Palo Alto EDU-210 and EDU-220 Questions

For which firewall feature should you create forward trust and forward untrust certificates? A. SSL Forward Proxy decryption B. SSL client-side certificate checking C. SSH decryption D. SSL Inbound Inspection decryption

A

The firewall uses which protocol to access External Dynamic Lists? A. HTTP(S) B. FTP C. SCP D. TFTP

A

What is the maximum number of WildFire appliances that can be grouped into a WildFire appliance cluster? A. 20 B. 32 C. 24 D. 12

A

Which firewall profile protects against port scan reconnaissance activities? A. Zone Protection Profile B. URL Filtering Profile C. DoS Protection Profile D. Data Filtering Profile

A

Which option describes a characteristic of a Zone Protection Profile? A. protects ingress ports of an assigned zone B. protects against single-session DoS attacks C. requires an aggregate DoS Protection Profile D. protects egress ports of an assigned zone

A

Which statement is true about a URL Filtering Profile's continue password? A. There is a single, per-firewall password. B. There is a password per session. C. There is a password per firewall administrator account. D. There is a password per website.

A

Which user credential detection method enables the firewall to detect if a user attempts to connect to a remote website using their corporate username and password? A. Use Domain Credential Filter B. Use User-ID Mapping C. Use IP User Mapping D. Use Multi-Factor Authentication

A

In an HA configuration, which two failure detection methods rely on ICMP ping? (Choose two.) A. path groups B. heartbeats C. link groups D. hellos

AB

Which two log types require a configured Security Profile to generate log entries? (Choose two.) A. Threat B. Data Filtering C. System D. Traffic

AB

WildFire analysis is used to update which three Palo Alto Networks information sources? (Choose three.) A. malicious IP addresses B. malicious domains C. PAN-DB URL categories D. software vulnerabilities E. Cortex XDR

ABC

Which three MGT port configuration settings must be configured before you can remotely access the web interface? (Choose three.) A. netmask B. IP Address C. DNS Server D. default gateway E. hostname

ABD

In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose three.) A. synchronizing configuration B. exchanging hellos C. management configuration D. synchronizing sessions E. exchanging heartbeats

ABE

For which two items can you create custom threat signatures on the firewall? (Choose two.) A. spyware B. viruses C. vulnerabilities D. applications

AC

Which two items are used by the firewall's Content-ID Engine to analyze network traffic for threats? (Choose two.) A. protocol decoders B. custom application signatures C. Security Profiles D. standard application signatures

AC

Which two options describe characteristics of commodity threats? (Choose two.) A. can be targeted B. are always low risk C. are widely distributed D. are not included in advanced persistent threats

AC

Which two statements are true regarding a firewall's SSH decryption configuration? (Choose two.) A. The firewall identifies all traffic as ssh or ssh-tunnel. B. The configuration supports only SSH key-based logins. C. The firewall behaves as an SSH proxy. D. The two end systems must pre-exchange certificates and public keys.

AC

Based on the guidance provided in the course, your Security policy rules and Security Profiles should be configured to protect network traffic flowing in which three directions? (Choose three.) A. outbound B. loopback C. internal D. backhaul E. inbound

ACE

Which three options describe characteristics of packet buffer protection? (Choose three.) A. enabled or disabled per firewall B. protects against multi-session DoS attacks C. applied per zone D. measures new connection rates E. protects against single-session DoS attacks

ACE

Which two conditions must be met before the firewall can use a Security Profile to inspect network traffic for malicious activity? (Choose two.) A. Traffic must be decrypted (clear text). B. Zone protection must be enabled. C. User-ID must be enabled. D. Traffic must match a Security policy rule.

AD

Which two statements are true about sessions on the firewall? (Choose two.) A. The firewall tries to match network packets to an existing session ID. B. The only session information tracked in the session logs are the five tuples. C. Sessions always are matched to a Security policy rule. D. Return traffic is allowed.

AD

Which two statements are true regarding SSL key pinning? (Choose two.) A. It can prevent secure SSL Forward Proxy connections. B. It can prevent secure SSL Inbound Inspection connections. C. It can prevent secure SSH Proxy connections. D. It can prevent the use of counterfeit certificates.

