Management > QUESTIONS & ANSWERS > Palo Alto Firewalls Test (All)

Palo Alto Firewalls Test

Document Content and Description Below

Palo Alto Firewalls Test Which protocol used to exchange heartbeat between HA? - ✔✔ICMP The Management Network Port on a Firewall can be Configured as which type of Interface? - ✔✔Layer 3 Why Paloalto is being called a next-generation firewall? - ✔✔Next-generation firewalls include enterprise firewall capabilities, an intrusion prevention system (IPS), and application control features. Palo Alto NGFW is different from other vendors in terms of Platform, Process, and architecture. Palo Alto Networks delivers all the next-generation firewall features using the single platform, parallel processing, and single management systems, unlike other vendors who use different modules or multiple management systems to offer NGFW features. In a New Firewall, which Port provides WebUI access by default? - ✔✔Management port What are various TCP & UDP port numbers used in HA? - ✔✔HA1: TCP/28769, TCP/28260 for clear text communication, TCP/28 for encrypted communication. HA2: Use Protocol number 99 or UDP/29281 A Network Design Change Requires An Existing Firewall To Start Accessing Palo Alto Updates From a Data-Plane Interface Address Instead Of The Management Interface. Which Configuration Setting needs To Be Modified? - ✔✔Service route What are the various links used to establish HA? - ✔✔Control Link Data Link Backup Links Packet-Forwarding Link What is DMZ (Demilitarized Zone)? - ✔✔Servers that are accessed by the Internet are usually located in a DMZ (demilitarized zone). The DMZ makes sure that these servers cannot connect to the internal network. Make sure that the Rule Base contains rules for DMZ traffic. For example, these are rules for a web server in the DMZ What is the command to check the NAT rule? - ✔✔test nat-policy-match which command to check the firewall policy matching for a particular destination? - ✔✔test security-policy-match from trust to untrust destination. When A Malware-infected Host Attempts To Resolve A Known Command-and-control Server, The Traffic Matches A Security Policy With DNS Sinkhole Enabled, generating a Traffic Log. What Will Be The Destination IP Address In That Log Entry? - ✔✔The IP Address specified in the sinkhole configuration. What is the difference between traditional firewall and next generation firewall - ✔✔NGFW are traditional firewalls + IPS (Intrusion Prevention System) + AMP (Adavanced Malware Protection) + AV (Anti-Virus) + URL Proxy NGFW can inspect SSL/SSH encrypted traffic by doing SSL/SSH decryption NGFW also does Intrusion Prevention / Intrusion Detection Services NGFW can also detect Malware and Viruses in the network URL filtering Policies based on username/user id What is the difference between Paloalto NGFW and Checkpoint UTM? - ✔✔PA NGFW follows Single-pass parallel processing while CP UTM follows the Multi-pass architecture process. In An Enterprise Deployment, A Network Security Engineer Wants To Assign To A Group Of Administrators Without Creating Local Administrator Accounts On The Firewall. Which Authentication Method Must Be Used? - ✔✔RADIUS with Vendor-Specific Attributes. The Configuration Of a DoS Protection Profile Can Defend Nodes From which Attacks? - ✔✔Floods Describe about Palo Alto architecture and advantage ? - ✔✔Ans: Architecture- Single Pass Parallel Processing (SP3) architecture Advantage: This Single Pass traffic processing enables very high throughput and low latency - with all security functions active. It also offers a single, fully integrated policy that helps simplify and easier management of firewall policy. What must be Used In Security Policy Rule That Contains Addresses where Nat Policy Applies? - ✔✔Pre-NAT address and Post-Nat zones. Explain about virtual system ? - ✔✔Ans: A virtual system specifies a collection of physical and logical firewall interfaces and security zones. The virtual system allows to segmentation of security policy functionalities like ACL, NAT, and QoS. Networking functions including static and dynamic routing are not controlled by virtual systems. If routing segmentation is desired for each virtual system, we should have an additional virtual router. What you mean by Device Group and Device Template.? - ✔✔Ans: Device group allows you to group firewalls that require a similar set of policies, such as firewalls that manage a group of branch offices or individual departments in a company. Panorama treats each group as a single unit when applying policies. A firewall can belong to only one device group. The Objects and Policies are only part of Device Group. Device Templates enable you to deploy a common base configuration like Network and devicespecific settings to multiple firewalls that require similar settings. This is available in Device and Network tabs on Panorama. How