP
C. EGP
D. BGP
Which three interface types are valid on Palo Alto Networks firewall? (Choose three.)
A. FC
B. Layer3
C. FCoE
D. Tap
E. Virtual wire
Which two firewall interface types can be added to a Layer3-type security zone? (Choose two.)
A. Tunnel
B. Virtual wire
C. Tap
D. Loopback
Which type of firewall interface enables passive monitoring of network traffic?
A. Virtual wire
B. Tap
C. Loopback
D. Tunnel
Which two actions affect all of the widgets in the Application Command Center?
A. Setting a local filter
B. Setting a time range
C. Setting a global filter
D. Setting a global search
Select True or False. A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6 addresses.
True
False
Select True or False. All of the interfaces on a Next Generation firewall must be the same interface type.
True
False
Select True or False. In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic.
True
False
Select True or False. In addition to routing to other network devices, virtual routers on the Next Generation firewall can route to other virtual routers.
True
False
What type of interface allows the Next Generation firewall to provide switching between two or more networks?
A. Virtual Wire
B. Tap
C. Layer3
D. Layer2
Which feature can be configured with an IPv6 address?
A. Static Route
B. RIPv2
C. DHCP Server
D. BGP
Which of the following is a routing protocol supported in a Next Generation firewall?
A. RIPV2
B. ISIS
C. EIGRP
D. IGRP
Which routing protocol is supported on a virtual router?
A. OSPF
B. IGRP
C. PPP
D. EGP
Which two firewall features display information using widgets?
A. Botnet report
B. Dashboard
C. Traffic log
D. ACC
Which type of interface will allow the firewall to be inserted into an existing topology without requiring any reallocation of network addresses or redesign on the network topology?
A. Virtual Wire
B. Layer 2
C. Tap
D. Layer 3
Which two items are required to match criteria in a Palo Alto Networks Security policy rule? (Choose two.)
A. Source zone
B. Destination zone
C. Destination address
D. Destination port
Which type of Security policy rule is the default rule type?
A. intrazone
B. interzone
C. universal
D. default
Which action in a Security policy rule results in traffic being silently rejected?
A. deny
B. drop
C. Reset server
D. Reset client
Select True or false. Logging on intrazone-default and interzone-default Security policy rules is enabled by default.
True
False
NGFW QoS policies can be configured to apply:
A. Forwarding for anti-virus screening
B. Data encryption
C. Either preferential treatment or bandwidth-limiting traffic rules
D. Third party authentication
When defining Security policy rules, why should you consider only the c2s flow direction, and define policy rules that allow or deny traffic from the source zone to the destination zone, that is, in the c2s direction?
A. For traffic that does not match any custom defined rules, all communications are conducted in a separate traffic buffer
B. Default rules are predefined to allow all interzone traffic (between zones) and deny all intrazone traffic (within a zone).
C. The return s2c flow does not require a separate rule because the return traffic automatically is allowed
D. The return c2s flow does not require a separate rule because communications are automatically allowed.
Which of the following are NOT traffic attributes or criteria that can be defined in a Security policy rule?
A. URL Catgegory
B. Traffic that does not pass through the firewall data plane
C. Source / Destination zones
D. Source user
Select True or False. Security policy rules on the Next Generation firewall specify a source and a destination interface.
True
False
Traffic going to a public IP address is being translated by a Next Generation firewall to an internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server?
A. The firewall gateway IP
B. The firewall Management port IP
C. The server public IP
D. The server private IP
Which action in a Security policy rule results in traffic being silently rejected?
A. Reset Client
B. Reset Server
C. Drop
D. Deny
Which NGFW security policy rule applies to all matching traffic within the specified source zones?
A. Intrazone
B. Universal
C. Default
D. Interzone
In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?
A. Global
B. Group
C. Local
D. Universal
Select the answer that best completes this sentence. Source NAT commonly is used for _________ users to access the ________ internet.