AD

Which two statements are true regarding network segmentation? (Choose two.) A. reduces the attack surface B. depends on network VLAN capability C. implementation requires at least two firewalls D. often aligns with firewall security zone configuration

AD

GlobalProtect clientless VPN provides secure remote access to web applications that use which three technologies? (Choose three.) A. JavaScript B. Python C. HTML5 D. HTML E. Ruby

ADE

Which three methods can you use to control network traffic identified by the firewall as an unknown application? (Choose three.) A. Block the unknown application in the Security policy. B. Decrypt the application. C. Modify Palo Alto Networks App-ID signatures to include the unknown application D. Create an Application Override policy rule. E. Create a custom application signature.

ADE

Which three objects can be sent to WildFire for analysis? (Choose three.) A. URL links found in email B. known files and URL links C. MGT interface traffic D. email attachments E. files traversing the firewall

ADE

A Security policy rule in a destination NAT configuration should be written to match which type of address and zone? A. original pre-NAT source and destination addresses, and the pre-NAT destination zone B. original pre-NAT source and destination addresses, but the post-NAT destination zone C. post-NAT source and destination addresses, but the pre-NAT destination zone D. post-NAT source and destination addresses, and the post-NAT destination zone

B

A Server Profile enables a firewall to locate which server type? A. a server with firewall threat updates B. a server with remote user accounts C. a server with firewall software updates D. a server with an available VPN connection

B

Because a firewall examines every packet in a session, a firewall can detect application ________? A. filters B. shifts C. errors D. groups

B

During which cyber-attack lifecycle stage does the attacker gain the equivalent of "hands-on keyboard" control of the target host? A. delivery B. command-and-control C. exploitation D. weaponization

B

During which cyber-attack lifecycle stage is the attacker working outside the target environment to prepare the attack method and malware? A. reconnaissance B. weaponization C. exploitation D. delivery

B

In an Antivirus Security Profile, WildFire Actions enable you to configure the firewall to perform which operation? A. upload traffic to WildFire when a virus is suspected B. block traffic when a WildFire virus signature is detected C. delete packet data when a virus is suspected D. download new antivirus signatures from WildFire

B

When configuring an Authentication Enforcement object, which authentication method is designed to display a login page for the user to enter their username and password? A. ntlm-challenge B. web-form C. no-captive-portal D. browser-challenge

B

Which DoS Protection policy action must you configure to ensure that the firewall consults a DoS Protection Profile? A. deny B. protect C. continue D. allow

B

Which Security Profile type is designed to scan network traffic for credit card numbers? A. Anti-Spyware B. Data Filtering C. File Blocking D. Vulnerability Protection

B

Which action can you perform to ensure that an SSL/TLS client will trust a firewall's self-signed certificate? A. Add the self-signed certificate to the SSL/TLS server's trusted certificate authority. B. Add the self-signed certificate to the SSL/TLS client's trusted certificate store. C. Ensure that the SSL/TLS client pre-signs the self-signed certificate. D. Ensure that the SSL/TLS server pre-signs the self-signed certificate.

B

Which item is the name of a packet capture stage rather than a packet capture filter? A. protocol number B. drop C. source port D. ingress interface

B

Which option is available to you only when the firewall encounters a commercial application that is unknown to App-ID? A. Create a custom application with a signature. B. Submit it to Palo Alto Networks for a new signature. C. Create a custom application without a signature. D. Submit it to OPSWAT for a new signature.

B

Which statement is true about firewall HTTP header insertion? A. Header insertion is configured as part of custom URL categories. B. Header insertion is only applied to egress packets. C. Header insertion is only applied to ingress packets. D. Header insertion is configured as part of a Data Filtering Profile.

B

Which tool is available in the management web interface to help you migrate from port-based policy rules to application-based policy rules? A. Candidate Checker B. Policy Optimizer C. Preview Changes D. Validate Commit

B

The firewall acts as a proxy for which two types of traffic? (Choose two.) A. SSL Inbound Inspection B. SSL outbound C. SSH D. non-SSL

BC

Which two firewall log types might record the hostname or IP address of the device trying to connect to a sinkhole IP address? (Choose two.) A. URL Filtering B. Threat C. Traffic D. Data Filtering

BC

Which two options describe benefits of a DoS Protection policy and profile? (Choose two.) A. protocol-based attack protection B. firewall resource protection C. session-based flood protection D. pre-session reconnaissance protection

