PCNSE
2 ways to Reset to Factory default - ANS - * from CLI with known password
. request system private-data-reset
* from CLI without PW
reboot and type "maint" during bootup
choose Reset to factory default
or load another config into running memory
\3 global protect connections methods - ANS - * On demand
* user logon (always on)
* pre -logon
\a customer's custom application uses SMTP (email) to transfer directory information, which
needs to be filtered in a very different manner than normal DNS. How do you confiogure this
filtering? - ANS - Create a custom signature, and specify the SMTP fields that are different from
normal DNS use and patterns to identify when it is the custom application
\An organization has strict security requirements that require every connection between two
internal computers to be inspected. Those internal computers are connected and disconnected
by non-technical users. How do you forward traffic between those internal computers? - ANS -
Use an NGFW configured as a switch, with Layer 2 interfaces.
\Are files quarantined while WildFire checks if they are malware or legitimate? - ANS - no
\configure wildfire - ANS - device > setup > wildfire
wildfire.paloaltonetworks.com
signatures published every 5 minutes
\Describe HA active/active deployment - ANS - two firewalls attached with 3 cables, HA1, HA2,
HA3. only recommended for load balancing
\Describe HA active/passive deployment - ANS - recommended, single firewall config synched
between the two firewalls.
Synchronization happens across HA1 connection
Session data is kept on both firewalls via HA2
\DNS and NTP are configured where? - ANS - Device > Setup > Services
\functions on the data plane - ANS - • Signature Match Processor:
o All Content-ID and App-ID services
• Security Processors:
o Session management
o Encryption/decryption
o Compression/decompression
o Policy enforcement
• Network Processor:
o Route
, o ARP
o MAC lookup
o QoS
o NAT
o Flow control
\functions on the management plane - ANS - • Configuration management
• Logging
• Reporting functions
• User-ID agent process
• Route updates
\Global Protect Agent - ANS - * Authenticates against the gateway
* Establishes connection with the gateway
* allows users varying levels of control over the connections
\global protect gateway - ANS - Endpoint for agent connection
* provides security enforcement for traffic from global protect clients
* requires a tunnel interface for external clients
* tunnel interfaces are optional for internal gateways
\Global Protect Portal - ANS - * Authenticates users initating connections to globalrptect
* ability to create and store custom client configurations
* maintains list of internal and external gateways
* Manages CA certificates for client validation of gateways
\HA1 - ANS - Control link (layer 3)
Syncs configuration, exchanges heartbeats and hello
\HA2 - ANS - Data Link (l2 or l3)
Sessions, forwarding tables and arp tables
\How can the NGFW inform web browsers that a web server's certificate is from an unknown
certificate authority (CA)? - ANS - Have two certificate authority certificates in the firewall. One is
used to produce certificates for sites whose original certificate is trusted, and the other for
certificates for sites whose original certificate is untrusted.
\How do you reboot the firewall from the command line? - ANS - request restart system
\how does a global protect client determine if it should use internal or external gateway - ANS -
reverse dns lookup
\How does the NGFW handle excess packets when there are QoS constraints? - ANS - It drops
a percentage of them randomly.
\how many UDP packets are required for the PA to consider it a session - ANS - 3
\how often can app-id check for updates - ANS - every 30 minutes
2 ways to Reset to Factory default - ANS - * from CLI with known password
. request system private-data-reset
* from CLI without PW
reboot and type "maint" during bootup
choose Reset to factory default
or load another config into running memory
\3 global protect connections methods - ANS - * On demand
* user logon (always on)
* pre -logon
\a customer's custom application uses SMTP (email) to transfer directory information, which
needs to be filtered in a very different manner than normal DNS. How do you confiogure this
filtering? - ANS - Create a custom signature, and specify the SMTP fields that are different from
normal DNS use and patterns to identify when it is the custom application
\An organization has strict security requirements that require every connection between two
internal computers to be inspected. Those internal computers are connected and disconnected
by non-technical users. How do you forward traffic between those internal computers? - ANS -
Use an NGFW configured as a switch, with Layer 2 interfaces.
\Are files quarantined while WildFire checks if they are malware or legitimate? - ANS - no
\configure wildfire - ANS - device > setup > wildfire
wildfire.paloaltonetworks.com
signatures published every 5 minutes
\Describe HA active/active deployment - ANS - two firewalls attached with 3 cables, HA1, HA2,
HA3. only recommended for load balancing
\Describe HA active/passive deployment - ANS - recommended, single firewall config synched
between the two firewalls.
Synchronization happens across HA1 connection
Session data is kept on both firewalls via HA2
\DNS and NTP are configured where? - ANS - Device > Setup > Services
\functions on the data plane - ANS - • Signature Match Processor:
o All Content-ID and App-ID services
• Security Processors:
o Session management
o Encryption/decryption
o Compression/decompression
o Policy enforcement
• Network Processor:
o Route
, o ARP
o MAC lookup
o QoS
o NAT
o Flow control
\functions on the management plane - ANS - • Configuration management
• Logging
• Reporting functions
• User-ID agent process
• Route updates
\Global Protect Agent - ANS - * Authenticates against the gateway
* Establishes connection with the gateway
* allows users varying levels of control over the connections
\global protect gateway - ANS - Endpoint for agent connection
* provides security enforcement for traffic from global protect clients
* requires a tunnel interface for external clients
* tunnel interfaces are optional for internal gateways
\Global Protect Portal - ANS - * Authenticates users initating connections to globalrptect
* ability to create and store custom client configurations
* maintains list of internal and external gateways
* Manages CA certificates for client validation of gateways
\HA1 - ANS - Control link (layer 3)
Syncs configuration, exchanges heartbeats and hello
\HA2 - ANS - Data Link (l2 or l3)
Sessions, forwarding tables and arp tables
\How can the NGFW inform web browsers that a web server's certificate is from an unknown
certificate authority (CA)? - ANS - Have two certificate authority certificates in the firewall. One is
used to produce certificates for sites whose original certificate is trusted, and the other for
certificates for sites whose original certificate is untrusted.
\How do you reboot the firewall from the command line? - ANS - request restart system
\how does a global protect client determine if it should use internal or external gateway - ANS -
reverse dns lookup
\How does the NGFW handle excess packets when there are QoS constraints? - ANS - It drops
a percentage of them randomly.
\how many UDP packets are required for the PA to consider it a session - ANS - 3
\how often can app-id check for updates - ANS - every 30 minutes
