Palo Alto (1-6)
In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for Wildfire updates? Select one: a. 30 Minutes b. 15 Minutes c. 1 Hour d. 5 Minutes
5 Minutes
What is the maximum size of .EXE files uploaded from the Next Generation firewall to WIldfire? Select one: a. Configurable up to 10 megabytes b. Always 2 megabytes c. Configurable up to 2 megabytes d. Always 10 megabytes
Configurable up to 10 megabytes
Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule on the Next Generation firewall? Select one: a. Bi-Directional b. Dynamic IP and Port c. Static IP d. Dynamic IP
Dynamic IP and Port
Which NGFW security policy rule applies to all matching traffic within the specified source zones? Select one: a. Intrazone b. Universal c. Default d. Interzone
Intrazone
In which stage of the Cyber Attack Lifecycle model do attackers gain access "inside" an organization and activate attack code on the victim's host and ultimately take control of the target machine? Select one: a. Weaponization and Delivery b. Reconnaissance c. Exploitation d. Command and Control
Exploitation
All of the interfaces on a Next Generation firewall must be of the same interface type. Select one: True False
False
On the Next Generation firewall, application groups are always automatically updated when new applications are added to the App-ID database. Select one: True False
False
Security policy rules on the Next Generation firewall specify a source and a destination interface. Select one: True False
False
What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall? Select one: a. Filter the traffic logs for all traffic from the user that resulted in a deny action b. Filter the data filtering logs for the user's traffic and the name of the PDF file c. Filter the session browser for all sessions from a user with the application adobe d. Filter the system log for failed download messages
Filter the data filtering logs for the user's traffic and the name of the PDF file
In a Next Generation firewall, how many packet does it take to identify the application in a TCP exchange? Select one: a. Four or five b. Three c. Two d. One
Four or five
Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo, Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option. Select one: a. Safe Search Enforcement b. User Credential Detection c. HTTP Header Logging d. Log Container Page Only
Safe Search Enforcement
Which type of interface will allow the firewall to be inserted into an existing topology without requiring any reallocation of network addresses or redesign on the network topology? Select one: a. Layer 3 b. Tap c. Layer 2 d. Virtual Wire
Virtual Wire
Which of the following services are enabled on the Next Generation firewall MGT interface by default? Select one or more: a. HTTPS b. HTTP c. SSH d. Telnet
Select one or more: HTTPS SSH Telnet
What is the benefit of enabling the "passive DNS monitoring" checkbox on the Next Generation firewall? Select one or more: a. Improved malware detection in Wildfire b. Improved PAN DB malware detection c. Improved anti-virus detection d. Improved DNS based command and control signatures
Select one or more: Improved malware detection in Wildfire Improved PAN DB malware detection Improved DNS based command and control signatures
What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)? Select one or more: a. Network Traffic b. Threat Activity c. Blocked Activity d. Application Traffic
Select one or more: Network Traffic Threat Activity Blocked Activity
Which three engines are built into the Single Pass Parallel Processing Architecture of the Next Generation firewall? Select one or more: a. User Identification (User-ID) b. Content Identification (Content-ID) c. Threat Identification (Threat-ID) d. Application Identification (App-ID) e. Group Identification (Group-ID)
Select one or more: User Identification (User-ID) Content Identification (Content-ID) Application Identification (App-ID)
What two interface types on the Next Generation firewall provide support for Network Address Translation? Select one or more: a. Virtual Wire b. Layer2 c. Tap d. Layer 3 e. HA
Select one or more: Virtual Wire Layer 3
Which web development program is an object-oriented, class-based and concurrent language that was developed by Sun Microsystems in the 1990s? Select one: a. Java b. Python c. Ruby d. PHP
Java
Which type of social engineering attack involves hackers who impersonate IT service people and who spam call as many direct numbers that belong to a company as they can find? These attackers offer IT assistance to each and every one of their victims. Select one: a. Phishing b. Baiting c. Pretexting d. Quid Pro Quo
Quid Pro Quo
Which of the following is a routing protocol supported in a Next Generation firewall? Select one: a. RIPV2 b. EIGRP c. ISIS d. IGRP
RIPV2
Which Next Generation FW configuration type has settings active on the firewall? Select one: a. Running b. Candidate c. Legacy d. Startup
Running
Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user's browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log? Select one: a. alert b. block c. continue d. override
override
What component of the Next Generation Firewall will protect from port scans? Select one: a. Zone protection b. DOS Protection c. Anti-Virus Protection d. Vulnerability protection
Zone protection
Which built in role on the next generation firewall is the same as superuser except for creation of administrative accounts? a. deviceadmin b. vsysadmin c. sysadmin d. devicereader
deviceadmin
Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems? a. superuser b. custom role c. deviceadmin d. vsysadmin
deviceadmin
Which command will reset a next generation firewall to its factory default settings if you know the admin account password? Select one: a. reset system settings b. reload c. request system private-data-reset d. reset startup-config
request system private-data-reset
Which Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity? Select one: a. VM-700 b. VM-500 c. VM-100 d. VM-50
VM-500
To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics: Select one: a. Action: Deny, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured b. Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured c. Action: Deny, Aggregate Profile with "Resources Protection" configured d. Action: Protect, Aggregate Profile with "Resources Protection" configured
Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured
Which URL filtering security profile action logs the category to the URL filtering log? Select one: a. Alert b. Allow c. Log d. Default
Alert
Which color of the Traffic Light Protocol (TLP) indicates that information requires support to be acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved? Select one: a. Amber b. White c. Green d. Red
Amber
On the Next Generation firewall, what type of security profile detects infected files being transferred with the application? a. Vulnerability Protection b. WildFire Analysis c. Anti-Virus d. URL Filtering e. File Blocking
Anti-Virus
Which Next Generation Firewall feature protects cloud-based applications such as Box, Salesforce, and Dropbox by managing permissions and scanning files for external exposure and sensitive information. a. Aperture b. GlobalProtect c. Panorama d. AutoFocus
Aperture
What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth? Select one: a. Application Command Center (ACC) b. Quality of Service Statistics c. Applications Report d. Quality of Service Log
Application Command Center (ACC)
What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application? Select one: a. Application-dependent b. Application-implicit c. Application-custom d. Application-default
Application-default
Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall? Select one: a. Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud b. Block, Allow, External Dynamic, Custom URL, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud c. Allow, Block, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud d. Block, Allow, Custom URL, External Dynamic, PAN-DB Download, PAN-DB Cloud, PAN-DB Cache
Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud
Which is the correct order for the Risk Management Framework (RMF) structured process in the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations System? Select one: a. Categorize, Select, Implement, Authorize, Assess, Monitor b. Select, Categorize, Implement, Assess, Authorize, Monitor c. Categorize, Select, Implement, Assess, Authorize, Monitor d. Monitor, Select, Implement, Assess, Authorize, Categorize
Categorize, Select, Implement, Assess, Authorize, Monitor
When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal? Select one: a. None b. Deletion c. Addition d. Change
Change
Which role in the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations ensures that an effective program is established and implemented for the organization by establishing expectations and requirements for the organizations's ISCM program; working closely with authorizing officials to provide funding, personnel, and other resources to support ISCM; and maintaining high-level communications and working group relationships among organizational entities? Select one: a. Chief Information Officer (CIO) b. Senior Information Security Officer (SISO) c. Authorizing Official (AO) d. Head of Agency (HOA)
Chief Information Officer (CIO)
What type of interface allows the Next Generation firewall to provide switching between two or more networks? Select one: a. Tap b. Layer3 c. Virtual Wire d. Layer2
Layer2
Without a Wildfire subscription, which of the following files can be submitted by the Next Generation FIrewall to the hosted Wildfire virtualized sandbox? Select one: a. PDF files only b. PE and Java Applet only c. MS Office doc/docx, xls/xlsx, and ppt/pptx files only d. PE files only
MS Office doc/docx, xls/xlsx, and ppt/pptx files only
Which feature can be configured with an IPv6 address? Select one: a. BGP b. Static Route c. DHCP Server d. RIPv2
Static Route
Traffic going to a public IP address is being translated by a Next Generation firewall to an internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server? Select one: a. The server public IP b. The firewall Management port IP c. The firewall gateway IP d. The server private IP
The firewall gateway IP
When creating an application filter, which of the following is true? Select one: a. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter b. They are used by malware c. Excessive bandwidth may be used as a filter match criteria d. They are called dynamic because they automatically adapt to new IP addresses
They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter
In the Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, which Tier ensures that all system-level security controls (technical, operational, and management) are implemented correctly, operate as intended, produce the desired outcome with respect to meeting the security requirements for the system, and continue to be effective over time? Select one: a. Tier 3 - Information Systems b. Tier 4 - System Authorization c. Tier 2 - Mission/Business Process d. Tier 1 - Organization
Tier 3 - Information Systems
In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic. Select one: True False
True
In addition to routing to other network devices, virtual routers on the Next Generation firewall can route to other virtual routers. Select one: True False
True
On the Next Generation firewall, DNS sinkhole allows administrators to quickly identify infected hosts on the network using DNS traffic. True False
True
On the Next Generation firewall, a commit lock blocks other administrators from committing changes until all of the locks have been released. Select one: True False
True
On the Next Generation firewall, if there is a NAT policy - there must also be a security policy. Select one: True False
True
True or False. Traffic protection from external locations where the egress point is the perimeter is commonly referred to as "North-South" traffic. Select one: True False
True
A "continue" action can be configured on the following security profiles in the Next Generation firewall: Select one: a. URL Filtering and Antivirus b. URL Filtering, File Blocking, and Data Filtering c. URL Filtering d. URL Filtering and File Blocking
URL Filtering and File Blocking
What should be configured as the destination zone on the original packet tab of the NAT Policy rule in the Next Generation firewall? Select one: a. Untrust-L3 b. Any c. Trust-L3 d. DMZ-L3
Untrust-L3