BC

Which two protocols can be configured in a Certificate Profile to verify that a certificate is still valid? (Choose two.) A. HTTP B. OCSP C. CRL D. SCP

BC

Which three firewall web interface tools enable you to specify a time period for the displayed application and threat data? (Choose three.) A. Security policy B. logs C. predefined reports D. Dashboard E. ACC

BCE

An Interface Management Profile can be attached to which two interface types? (Choose two.) A. Layer 2 B. Loopback C. Tap D. Layer 3 E. Virtual Wire

BD

In a Security Profile, which two actions does a firewall take when the profile's action is configured as Reset Server? (Choose two.) A. For UDP sessions, the connection is reset. B. The traffic responder is reset. C. The client is reset. D. For UDP sessions, the connection is dropped.

BD

SSL Inbound Inspection requires that the firewall be configured with which two components? (Choose two.) A. client's digital certificate B. server's digital certificate C. client's public key D. server's private key

BD

Which two elements of a credential-based attack are examples of credential theft? (Choose two.) A. malware B. keystroke logging C. infiltration at the perimeter D. brute force

BD

Which two firewall objects can be configured to forward firewall logs to external destinations? (Choose two.) A. Application Override rule B. Security policy rule C. Network interface D. Security zone

BD

Which two options describe characteristics of advanced persistent threats? (Choose two.) A. stealth achieved by never using commodity threats B. use multiple attack vectors C. stealth achieved by quickly exfiltrating data D. designed for specific targets

BD

Which two options describe legitimate issues to consider when capturing application traffic on the firewall? (Choose two.) A. The firewall must be able to capture the application traffic on the MGT interface. B. Packet captures can negatively affect firewall performance. C. The firewall can packet capture only pre-NAT network packets. D. The firewall has limited packet capture analysis tools.

BD

The Threat log records events from which three Security profiles? (Choose three.) A. URL Filtering B. Anti-Spyware C. File Blocking D. Vulnerability Protection E. Antivirus

BDE

Which three items are used by the firewall's App-ID Engine to identify the application in network traffic? (Choose three.) A. source IP address B. standard application signatures C. Application Override policy D. protocol decoders E. custom application signatures

BDE

The network packet broker feature is supported by which four Palo Alto Networks firewall series? (Choose four.) A. PA-3000 B. PA-3200 C. PA-5000 D. PA-5200 E. PA-7000 F. VM-Series

BDEF

Application block pages can be enabled for which applications? A. any B. non-TCP/IP C. web-based D. MGT port-based

C

Consider the following Applications and Threats content update scenario: Step 1: Download the content update. Step 2: Preview and review policy rules based on new, pending applications. Step 3: Install the content update. Step 4: Commit your configuration. After which step does the firewall begin enforcing new threat signatures? A. 1 B. 2 C. 3 D. 4

C

If you generate a Certificate Signing Request on the firewall, which entity must sign the certificate to prove that the certificate is valid? A. firewall B. SSL/TLS client C. certificate authority D. SSL/TLS server

C

What is the result of performing a firewall Commit operation? A. The saved configuration becomes the loaded configuration. B. The loaded configuration becomes the candidate configuration. C. The candidate configuration becomes the running configuration. D. The candidate configuration becomes the saved configuration.

C

Which Security Profile type would you configure to block access to known-malicious domains? A. URL Filtering B. Vulnerability Protection C. Anti-Spyware D. Data Filtering

C

Which action in a File Blocking Security Profile results in the user being prompted to verify a file transfer? A. Allow B. Alert C. Continue D. Block

C

Which application label will the firewall assign to a TCP connection when the three-way handshake completes but the handshake is not followed by data? A. not-applicable B. incomplete C. insufficient-data D. unknown-tcp

C

Which object is optional during configuration of external firewall authentication? A. SSL/TLS Service Profile B. Authentication Profile C. Authentication Sequence D. Authentication policy

C

Which option describes the result of clicking an application's name in the Dashboard's Top Applications widget? A. The web interface displays a popup window with application usage details. B. The color of the application changes to indicate its risk factor. C. The ACC tab opens with the application added as a global filter. D. Nothing happens because the application name is not a web link.

C

Which statement describes a function provided by an Interface Management Profile? A. It determines which administrators can manage which interfaces. B. It determines the NetFlow and LLDP interface management settings. C. It determines which firewall services are accessible from external devices. D. It determines which external services are accessible by the firewall.

