PCNSA - Terms/Definitions
security zone - ✔✔group networks that contain particular types of traffic that are contained within
defined security classifications
Intrazone traffic - ✔✔allows traffic to flow between interfaces that exist in the same zone
Interzone traffic - ✔✔denies traffic from flowing between interfaces that exist in different zones
Security policy rules - ✔✔are applied to zones (not interfaces) to allow or deny traffic, apply QoS,
perform NAT, apply security profiles, or set logging parameters.
primary zone types - ✔✔Tap, Layer 2, Layer 3, Tunnel, and Virtual Wire are all
External zone - ✔✔only on some firewall models, allows traffic to pass between virtual systems when
multiple virtual systems are configured on the same firewall.
Ethernet interface types - ✔✔Tap, Virtual Wire, Layer 2, Layer 3, and HA are all
Decrypt Mirror - ✔✔traffic from a firewall to be copied and sent to a traffic collection tool that can
receive raw packet captures, sent to a data loss prevention (DLP) service.
Log card - ✔✔PA-7000 Firewalls only, port performs log forwarding for syslog, email, Simple Network
Management Protocol (SNMP), and WildFire® file forwarding
Aggregate - ✔✔bundle multiple physical HA3, Virtual Wire, Layer 2, or Layer 3 interfaces into a logical
interface for better performance
, HA interface - ✔✔for configuration synchronization and heartbeats on one side; and for state
synchronization on the other.
Tap - ✔✔interface monitors/log traffic that is connected to a network switch's MIRROR/SPAN port. and
analyzes for App‐ID, User‐ID, Content‐ID, and decrypts traffic.
Virtual Wire - ✔✔simply pass traffic through a firewall by binding two Ethernet interfaces, allowing
traffic to pass between them. Preform NAT and logs traffic but has no IP or MAC addresses
Layer 2 Interfaces - ✔✔traffic can route to other Layer 3 interfaces using a Layer 3 VLAN interface;
interfaces must be assigned to a VLAN object. BPDU, QoS shaping, traffic examination.
Layer 2 Subinterfaces - ✔✔you can define an additional logical, interface for each VLAN tag assigned to
the traffic that the port receives
Layer 3 Interfaces - ✔✔routes traffic between multiple interfaces. A Virtual Router object must exist for
the firewall to route traffic between interfaces.
Advanced tab - ✔✔configure a variety of settings such as MTU, static ARP, LLDP, IPv6 NDP, link speed,
and duplex settings
Layer 3 Subinterfaces - ✔✔possess the same capabilities and features as Layer 3 interfaces, interfaces
are assigned to 802.1Q VLANs
Virtual routers - ✔✔routes to remote subnets either by the manual addition of static routes or the
dynamic addition of routes using dynamic routing protocols each of which maintains a separate set of
routes
Dynamic routing protocols - ✔✔BGP4, RIPv2, OSPFv2-v3
security zone - ✔✔group networks that contain particular types of traffic that are contained within
defined security classifications
Intrazone traffic - ✔✔allows traffic to flow between interfaces that exist in the same zone
Interzone traffic - ✔✔denies traffic from flowing between interfaces that exist in different zones
Security policy rules - ✔✔are applied to zones (not interfaces) to allow or deny traffic, apply QoS,
perform NAT, apply security profiles, or set logging parameters.
primary zone types - ✔✔Tap, Layer 2, Layer 3, Tunnel, and Virtual Wire are all
External zone - ✔✔only on some firewall models, allows traffic to pass between virtual systems when
multiple virtual systems are configured on the same firewall.
Ethernet interface types - ✔✔Tap, Virtual Wire, Layer 2, Layer 3, and HA are all
Decrypt Mirror - ✔✔traffic from a firewall to be copied and sent to a traffic collection tool that can
receive raw packet captures, sent to a data loss prevention (DLP) service.
Log card - ✔✔PA-7000 Firewalls only, port performs log forwarding for syslog, email, Simple Network
Management Protocol (SNMP), and WildFire® file forwarding
Aggregate - ✔✔bundle multiple physical HA3, Virtual Wire, Layer 2, or Layer 3 interfaces into a logical
interface for better performance
, HA interface - ✔✔for configuration synchronization and heartbeats on one side; and for state
synchronization on the other.
Tap - ✔✔interface monitors/log traffic that is connected to a network switch's MIRROR/SPAN port. and
analyzes for App‐ID, User‐ID, Content‐ID, and decrypts traffic.
Virtual Wire - ✔✔simply pass traffic through a firewall by binding two Ethernet interfaces, allowing
traffic to pass between them. Preform NAT and logs traffic but has no IP or MAC addresses
Layer 2 Interfaces - ✔✔traffic can route to other Layer 3 interfaces using a Layer 3 VLAN interface;
interfaces must be assigned to a VLAN object. BPDU, QoS shaping, traffic examination.
Layer 2 Subinterfaces - ✔✔you can define an additional logical, interface for each VLAN tag assigned to
the traffic that the port receives
Layer 3 Interfaces - ✔✔routes traffic between multiple interfaces. A Virtual Router object must exist for
the firewall to route traffic between interfaces.
Advanced tab - ✔✔configure a variety of settings such as MTU, static ARP, LLDP, IPv6 NDP, link speed,
and duplex settings
Layer 3 Subinterfaces - ✔✔possess the same capabilities and features as Layer 3 interfaces, interfaces
are assigned to 802.1Q VLANs
Virtual routers - ✔✔routes to remote subnets either by the manual addition of static routes or the
dynamic addition of routes using dynamic routing protocols each of which maintains a separate set of
routes
Dynamic routing protocols - ✔✔BGP4, RIPv2, OSPFv2-v3
