What are the URL Filtering Security Profile actions? - Alert
Allow
Block
Continue
Override
How to mitigate vulnerabilities? - - Create v-object and add to security policy
Identities with access privildges associated with dynamic roles - Superuser
Superuser (RO)
Virtual admin
Virtual admin (RO)
Device admin
Device admin (RO)
Two types of clients - Integrated and Windows client
Methods for user mapping - Server monitor
Port Mapping
Syslog (login and logout events)
XFF header
Authentication Policy and Captive Portal
GlobalProtect
XML API
Client Probing
,What database is in the data-plane cache? - Recently used URLs
Seed Database - A regional subset of the URL database
How are next gen FWs different from traditional FW - - URL filtering
- Has the ability to identify malicious packets (malware) by dynamically learning (updates from internet).
If info is unknown then it will send/ask the cloud
- Deep packet inspection
- Application Awareness with certain protocols
- User IDs (keeps track of User's IPs)
- Inspects encrypted packets
Deep packet inspection - Looking beyond L3 and L4
Application Awareness - Blocks certain aspects of an application
- Ex. Users can get into facebook, but not use messenger
How to next gen firewalls cover encrypted traffic? - Two tunnels are created.
One before and one after the FW. The FW inspects the app details before it re-encrypts data
How to start the initial config? - 1. Connect to the device
2. Change the IP to the subnet of the routers interface
3. Add DNS and gateway
Are there other interfaces on the device? - Yes, a physical management interface
What command is needed for any changes in the CLI? - commit... this will add it to running config
,Where to find IP services in GUI? - Under devices
By default, which interface is used for routing traffic? - Management
You can add more or change
What to consider when update PAN-OS? - Update dynamic software first (anti-virus, threat detection,
etc)
How do updates work? - Go under device to software then hit "check now" at the bottom
You can click "download" then "install"
**Dynamic software first***
What should you do before making adjustments to the FW? - See what kind of traffic is coming in first
"Try the food before you salt it"
What is TAP mode/TAP interface? - Used for analyzing data
- Usually, the connected Cisco switch is using SPAN to replicate traffic
Can PAs distinguish between apps with the same protocol and port number? - Yes
How do virtual wire interfaces work? - For existing networks..
- You can add the FW between two routers
- There will be one virtual interface per router
- Both interfaces will be in the same subnet as the routers interface so traffic has to go through it
- Virtual interfaces will be d/d
- Does not do L2 forwarding
How to configure vInterfaces (vWire) - - Under network, then interfaces
- Add vWires to object (vWires on left)
, - commit (allow pop ups if needed) and 20 lines
Layer 2 interface - - You can deploy the FW as a L2 switch
- Same infig under "network to interfaces"
How many interfaces can vWire support? - only 2
How does L3 work on FW? - Same as L2. Needs an IP and provides routing capabilities
Cyber Attack Lifecycle - 1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation (initial entry point)
5. Installation (priv)
6. C&C
7. Act on Objection
Components to the Security Operating Platform - Customer Apps
- Network security
- Advanced endpoint protection
- Cloud security
- Cloud-delivered security services
- Cortex and Cortex Data Lake
- Pa Network Apps, Third Part Apps, and customer apps
Three vehciles to deliver cloud security - inline seecurity (VM-series FW)
API security (Cortex XDR, Prisma SaaS)
Host Security (Traps)- zero day prevention
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller oneclass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.48. You're not tied to anything after your purchase.