C

Which statement is true regarding combination threat signatures? A. They combine a vulnerability signature with an antivirus signature. B. They combine a vulnerability signature with an application signature. C. They combine a threat signature with a time element. D. They combine a threat signature with multiple actions.

C

Which two types of IP address lists can be updated in your Security policy without requiring you to recommit your firewall's configuration? (Choose two.) A. Address object B. External Dynamic List C. geographic region D. Static Address Group object

C

Which user mapping method is recommended for a highly mobile user base? A. Session Monitoring B. Server Monitoring C. GlobalProtect D. Client Probing

C

You have added an application to an Application Override policy rule. Which firewall operation is skipped when network traffic matches the rule? A. file type inspection based on the File Blocking Profile B. content inspection by the Content-ID Engine C. identification by the App-ID Engine D. data pattern inspection based on the Data Filtering Profile

C

What are two benefits of attaching a Decryption Profile to a Decryption policy no decrypt rule? (Choose two.) A. URL category match checking B. acceptable protocol checking C. untrusted certificate checking D. expired certificate checking

CD

Which two items describe configuration conditions that enable the firewall to generate Traffic log entries? (Choose two.) A. Traffic must be decrypted by the firewall. B. The matching Security policy rule must have an attached Security Profile. C. The matching Security policy rule must enable logging. D. Traffic is allowed by a Security policy rule.

CD

Which two methods can the firewall use to identify SSL-encrypted applications in network traffic? (Choose two.) A. application filters B. Authentication policy rules C. SSL protocol's Server Name Indication field D. certificate's Common Name field

CD

Which two statements are true regarding how the firewall uses its master key? (Choose two.) A. It is used to encrypt file transfers from WildFire. B. It is used to encrypt file transfers to WildFire. C. It is used to encrypt local firewall account passwords. D. It is used to encrypt private keys.

CD

App-ID running on a firewall identifies applications using which three methods? (Choose three.) A. Data Filtering Profile B. WildFire lookups C. program heuristics D. known protocol decoders E. Application signatures

CDE

To which three external destinations can the firewall forward log entries? (Choose three.) A. SMS server B. AutoFocus C. Email server D. HTTP server E. Panorama

CDE

Which three items are reasons to implement SSL/TLS for web-based applications? (Choose three.) A. lower bandwidth consumption B. simplifies web traffic communication C. uses hashes for data integrity D. encrypts data for privacy E. uses certificates for authentication

CDE

Which three types of items can be added to a Security policy rule to control access to URLs? (Choose three.) A. one or more specific URLs B. one or more custom URLs C. an External Dynamic List of URLs D. one or more custom URL categories E. one or more predefined URL categories

CDE

A Security policy rule displayed in italic font indicates which condition? A. The rule is active. B. The rule has been overridden. C. The rule is a clone. D. The rule is disabled.

D

Finding URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that you should take which action? A. Reboot the firewall. B. Download the URL seed database again. C. Validate your Security policy rules. D. Validate connectivity to the PAN-DB cloud.

D

If a DNS Sinkhole is configured, any sinkhole actions that indicate a potentially infected host are recorded in which log type? A. Data Filtering B. Traffic C. Wildfire Submissions D. Threat

D

Which Security Profile type can you configure with a "continue" action so that it blocks an accidental drive-by download when a user accesses a website? A. Data Filtering B. Anti-Spyware C. Vulnerability Protection D. File Blocking

D

Which interface type does NOT require any configuration changes to adjacent network devices? A. Layer 3 B. Layer 2 C. Tap D. Virtual Wire

D

Which interface type is NOT assigned to a security zone? A. Layer 3 B. Virtual Wire C. VLAN D. HA

D

Which is the most important traffic direction on which to configure a URL Filtering Profile? A. internal B. local C. inbound D. outbound

D

Which type of Palo Alto Networks decryption configuration requires the firewall to import the SSL/TLS server's certificate? A. SSL Forward Proxy B. dynamic key pinning C. static key pinning D. SSL Inbound Inspection

D

Which two separate firewall planes comprise the PAN-OS architecture? (Choose two.) A. HA plane B. signature processing plane C. routing plane D. control or management plane E. data plane

DE