PCNSA - Interface Configuration Exam 39 Questions with Verified Answers,100% CORRECT

Document Content and Description Below

PCNSA - Interface Configuration Exam 39 Questions with Verified Answers Tap interface - CORRECT ANSWER firewall can connect to SPAN or mirror port to identify applications running on the network. ... Requires no changes to existing network design. Firewall cannot control any traffic. virtual wire - CORRECT ANSWER firewall can be inserted into existing topology without re-allocation of network addresses or redesign of topology. All protection, decryption and NAT features can be used in this mode. Layer 3 interface - CORRECT ANSWER firewall can replace any current enterprise firewall deployment Security Zone - CORRECT ANSWER logical grouping of traffic on the network intrazone default security policy - CORRECT ANSWER implicit allow all interzone default security policy - CORRECT ANSWER traffic between zones implicit deny by default In-band network interfaces - CORRECT ANSWER includes physical interfaces and logical subinterfaces, each interface/subinterface can only be assigned to one zone. A zone can contain multiple interfaces. Interfaces not assigned to a zone - CORRECT ANSWER MGT and HA (all other interface types must be assigned to a zone in order to process traffic) Tap Zone type - CORRECT ANSWER for Tap interfaces only Layer 2 zone - CORRECT ANSWER for layer 2 interfaces only layer 3 zone - CORRECT ANSWER supports layer3 , VLAN, loopback, and tunnel interfaces Virtual Wire Zone - CORRECT ANSWER Virtual wire interfaces External Zone type - CORRECT ANSWER (only on some FW models) allows traffic to pass between virtual systems within the same firewall also referred to as a 'bump in the wire' or 'transparent in-line deployment' - CORRECT ANSWER virtual wire T/F? A virtual wire object can block or allow traffic based on 802.1Q VLAN tags? - CORRECT ANSWER True Multicast Firewalling - CORRECT ANSWER Configured on a virtual wire object to allow filtering of multicast traffic based on security policy rules Link-state passthrough - CORRECT ANSWER allows devices on each side of the virtual wire to see the link-state signal from each other Supported Netflow types on all interface types except HA - CORRECT ANSWER Netflow v9 and unidirectional only Virtual Wire subinterfaces - CORRECT ANSWER classifies and matches traffic according to VLAN tag or IP classifiers (required for untagged traffic, optional for tagged) Layer 2 Interfaces - CORRECT ANSWER Provides switching between 2 or more interfaces through a common VLAN object Does not support routing or firewall management traffic Layer 2 subinterfaces - CORRECT ANSWER Can each be assigned to a separate 802.1q vlan and zones, need route between VLANs layer 3 interface requirements - CORRECT ANSWER at least 1 ip address assigned, must be assigned to a virtual router and zone, can support firewall management traffic through service route T/F IPv6 is enabled by default on the firewall? - CORRECT ANSWER False (enable using Device > Setup > Session > Session Settings) Layer3 interface address assignment - CORRECT ANSWER Static, DHCP client, PPPoE (for DSL connection) Interface Management Profile - CORRECT ANSWER defines the type of firewall management service that are accessible through a layer 3 interface Untagged subinterface - CORRECT ANSWER creates layer 3 subinterfaces not assigned to a specific VLAN but carry untagged traffic Layer 3 Subinterfaces - CORRECT ANSWER Used to isolate traffic on different VLANs on the same physical port. Traffic can be routed between VLANs but still need to be assigned to zones and appropriate security rules to allow traffic to pass between zones Virtual routers - CORRECT ANSWER Used for routing between networks. Supports static routes, dynamic routing protocols, and multicase routing (PIM-SM, PIM-SSM) Admin Distance - CORRECT ANSWER A value assigned to the source of routing information to help choose the most trustworthy routing information Metric - CORRECT ANSWER A value assigned to tell the router which path to use to the same destination offered by the same routing protocol or static route Route path monitoring - CORRECT ANSWER determines if a route is usable by continuously pinging a specified address. Will remove a route if it fails and re-add it when it comes back online More Runtime Stats - CORRECT ANSWER In Virtual Router configuration, used to view the routing table, and other details Route table - CORRECT ANSWER RIB that contains all currently known routes Forwarding Table - CORRECT ANSWER Contains the FIB, or the firewall interfaces and IP addresses currently used to forward traffic Static Route Monitoring - CORRECT ANSWER status of monitored paths from static routes VLAN Interfaces - CORRECT ANSWER Assigned an IP address, provides a routable path for Layer 2 interfaces to Layer 3 interfaces (attached to a virtual router) Loopback Interface - CORRECT ANSWER logical interface, assigned an IP address, behaves like a host interface to provide access to firewall services. IP assigned to a loopback interface must have no netmask or a /32 netmask Policy-Based Forwarding - CORRECT ANSWER allows traffic to take an alternative path from the next hop specified in the route table. does not apply to traffic originating from the firewall itself (i.e ipsec vpn, globalprotect, or virtual router traffic) PBF Rules - CORRECT ANSWER use match criteria to match traffic... PBF path monitoring uses heartbeats to detect reachability of the route, can specify failover route or wait-recover action [Show More]

Last updated: 2 years ago

Preview 1 out of 4 pages