Knowledge Quiz 8b - Initial Firewall and Basic Interface Configurations

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

True or False. Traffic protection from external locations where the egress point is the perimeter is commonly referred to as "North-South" traffic. Select one: True False

True

When you change a configuration setting and click OK, the current or "candidate" configuration is updated, not the active or "running" configuration.

True

Which Next Generation Firewall feature protects cloud-based applications such as Box, Salesforce, and Dropbox by managing permissions and scanning files for external exposure and sensitive information. Select one: a. Aperture b. GlobalProtect c. Panorama d. AutoFocus

a. Aperture

Which Next Generation Firewall feature protects cloud-based applications such as Box, Salesforce, and Dropbox by managing permissions and scanning files for external exposure and sensitive information. a. Aperture b. GlobalProtect c. Panorama d. AutoFocus

a. Aperture****

What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth? Select one: a. Application Command Center (ACC) b. Quality of Service Statistics c. Applications Report d. Quality of Service Log

a. Application Command Center (ACC)

What is the maximum size of .EXE files uploaded from the Next Generation firewall to WIldfire? Select one: a. Configurable up to 10 megabytes b. Always 2 megabytes c. Configurable up to 2 megabytes d. Always 10 megabytes

a. Configurable up to 10 megabytes ****

In a Next Generation firewall, how many packet does it take to identify the application in a TCP exchange? Select one: a. Four or five b. Three c. Two d. One

a. Four or five

What is the benefit of enabling the "passive DNS monitoring" checkbox on the Next Generation firewall? Select one or more: a. Improved malware detection in Wildfire b. Improved PAN DB malware detection c. Improved anti-virus detection d. Improved DNS based command and control signatures

a. Improved malware detection in Wildfire b. Improved PAN DB malware detection d. Improved DNS based command and control signatures

Which of the following is a routing protocol supported in a Next Generation firewall? Select one: a. RIPV2 b. EIGRP c. ISIS d. IGRP

a. RIPV2

Which Next Generation FW configuration type has settings active on the firewall? Select one: a. Running b. Candidate c. Legacy d. Startup

a. Running

When creating an application filter, which of the following is true? Select one: a. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter b. They are used by malware c. Excessive bandwidth may be used as a filter match criteria d. They are called dynamic because they automatically adapt to new IP addresses

a. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter

Which three engines are built into the Single Pass Parallel Processing Architecture of the Next Generation firewall? Select one or more: a. User Identification (User-ID) b. Content Identification (Content-ID) c. Threat Identification (Threat-ID) d. Application Identification (App-ID) e. Group Identification (Group-ID)

a. User Identification (User-ID) b. Content Identification (Content-ID) d. Application Identification (App-ID)

What component of the Next Generation Firewall will protect from port scans? Select one: a. Zone protection b. DOS Protection c. Anti-Virus Protection d. Vulnerability protection

a. Zone protection

Which built-in role on the Next Generation firewall is the same as superuser except for creation of administrative accounts? Select one: a. deviceadmin b. vsysadmin c. sysadmin d. devicereader

a. deviceadmin

which built in role on the next generation firewall is the same as superuser except for creation of administrative accounts? a. deviceadmin b. vsysadmin c. sysadmin d. devicereader

a. deviceadmin****

To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics: Select one: a. Action: Deny, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured b. Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured c. Action: Deny, Aggregate Profile with "Resources Protection" configured d. Action: Protect, Aggregate Profile with "Resources Protection" configured

b. Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured****

Without a Wildfire subscription, which of the following files can be submitted by the Next Generation FIrewall to the hosted Wildfire virtualized sandbox? Select one: a. PDF files only b. PE and Java Applet only c. MS Office doc/docx, xls/xlsx, and ppt/pptx files only d. PE files only

c. MS Office doc/docx, xls/xlsx, and ppt/pptx files only ****

Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems? Select one: a. superuser b. Custom role c. deviceadmin d. vsysadmin

c. deviceadmin

Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems? a. superuser b. custom role c. deviceadmin d. vsysadmin

c. deviceadmin****

Which command will reset a next generation firewall to its factory default settings if you know the admin account password? Select one: a. reset system settings b. reload c. request system private-data-reset d. reset startup-config

c. request system private-data-reset

In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for Wildfire updates? Select one: a. 30 Minutes b. 15 Minutes c. 1 Hour d. 5 Minutes

d. 5 Minutes ****

What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application? Select one: a. Application-dependent b. Application-implicit c. Application-custom d. Application-default

d. Application-default

What type of interface allows the Next Generation firewall to provide switching between two or more networks? Select one: a. Tap b. Layer3 c. Virtual Wire d. Layer2

d. Layer2

Which type of interface will allow the firewall to be inserted into an existing topology without requiring any reallocation of network addresses or redesign on the network topology? Select one: a. Layer 3 b. Tap c. Layer 2 d. Virtual Wire

d. Virtual Wire

What built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?

deviceadmin

What built-in role on the Next Generation firewall is the same as superuser except for creation of administrative accounts?

deviceadmin

To configure an interface, access the ______ tab and then Interfaces within the WebUI.

