Palo Alto (1-6)

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for Wildfire updates? Select one: a. 30 Minutes b. 15 Minutes c. 1 Hour d. 5 Minutes

5 Minutes

What is the maximum size of .EXE files uploaded from the Next Generation firewall to WIldfire? Select one: a. Configurable up to 10 megabytes b. Always 2 megabytes c. Configurable up to 2 megabytes d. Always 10 megabytes

Configurable up to 10 megabytes

Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule on the Next Generation firewall? Select one: a. Bi-Directional b. Dynamic IP and Port c. Static IP d. Dynamic IP

Dynamic IP and Port

Which NGFW security policy rule applies to all matching traffic within the specified source zones? Select one: a. Intrazone b. Universal c. Default d. Interzone

Intrazone

In which stage of the Cyber Attack Lifecycle model do attackers gain access "inside" an organization and activate attack code on the victim's host and ultimately take control of the target machine? Select one: a. Weaponization and Delivery b. Reconnaissance c. Exploitation d. Command and Control

Exploitation

All of the interfaces on a Next Generation firewall must be of the same interface type. Select one: True False

False

On the Next Generation firewall, application groups are always automatically updated when new applications are added to the App-ID database. Select one: True False

False

Security policy rules on the Next Generation firewall specify a source and a destination interface. Select one: True False

False

What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall? Select one: a. Filter the traffic logs for all traffic from the user that resulted in a deny action b. Filter the data filtering logs for the user's traffic and the name of the PDF file c. Filter the session browser for all sessions from a user with the application adobe d. Filter the system log for failed download messages

Filter the data filtering logs for the user's traffic and the name of the PDF file

In a Next Generation firewall, how many packet does it take to identify the application in a TCP exchange? Select one: a. Four or five b. Three c. Two d. One

Four or five

Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo, Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option. Select one: a. Safe Search Enforcement b. User Credential Detection c. HTTP Header Logging d. Log Container Page Only

Safe Search Enforcement

Which type of interface will allow the firewall to be inserted into an existing topology without requiring any reallocation of network addresses or redesign on the network topology? Select one: a. Layer 3 b. Tap c. Layer 2 d. Virtual Wire

Virtual Wire

Which of the following services are enabled on the Next Generation firewall MGT interface by default? Select one or more: a. HTTPS b. HTTP c. SSH d. Telnet

Select one or more: HTTPS SSH Telnet

What is the benefit of enabling the "passive DNS monitoring" checkbox on the Next Generation firewall? Select one or more: a. Improved malware detection in Wildfire b. Improved PAN DB malware detection c. Improved anti-virus detection d. Improved DNS based command and control signatures

Select one or more: Improved malware detection in Wildfire Improved PAN DB malware detection Improved DNS based command and control signatures

What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)? Select one or more: a. Network Traffic b. Threat Activity c. Blocked Activity d. Application Traffic

Select one or more: Network Traffic Threat Activity Blocked Activity

Which three engines are built into the Single Pass Parallel Processing Architecture of the Next Generation firewall? Select one or more: a. User Identification (User-ID) b. Content Identification (Content-ID) c. Threat Identification (Threat-ID) d. Application Identification (App-ID) e. Group Identification (Group-ID)

Select one or more: User Identification (User-ID) Content Identification (Content-ID) Application Identification (App-ID)

What two interface types on the Next Generation firewall provide support for Network Address Translation? Select one or more: a. Virtual Wire b. Layer2 c. Tap d. Layer 3 e. HA

Select one or more: Virtual Wire Layer 3

Which web development program is an object-oriented, class-based and concurrent language that was developed by Sun Microsystems in the 1990s? Select one: a. Java b. Python c. Ruby d. PHP

Java

Which type of social engineering attack involves hackers who impersonate IT service people and who spam call as many direct numbers that belong to a company as they can find? These attackers offer IT assistance to each and every one of their victims. Select one: a. Phishing b. Baiting c. Pretexting d. Quid Pro Quo

Quid Pro Quo

Which of the following is a routing protocol supported in a Next Generation firewall? Select one: a. RIPV2 b. EIGRP c. ISIS d. IGRP

RIPV2

Which Next Generation FW configuration type has settings active on the firewall? Select one: a. Running b. Candidate c. Legacy d. Startup

Running

Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user's browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log? Select one: a. alert b. block c. continue d. override

override

What component of the Next Generation Firewall will protect from port scans? Select one: a. Zone protection b. DOS Protection c. Anti-Virus Protection d. Vulnerability protection

Zone protection

Which built in role on the next generation firewall is the same as superuser except for creation of administrative accounts? a. deviceadmin b. vsysadmin c. sysadmin d. devicereader

deviceadmin

Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems? a. superuser b. custom role c. deviceadmin d. vsysadmin

deviceadmin

Which command will reset a next generation firewall to its factory default settings if you know the admin account password? Select one: a. reset system settings b. reload c. request system private-data-reset d. reset startup-config

request system private-data-reset

Which Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity? Select one: a. VM-700 b. VM-500 c. VM-100 d. VM-50

