Palo Alto Firewall PCNSA Exam Questions With Correct Answers.
15 vistas 0 veces vendidas
Grado
Palo Alto
Institución
Palo Alto
Palo Alto Firewall PCNSA Exam
Questions With Correct Answers.
What is Palo Alto's 3 data processing feature on its Data Plane? - answerSignature matching,
Security Processing and Network Processing
What are the 2 planes of PAN-FW? - answerControl (Management) Plane and Data plane
What is the p...
palo alto firewall pcnsa exam questions with corre
Escuela, estudio y materia
Palo Alto
Palo Alto
Vendedor
Seguir
Brightstars
Vista previa del contenido
BRIGHTSTARS EXAM STUDY SOLUTIONS 8/15/2024 2:05 PM
Palo Alto Firewall PCNSA Exam
Questions With Correct Answers.
What is Palo Alto's 3 data processing feature on its Data Plane? - answer✔✔Signature matching,
Security Processing and Network Processing
What are the 2 planes of PAN-FW? - answer✔✔Control (Management) Plane and Data plane
What is the principle of Zero Trust model? - answer✔✔Never trust, always verify
What visibility does a Zero Trust network provides? - answer✔✔Both North-South and East-
West traffic (Lateral and Horizontal)
What is Zero Trust 3 main components - answer✔✔All resources are accessed in a secure
manner regardless of location, Access control is on a "need to know" basis and strictly enforced,
and All traffic is logged and inspected.
What is the default IP address on the MGT interface of PAN-FW - answer✔✔192.168.1.1
Ways to connect to PAN-FW - answer✔✔in-band MGT (IP address) and out-of-band MGT
(cable)
What are the 4 methods to manage PAN-FW - answer✔✔Web interface, CLI, Panorama and
XML API
What firewall action blocks traffic and does not notify the sender? - answer✔✔When the firewall
DROP the traffic it does not notify the sender.
What is the default metric for static route? - answer✔✔10
When is the shortest time can you configure the FW to check for Wildfire updates? -
answer✔✔1 minute
What intervals does the firewall dashboard Refresh Rate have? - answer✔✔1 min, 2 mins, 5
mins or Manual
,BRIGHTSTARS EXAM STUDY SOLUTIONS 8/15/2024 2:05 PM
What are the 4 tabs of Application Command Center (ACC)? - answer✔✔Network Activity,
Threat Activity, Blocked Activity and Tunnel Activity.
What is Application Command Center (ACC) for? - answer✔✔Application Command Center
provides a visual summary of the applications traversing the network, categorized by sessions,
bytes, ports, threats and time.
What port number is available for setting up a Syslog Server Profile? - answer✔✔UDP/TCP port
514 or SSL 6514
What is High Availability (HA) deployment for? - answer✔✔For redundancy and business
continuity
What are the two HA deployment modes? - answer✔✔Active/Passive and Active/Active
Does HA increase the session capacity or network throughput? - answer✔✔Active/Passive and
Active/Active HA does not increase session capacity or network throughput?
Which interfaces are supported by Active / Passive HA? - answer✔✔Layer 3, Layer 2 and
Virtual Wire
Which interfaces are supported by Active / Active HA? - answer✔✔Layer 3 and Virtual Wire
only
What is the HA1 Link called? - answer✔✔Control Link
To set up an Control Link (HA1) which plane must they be placed on? - answer✔✔Management
(Control) Plane
What is the HA2 Link called? - answer✔✔Data Link
To set up an Data Link (HA2) which plane must they be placed on? - answer✔✔Data Plane
What does Control link (HA1) synchronize? - answer✔✔Configuration, Routing and User-ID
information
Can physical ports be used as HA ports? - answer✔✔Yes, PA-200 and PA-500 Series do not
have dedicated HA ports, but HA1 can be MGT and its backup on a physical port and HA2 and
its backup can be both on a physical port.
What would happen to HA1/HA2 if the MGT port is a DHCP client? - answer✔✔HA1 / HA2
will not be supported
What is a split brain? - answer✔✔Split-Brain is when there is no Backup Control Link
configured and the Active FW's control link is down the Passive FW will become the active FW
even thought the other FW is still operational.
, BRIGHTSTARS EXAM STUDY SOLUTIONS 8/15/2024 2:05 PM
What is the Default Priority of firewalls when selecting the Active Firewall for HA? -
answer✔✔Default Priority is 100, if equal lowest MAC wins
What is Preemption feature? - answer✔✔Preemption is NOT enabled by default. This feature
allows automatic failback after Active Firewall was down. Which means when Active firewall is
down, it becomes the passive but as soon as it is back up it will switch back again as the Active
firewall after repair.
What are the four monitored metrics to detect a FW failure? (HA) - answer✔✔1. Heartbeat /
Hello messages.
2. Link monitoring (state of the ethernet links)
3. Path Monitoring (ICMP)
4. Internal Health Checks
What is the range of group ID for HA pairs? - answer✔✔1 to 63
What are the five Active/Passive HA states? - answer✔✔1. Initial state - FW remains in this
state after boot-up until it discovers a peer and negotiation begins.
2. Non-functional state (state is in error - could be health check failed or config mismatch)
3. Active state (normal-traffic handling state)
4. Passive state (Normal traffic is discarded; might process LLDP and LACP traffic)
5. Suspended - Administratively disabled
What happens when a FW boots up and no peer is found for HA? - answer✔✔When no peer is
found the FW will become active state
What components has to be the same to set up an HA link? - answer✔✔OS, Model, Databases,
Licenses and HA interface types
True or False: Blockage of just one stage in the cyberattack lifecycle will protect a company's
network from attack - answer✔✔TRUE
What methods can C2 be prevented? - answer✔✔1. DNS sinkholing
2. URL filtering (Blocking outbound C2 Comms to malicious links)
3. Limiting attacker's lateral movement within a network
Why establishing security zones are important? - answer✔✔1. Security Policies are applied to
security zones
2. User access control can be enforced to provide monitoring and inspection of all traffic
between zones
Los beneficios de comprar resúmenes en Stuvia estan en línea:
Garantiza la calidad de los comentarios
Compradores de Stuvia evaluaron más de 700.000 resúmenes. Así estas seguro que compras los mejores documentos!
Compra fácil y rápido
Puedes pagar rápidamente y en una vez con iDeal, tarjeta de crédito o con tu crédito de Stuvia. Sin tener que hacerte miembro.
Enfócate en lo más importante
Tus compañeros escriben los resúmenes. Por eso tienes la seguridad que tienes un resumen actual y confiable.
Así llegas a la conclusión rapidamente!
Preguntas frecuentes
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
100% de satisfacción garantizada: ¿Cómo funciona?
Nuestra garantía de satisfacción le asegura que siempre encontrará un documento de estudio a tu medida. Tu rellenas un formulario y nuestro equipo de atención al cliente se encarga del resto.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for 11,90 €. You're not tied to anything after your purchase.