A. private, private
B. private, public
C. public, public
D. public, private
Select the answer that completes this sentence. DIPP source NAT will support a maximum of about ______________ concurrent sessions on each IP address configured within the NAT pool.
A. 8100
B. 16,300
C. 250
D. 64,000
Which one of the following statements is true about NAT rules?
A. The destination zone is determined before the route lookup of the post-NAT destination IP
B. The addresses used in source NAT rules always refer to the original IP address in the packet
C. NAT rules are applied after security policy rules.
D. NAT rules provide address translation, while security policy rules allow or deny packets.
What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?
A. Quality of Service Statistics
B. Quality of Service Log
C. Application Command Center (ACC)
D. Applications Report
Which statement about the automated correlation engine is not correct?
A. It outputs correlation events.
B. It is available only in Panorama
C. It detects possible infected hosts.
D. It uses correlation objects as input.
When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal?
A. Addition
B. None
C. Deletion
D. Change
In the Palo Alto Networks Firewall WebUI, which type of report can be compiled into a single emailed PDF?
A. Predefined
B. Group
C. PDF Summary
D. Botnet
On the Palo Alto Networks Next Generation Firewall, which is the default port for transporting Syslog traffic?
A. 6514
B. 443
C. 514
D. 8080
When creating an application filter, which of the following is true?
A. They are called dynamic because they will automatically include new applications from an application signature update if the new application’s type is included in the filter
B. They are called dynamic because they automatically adapt to new IP addresses
C. They are used by malware
D. Excessive bandwidth may be used as a filter match criteria
Select True or False. On the Next Generation firewall, application groups are always automatically updated when new applications are added to the App-ID database.
True
False
In a Next Generation firewall, how many packet does it take to identify the application in a TCP exchange?
A. Two
B. Four or five
C. One
D. Three
What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application?
A. Application-implicit
B. Application-default
C. Application-dependent
D. Application-custom
What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?
A. Application Command Center (ACC)
B. Quality of Service Statistics
C. Quality of Service Log
D. Applications Report
What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)?
A. Blocked Activity
B. Network Traffic
C. Application Traffic
D. Threat Activity
How would App-ID label TCP traffic when the three-way handshake completes, but not enough data is sent to identify an application?
A. unknown-tcp
B. insufficient-data
C. not-applicable
D. incomplete
When an Applications and Threats content update is performed, which is the earliest point where you can review the impact of new application signatures on existing policies?
A. After download
B. After clicking Check Now
C. After install
D. After commit
Which three methods does App-ID use to identify network traffic? Choose the 3 correct choices.
A. heuristics
B. URL category
C. Application filter match
D. Protocol decoders
E. signatures
True or false? When migration is done from the firewall of another vendor to a Palo Alto Networks firewall, a best practice is to always migrate the existing Security policy.
True
False
True or false? If App-ID cannot identify the traffic, Content-ID cannot inspect the traffic for malware.
True
False
Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user’s browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log?
A. continue
B. block
C. override
D. alert
Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo, Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option.
A. Log Container Page Only
B. HTTP Header Logging
C. Safe Search Enforcement
D. User Credential Detection
A "continue" action can be configured on the following security profiles in the Next Generation firewall:
A. URL Filtering and File Blocking
B. URL Filtering
C. URL Filtering and Antivirus
D. URL Filtering, File Blocking, and Data Filtering
Which URL filtering security profile action logs the category to the URL filtering log?
A. Alert
B. Default
C. Log
D. Allow
Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?
A. Block, Allow, Custom URL, External Dynamic, PAN-DB Download, PAN-DB Cloud, PAN-DB Cache
B. Allow, Block, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud
C. Block, Allow, External Dynamic, Custom URL, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud
D. Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud
Which URL Filtering Profile action will result in a user being interactively prompted for a password?
A. alert
B. continue
C. override
D. allow
Which statement about the predefined reports is not correct?
A. They are grouped in 5 categories
B. There are more than 40 predefined reports
C. They are emailed daily to users
D. They are generated daily by default
Which statement is not true regarding Safe Search Enforcement?