Does Panorama Handle Incoming Logs When it reaches Maximum Storage Capacity? - ✔✔Panorama automatically delete older logs to create space for new ones. What is Global Protect? - ✔✔Ans: GlobalProtect provides a transparent agent that extends enterprise security policy to all users regardless of their location. The agent also can act as a Remote Access VPN client. The following are the component. Gateway: This can be or more interface on the Palo Alto firewall which provides access and security enforcement for traffic from Global Protect Agent. Portal: Centralized control which manages gateway, certificate, user authentication, and end-host checklist. Agent: software on the laptop that is configured to connect to the GlobalProtect deployment. What is the use of Security Profile? - ✔✔Ans: Security Profile used to scans allowed applications for threats, such as viruses, malware, spyware, and DDOS attacks. Security profiles are not used in the match criteria of traffic flow. The security profile is applied to scan traffic after the application or category is allowed by the security policy. You can add security profiles that are commonly applied together to a Security Profile Group. Following are the Security Profiles available: Antivirus Profiles Anti-Spyware Profiles Vulnerability Protection Profiles URL Filtering Profiles Data Filtering Profiles File Blocking Profiles WildFire Analysis Profiles DoS Protection Profiles What are the four deployment modes and explain ? - ✔✔Tap Mode: Tap mode allows you to passively monitor traffic flow across the network by way of tap or switch SPAN/mirror port Virtual wire: In a virtual wire deployment, the firewall is installed transparently on a network segment by binding two interfaces together Layer 2 mode: multiple interfaces can be configured into a "virtual-switch" or VLAN in L2 mode. Layer 3 Deployment: In a Layer 3 deployment, the firewall routes traffic between multiple interfaces. An IP address must be assigned to each interface and a virtual router must be defined to route the traffic. What you mean by Zone Protection profile ? - ✔✔Ans: Zone Protection Profiles offer protection against most common flood, reconnaissance, and other packet-based attacks. For each security zone, you can define a zone protection profile that specifies how the security gateway responds to attacks from that zone. The following types of protection are supported: Flood protection: Protects against SYN, ICMP, UDP, and other IP-based flooding attacks. Reconnaissance detection: Allows you to detect and block commonly used port scans and IP address sweeps that attackers run to find potential attack targets. Packet-based attack protection: Protects against large ICMP packets and ICMP fragment attacks. Explain about Single Pass and Parallel processing architecture ? - ✔✔Ans: Single Pass: The single-pass software performs operations once per packet. As a packet is processed, networking functions, policy lookup, application identification, and decoding, and signature matching for any and all threats and content are all performed just once. Instead of using separate engines and signature sets (requiring multi-pass scanning) and instead of using file proxies (requiring file download prior to scanning), the single-pass software in next- generation firewalls scans content once and in a stream-based fashion to avoid latency introduction. Parallel Processing: PA designed with separate data and control planes to support parallel processing. The second important element of the Parallel Processing hardware is the use of discrete, specialized processing groups to perform several critical functions. What is the role of Content-ID? - ✔✔Ans: Content-ID content analysis uses dedicated, specialized content scanning engine On the control plane, a dedicated management processor (with dedicated disk and RAM) drives the configuration management, logging, and reporting without touching data processing hardware. What functions does a decryption profile server - ✔✔-allows you to perform checks on both decrypted traffic and SSL traffic that you choose to exclude from decryption -Block sessions based on certificate status, including blocking sessions with expired certificates, untrusted issuers, unknown certificate status, certificate status check timeouts, and certificate extensions. -Block sessions with unsupported versions and cipher suites, and that require using client authentication. -Block sessions if the resources to perform decryption are not available or if a hardware security module is not available to sign certificates. -Define the protocol versions and key exchange, encryption, and authentication algorithms allowed for SSL Forward Proxy and SSL Inbound Inspection traffic in the SSL Protocol Settings.

[Show More]

Last updated: 2 years ago

Preview 1 out of 9 pages

Buy Now

Instant download

We Accept: