PCNSA 2024 - Module 1 Exam Questions
With Correct Answers
What 4 methods of access exist for accessing Palo's NGFWs? - answer✔✔1. Web interface
2. CLI
3. Panorama
4. XML API
What is Panorama? - answer✔✔Provides Central Management for multiple PAN NGFW's
What is the difference between control plane and data plane? - answer✔✔Control plane is used
to separate mgmt functions, data plane is used for network traffic processing. The separation
helps safeguard access to the firewall and enhances performance.
What is the XML API used for? - answer✔✔Provides an interface based on REST, used for
accessing firewall configs, operational status, reports, and packet captures.
What can the XML API be used for in automation? - answer✔✔1. Create/modify configurations
2. Retreive reports
3. Manage users through User-ID
4. Execute operational commands
5. Update dynamic objects without modifying/commit new configuration
Can management access be provided over a data interface? - answer✔✔Yes
What configurations are included for each data interface? (3 default, 8 total) - answer✔✔HTTPS
(Default)
SSH (Default)
Ping (Default)
Telnet
HTTP
What is an Interface Management Profile used for? - answer✔✔Protects firewall from
unauthorized access by defining the protocol, services, and IP addresses that a firewall interface
permits for management.
What happens if an interface management profile is NOT added to an interface? -
answer✔✔Firewall will deny management access for all IPs, protocols and services by default.
What type of interfaces can Interface Management Profiles be assigned to? - answer✔✔L3
Ethernet Interfaces (incl sub-interfaces)
Logical interfaces, suc has aggregate group, VLAN, loopback, and tunnel interfaces.
What is a service route? - answer✔✔Service routes are used so that the communication between
the firewall and servers go through the data ports on the data plane.
By default the firewall uses management interfaces to communicate with various servers, ex for
EDL, DNS, email, PAN updates.
Which key services must be setup during the initial firewall configuration? - answer✔✔DNS and
NTP
What configuration parameters can DHCP dynamically learn? - answer✔✔IP for mgmt,
subnetmask, default gateway, and at least one DNS server address
What is an authentication profile? - answer✔✔Provides authentication settings that can be
applied to administrator accounts, SSL-VPN access, and Captive Portal.
What authentication profile types can be used? - answer✔✔Local Database
Radius
LDAP
TACACS+
SAML
Kerberos
What is an authentication sequence used for? - answer✔✔Admin roles for external administrator
accounts can be assigned to an authentication sequence, which includes a sequence of one or
more authentication profiles that are processed in a specific order.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.