A. Safe search is a web browser setting
B. Safe search works only in conjunction with credential submission websites
C. Safe search is a best effort setting
D. Safe search is a web server setting
True or false? A URL Filtering license is not required to define and use custom URL categories.
True
False
True or false? SNMP GET requests to a firewall return operational statistics, and SNMP SET requests update the firewall configuration.
True
False
Without a Wildfire licensed subscription, which of the following files can be submitted by the Next Generation Firewall to the hosted Wildfire virtualized sandbox?
A. PE and Java Applet only
B. PDF files only
C. PE files only
D. MS Office doc/docx, xls/xlsx, and ppt/pptx files only
In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for Wildfire updates?
A. Real Time
B. 5 Minutes
C. 1 Hour
D. 15 Minutes
Which CLI command is used to verify successful file uploads to WildFire?
A. Debug wildfire upload-threat show
B. Debug wildfire download-log show
C. Debug wildfire upload-log show
D. Debug wildfire upload-log
True or False. If a file type is matched in the File Blocking Profile and WildFire Analysis Profile, and if the File Blocking Profile action is set to “block,” then the file is not forwarded to WildFire.
True
False
Which file type can a firewall send to WildFire when the firewall does not have a WildFire subscription?
A. PDF
B. EXE
C. JAR
D. APK
Which WildFire verdict might indicate obtrusive behavior but not a security threat?
A. malware
B. grayware
C. benign
D. phishing
True or false? When a malicious file or link is detected in an email, WildFire can update antivirus signatures in the PAN-DB database.
True
False
Assume you have a WildFire subscription. Which file state or condition would trigger a Wildfire file analysis?
A. File size limit exceeded
B. File already has WildFire hash
C. Executable file signed by trusted signer
D. File located in a JAR or RAR archive
Which User-ID component and mapping method is recommended for web clients that do not use the domain server?
A. Terminal Services agent
B. GlobalProtect
C. XML API
D. Captive Portal
Which port does the Palo Alto Networks Windows-based User-ID agent use by default?
A. TCP port 80
B. TCP port 443
C. TCP port 4125
D. TCP port 5007
The User-ID feature identifies the user and IP address of the computer the user is logged into for Next Generation firewall policy enforcement.
True
False
Which two statements are true regarding User-ID and firewall configuration?
A. The firewall needs to have information for every USER-ID agent for which it will connect
B. NETBIOS is the only client-probing method supported by the USER-ID agent
C. The USER-ID agent must be installed on the domain controller
D. Communication between the firewall and USER-ID agent are sent over an encrypted SSL connection
Which statement is true regarding User-ID and Security policy rules?
A. Users can be used in policy rules only if they are known by the firewall
B. The Source User field can match only users, not groups.
C. If the user associated with an IP address cannot be determined, all traffic from that address will be dropped.
D. The Source IP and Source User fields cannot be used in the same policy.
Which item is not a valid choice when the Source User field is configured in a Security policy rule?
A. unknown
B. known-user
C. any
D. all
Which URL Filtering Profile action will result in a user being interactively prompted for a password?
A. alert
B. allow
C. continue
D. override
According to best practices, which two URL filtering categories should be blocked in most URL Filtering Profiles? (Choose two.)
A. high-risk
B. medium-risk
C. new-registered-domain
D. adult
Which three statements are true regarding Safe Search Enforcement? (Choose three.)
A. Safe search is a web server setting
B. Safe search is a web browser setting
C. Safe search is a best-effort setting
D. Safe search is designed to block violent web content
E. Safe search works only in conjunction with credential submission websites
True or False? A URL Filtering license is not required to define and use custom URL categories.
True
False
To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics:
A. Action: Protect, Aggregate Profile with “Resources Protection” configureda. Action: Protect, Aggregate Profile with “Resources Protection” configured
B. Action: Deny, Aggregate Profile with “Resources Protection” configured
C. Action: Deny, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured
D. Action: Protect, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured
What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall?