*** NOT Objects*** *** NOT Device***

Which routing protocol is supported in the Next Generation firewall platform?

*** not RIPV1*** *** not ISIS***

What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall? Select one: a. Filter the traffic logs for all traffic from the user that resulted in a deny action b. Filter the data filtering logs for the user's traffic and the name of the PDF file c. Filter the session browser for all sessions from a user with the application adobe d. Filter the system log for failed download messages

b. Filter the data filtering logs for the user's traffic and the name of the PDF file ****

Which feature can be configured with an IPv6 address? Select one: a. BGP b. Static Route c. DHCP Server d. RIPv2

b. Static Route

Which Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity? Select one: a. VM-700 b. VM-500 c. VM-100 d. VM-50

b. VM-500

On the Next Generation firewall, what type of security profile detects infected files being transferred with the application? Select one: a. Vulnerability Protection b. WildFire Analysis c. Anti-Virus d. URL Filtering e. File Blocking

c. Anti-Virus

On the Next Generation firewall, what type of security profile detects infected files being transferred with the application? a. Vulnerability Protection b. WildFire Analysis c. Anti-Virus d. URL Filtering e. File Blocking

c. Anti-Virus****

The PAN-OS DHCP server supports the following DHCP client options.

4/8 Option 135 (DNS Suffix) Dynamic updates to DNS server Option 70 (POP3 Server)

All of the interfaces on a Next Generation firewall must be of the same interface type. Select one: True False

False

Combines up to eight Ethernet interfaces using link aggregation.

Aggregate Interfaces

Dynamic Updates for Application and Threats, Antivirus, and URL filtering are issued on a Daily basis.

False

Activates a VM-Series Firewall.

Authorization Code

If an interface on the firewall is a client of an external DHCP server, the DHCP server configured on the Palo Alto Networks firewall cannot inherit information from the external DHCP server and send that DHCP information to its own clients.

False

Interzone traffic is allowed by default

False

When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal?

Change

Applies candidate configuration to running configuration.

Commit

On the Next Generation firewall, application groups are always automatically updated when new applications are added to the App-ID database. Select one: True False

False

Blocks others from making changes to the firewall settings.

Config lock

The built-in sysadmin role allows all rights except for the creation of administrative accounts and virtual systems.

False

All of the interfaces on a Next Generation firewall must be of the same interface type.

False

Which of the following services are enabled on the Next Generation firewall MGT interface by default?

HTTPS SSH

Provide Layer 3 services like in-band management, GlobalProtect portal, and IPSec.

Loopback Interface

Dedicated out-of-band management Ethernet interface.

MGT Interface

Which of the following is a routing protocol supported in a Next Generation firewall?

RIPV2

Used to administer firewall through SSH, Telnet, or direct console access.

PAN-OS CLI

Supersedes forwarding information in a virtual router.

Policy-Based Forwarding

Virtual routers provide support for dynamic routing using the following routing protocols.

Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP)

What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)? Select one or more: a. Network Traffic b. Threat Activity c. Blocked Activity d. Application Traffic

Select one or more: a. Network Traffic b. Threat Activity c. Blocked Activity

Upgrades PAN-OS software to a new release.

Software Updates

Which Ethernet interface type allows traffic flows to be passively monitored across a network by way of a switch SPAN or mirror port?

TAP

An interface in Virtual Wire mode on a Next Generation firewall does not require an IP address.

True

In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic.

True

In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic. Select one: True False

True

In addition to routing to other network devices, virtual routers on the Next Generation firewall can route to other virtual routers.

True

In addition to routing to other network devices, virtual routers on the Next Generation firewall can route to other virtual routers. Select one: True False

True

Layer 3 interfaces, including the MGT interface, can be configured as dual stack with IPv4 and IPv6 addresses.

True

Multiple administrator accounts can be configured on a single Next Generation firewall.

True

On the Next Generation firewall, DNS sinkhole allows administrators to quickly identify infected hosts on the network using DNS traffic. True False

True

On the Next Generation firewall, a commit lock blocks other administrators from committing changes until all of the locks have been released. Select one: True False

True

Used to administer firewall from a web browser.

WebUI


Ensembles d'études connexes

APES Multiple Choice- Chapter 3 and 4

View Set

Network Security 1.0 Modules 11-12

View Set

Article 430 - Motors, Motor Circuits, and Controllers (QUARTER 2)

View Set

Chapter 8 ACC Learnsmart: Receivables, Bad Debt, and Interest Revenue

View Set

Chapter 4: Evolutionary Origin of Cells and Their General Features

View Set

Chapter 19: NCLEX practice questions

View Set