VM-500

To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics: Select one: a. Action: Deny, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured b. Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured c. Action: Deny, Aggregate Profile with "Resources Protection" configured d. Action: Protect, Aggregate Profile with "Resources Protection" configured

Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured

Which URL filtering security profile action logs the category to the URL filtering log? Select one: a. Alert b. Allow c. Log d. Default

Alert

Which color of the Traffic Light Protocol (TLP) indicates that information requires support to be acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved? Select one: a. Amber b. White c. Green d. Red

Amber

On the Next Generation firewall, what type of security profile detects infected files being transferred with the application? a. Vulnerability Protection b. WildFire Analysis c. Anti-Virus d. URL Filtering e. File Blocking

Anti-Virus

Which Next Generation Firewall feature protects cloud-based applications such as Box, Salesforce, and Dropbox by managing permissions and scanning files for external exposure and sensitive information. a. Aperture b. GlobalProtect c. Panorama d. AutoFocus

Aperture

What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth? Select one: a. Application Command Center (ACC) b. Quality of Service Statistics c. Applications Report d. Quality of Service Log

Application Command Center (ACC)

What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application? Select one: a. Application-dependent b. Application-implicit c. Application-custom d. Application-default

Application-default

Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall? Select one: a. Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud b. Block, Allow, External Dynamic, Custom URL, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud c. Allow, Block, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud d. Block, Allow, Custom URL, External Dynamic, PAN-DB Download, PAN-DB Cloud, PAN-DB Cache

Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

Which is the correct order for the Risk Management Framework (RMF) structured process in the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations System? Select one: a. Categorize, Select, Implement, Authorize, Assess, Monitor b. Select, Categorize, Implement, Assess, Authorize, Monitor c. Categorize, Select, Implement, Assess, Authorize, Monitor d. Monitor, Select, Implement, Assess, Authorize, Categorize

Categorize, Select, Implement, Assess, Authorize, Monitor

When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal? Select one: a. None b. Deletion c. Addition d. Change

Change

Which role in the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations ensures that an effective program is established and implemented for the organization by establishing expectations and requirements for the organizations's ISCM program; working closely with authorizing officials to provide funding, personnel, and other resources to support ISCM; and maintaining high-level communications and working group relationships among organizational entities? Select one: a. Chief Information Officer (CIO) b. Senior Information Security Officer (SISO) c. Authorizing Official (AO) d. Head of Agency (HOA)

Chief Information Officer (CIO)

What type of interface allows the Next Generation firewall to provide switching between two or more networks? Select one: a. Tap b. Layer3 c. Virtual Wire d. Layer2

Layer2

Without a Wildfire subscription, which of the following files can be submitted by the Next Generation FIrewall to the hosted Wildfire virtualized sandbox? Select one: a. PDF files only b. PE and Java Applet only c. MS Office doc/docx, xls/xlsx, and ppt/pptx files only d. PE files only

MS Office doc/docx, xls/xlsx, and ppt/pptx files only

Which feature can be configured with an IPv6 address? Select one: a. BGP b. Static Route c. DHCP Server d. RIPv2

Static Route

Traffic going to a public IP address is being translated by a Next Generation firewall to an internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server? Select one: a. The server public IP b. The firewall Management port IP c. The firewall gateway IP d. The server private IP

The firewall gateway IP

When creating an application filter, which of the following is true? Select one: a. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter b. They are used by malware c. Excessive bandwidth may be used as a filter match criteria d. They are called dynamic because they automatically adapt to new IP addresses

They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter

In the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, which Tier ensures that all system-level security controls (technical, operational, and management) are implemented correctly, operate as intended, produce the desired outcome with respect to meeting the security requirements for the system, and continue to be effective over time? Select one: a. Tier 3 - Information Systems b. Tier 4 - System Authorization c. Tier 2 - Mission/Business Process d. Tier 1 - Organization

Tier 3 - Information Systems

In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic. Select one: True False

True

In addition to routing to other network devices, virtual routers on the Next Generation firewall can route to other virtual routers. Select one: True False

True

On the Next Generation firewall, DNS sinkhole allows administrators to quickly identify infected hosts on the network using DNS traffic. True False

True

On the Next Generation firewall, a commit lock blocks other administrators from committing changes until all of the locks have been released. Select one: True False

True

On the Next Generation firewall, if there is a NAT policy - there must also be a security policy. Select one: True False

True

True or False. Traffic protection from external locations where the egress point is the perimeter is commonly referred to as "North-South" traffic. Select one: True False

True

A "continue" action can be configured on the following security profiles in the Next Generation firewall: Select one: a. URL Filtering and Antivirus b. URL Filtering, File Blocking, and Data Filtering c. URL Filtering d. URL Filtering and File Blocking

URL Filtering and File Blocking

What should be configured as the destination zone on the original packet tab of the NAT Policy rule in the Next Generation firewall? Select one: a. Untrust-L3 b. Any c. Trust-L3 d. DMZ-L3

Untrust-L3


Ensembles d'études connexes

A2 EX.4 CH.40 PREP U Musculoskeletal

View Set

4.- Taxes, Retirement and other Insurance Concepts

View Set