A. Filter the traffic logs for all traffic from the user that resulted in a deny action
B. Filter the data filtering logs for the user's traffic and the name of the PDF file
C. Filter the session browser for all sessions from a user with the application adobe
D. Filter the system log for failed download messages
What component of the Next Generation Firewall will protect from port scans?
A. Vulnerability protection
B. Zone protection
C. DOS Protection
D. Anti-Virus Protection
Which anti-spyware feature enables an administrator to quickly identify a potentially infected host on the network?
A. Continue response page
B. CVE Number
C. DNS SInkhole
D. Data filtering log entry
True or false? A Security Profile attached to a Security policy rule is evaluated only if the Security policy rule matches traffic and the rule action is set to “allow.”
True
False
A Zone Protection Profile is applied to which item?
A. Address Groups
B. Ingress Ports
C. Security Policy Rules
D. Egress Ports
Network traffic matches an “allow” rule in the Security policy, but the attached File Blocking Profile is configured with a “block” action. To which two locations will the traffic be logged? (Choose two.)
A. Data Filtering Log
B. Alarms Log
C. Traffic Log
D. Threat Log
Which profile type is designed to protect against reconnaissance attacks such as host sweeps and port scans?
A. Data Filtering
B. Zone Protection
C. Anti-Spyware
D. DOS Protection
Which feature can be configured to block sessions that the firewall cannot decrypt?
A. Decryption profile in security profile
B. Decryption profile in PBF
C. Decryption profile in security policy
D. Decryption profile in decryption policy
What is the default setting for "Action" in a decryption policy rule?
A. Any
B. No-decrypt
C. Decrypt
D. None
Which type of Next Generation Firewall decryption inspects SSL traffic between an internal host and an external web server?
A. SSL Inbound Inspection
B. SSL Outbound Inspection
C. SSL Forward Proxy
D. SSH
When SSL encrypted traffic first arrives at the Next Generation Firewall, which technology initially identifies the application as web-browsing?
A. Content-ID
B. User-ID
C. App-ID
D. Encryption-ID
Which type of Next Generation Firewall decryption inspects SSL traffic coming from external users to internal servers?
A. SSL Forward Proxy
B. SSL Outbound Inspection
C. SSH
D. SSL Inbound Inspection
True or False. In the Next Generation Firewall, even if the Decryption policy rule action is “no-decrypt,” the Decryption Profile attached to the rule can still be configured to block sessions with expired or untrusted certificates.
True
False
Which two types of activities does SSL/TLS decryption on the firewall help to block?
A. denial-or-service attacks
B. Malware introduction
C. protocol-based attacks
D. Sensitive data exfiltration
True or false? If OCSP and CRL are configured on a firewall, CRL is consulted first.
True
False
Which type of firewall decryption requires the administrator to import a server certificate and a private key into the firewall?
A. SSH Decryption
B. SSL Inbound Inspection Decryption
C. SSL Forward Proxy Decryption
D. SSH Tunnel Decryption
True or false? The SSL forward untrusted certificate should not be trusted by the client but should still be a CA certificate.
True
False
True or false? The firewall still can check for expired or untrusted certificates even if the SSL traffic is not being decrypted.
True
False
In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?
A. Group
B. Universal
C. Local
D. Global
What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?
A. Quality of Service Log
B. Applications Report
C. Application Command Center (ACC)
D. Quality of Service Statistics
What is the recommended maximum default size of PE - executable - files forwarded from the Next Generation firewall to Wildfire?
A. 16 megabytes
B. Configurable up to 2 megabytes
C. Configurable up to 10 megabytes
D. Always 2 megabytes
{"name":"Palo Alto Firewall Essentials", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"A strength of the Palo Alto Networks firewall is:, Select True or false. The CN-Series firewalls deliver the same capabilities as the PA-Series and VM-Series firewalls., Select True or False. Traffic protection from external locations where the egress point is the perimeter is commonly referred to as “North-South” traffic.","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}