PCNSA - Domain 2: Questions & Answers
Security zone Correct Ans - group networks that contain particular
types of traffic that are contained within defined security classifications
Intrazone traffic Correct Ans - allows traffic to flow between
interfaces that exist in the same zone
Interzone traffic Correct Ans - denies traffic from flowing between
interfaces that exist in different zones
Security policy rules Correct Ans - are applied to zones (not
interfaces) to allow or deny traffic, apply QoS, perform NAT, apply security
profiles, or set logging parameters.
primary zone types Correct Ans - Tap, Layer 2, Layer 3, Tunnel, and
Virtual Wire are all
External zone Correct Ans - only on some firewall models, allows
traffic to pass between virtual systems when multiple virtual systems are
configured on the same firewall.
Ethernet interface types Correct Ans - Tap, Virtual Wire, Layer 2,
Layer 3, and HA are all
Decrypt Mirror Correct Ans - traffic from a firewall to be copied
and sent to a traffic collection tool that can receive raw packet captures,
sent to a data loss prevention (DLP) service.
Log card Correct Ans - PA-7000 Firewalls only, port performs log
forwarding for syslog, email, Simple Network Management Protocol
(SNMP), and WildFire® file forwarding
Aggregate Correct Ans - bundle multiple physical HA3, Virtual
Wire, Layer 2, or Layer 3 interfaces into a logical interface for better
performance
HA interface Correct Ans - for configuration synchronization and
heartbeats on one side; and for state synchronization on the other.
, Tap Correct Ans - interface monitors/log traffic that is connected to
a network switch's MIRROR/SPAN port. and analyzes for App ‐ID, User ‐ID,
Content‐ID, and decrypts traffic.
Virtual Wire Correct Ans - simply pass traffic through a firewall by
binding two Ethernet interfaces, allowing traffic to pass between them.
Preform NAT and logs traffic but has no IP or MAC addresses
Layer 2 Interfaces Correct Ans - traffic can route to other Layer 3
interfaces using a Layer 3 VLAN interface; interfaces must be assigned to a
VLAN object. BPDU, QoS shaping, traffic examination.
Layer 2 Subinterfaces Correct Ans - you can define an additional
logical, interface for each VLAN tag assigned to the traffic that the port
receives
Layer 3 Interfaces Correct Ans - routes traffic between multiple
interfaces. A Virtual Router object must exist for the firewall to route traffic
between interfaces.
Advanced tab Correct Ans - configure a variety of settings such as
MTU, static ARP, LLDP, IPv6 NDP, link speed, and duplex settings
Layer 3 Subinterfaces Correct Ans - possess the same capabilities
and features as Layer 3 interfaces, interfaces are assigned to 802.1Q VLANs
Virtual routers Correct Ans - routes to remote subnets either by the
manual addition of static routes or the dynamic addition of routes using
dynamic routing protocols each of which maintains a separate set of routes
Dynamic routing protocols Correct Ans - BGP4, RIPv2, OSPFv2-v3
Multicast routing protocols Correct Ans - IGMPv1, IGMPv2,
IGMPv3, PIM‐SM, PIM ‐ASM, PIM ‐SSM
routing information base (RIB) Correct Ans - The firewall initially
populates its learned routes
Security zone Correct Ans - group networks that contain particular
types of traffic that are contained within defined security classifications
Intrazone traffic Correct Ans - allows traffic to flow between
interfaces that exist in the same zone
Interzone traffic Correct Ans - denies traffic from flowing between
interfaces that exist in different zones
Security policy rules Correct Ans - are applied to zones (not
interfaces) to allow or deny traffic, apply QoS, perform NAT, apply security
profiles, or set logging parameters.
primary zone types Correct Ans - Tap, Layer 2, Layer 3, Tunnel, and
Virtual Wire are all
External zone Correct Ans - only on some firewall models, allows
traffic to pass between virtual systems when multiple virtual systems are
configured on the same firewall.
Ethernet interface types Correct Ans - Tap, Virtual Wire, Layer 2,
Layer 3, and HA are all
Decrypt Mirror Correct Ans - traffic from a firewall to be copied
and sent to a traffic collection tool that can receive raw packet captures,
sent to a data loss prevention (DLP) service.
Log card Correct Ans - PA-7000 Firewalls only, port performs log
forwarding for syslog, email, Simple Network Management Protocol
(SNMP), and WildFire® file forwarding
Aggregate Correct Ans - bundle multiple physical HA3, Virtual
Wire, Layer 2, or Layer 3 interfaces into a logical interface for better
performance
HA interface Correct Ans - for configuration synchronization and
heartbeats on one side; and for state synchronization on the other.
, Tap Correct Ans - interface monitors/log traffic that is connected to
a network switch's MIRROR/SPAN port. and analyzes for App ‐ID, User ‐ID,
Content‐ID, and decrypts traffic.
Virtual Wire Correct Ans - simply pass traffic through a firewall by
binding two Ethernet interfaces, allowing traffic to pass between them.
Preform NAT and logs traffic but has no IP or MAC addresses
Layer 2 Interfaces Correct Ans - traffic can route to other Layer 3
interfaces using a Layer 3 VLAN interface; interfaces must be assigned to a
VLAN object. BPDU, QoS shaping, traffic examination.
Layer 2 Subinterfaces Correct Ans - you can define an additional
logical, interface for each VLAN tag assigned to the traffic that the port
receives
Layer 3 Interfaces Correct Ans - routes traffic between multiple
interfaces. A Virtual Router object must exist for the firewall to route traffic
between interfaces.
Advanced tab Correct Ans - configure a variety of settings such as
MTU, static ARP, LLDP, IPv6 NDP, link speed, and duplex settings
Layer 3 Subinterfaces Correct Ans - possess the same capabilities
and features as Layer 3 interfaces, interfaces are assigned to 802.1Q VLANs
Virtual routers Correct Ans - routes to remote subnets either by the
manual addition of static routes or the dynamic addition of routes using
dynamic routing protocols each of which maintains a separate set of routes
Dynamic routing protocols Correct Ans - BGP4, RIPv2, OSPFv2-v3
Multicast routing protocols Correct Ans - IGMPv1, IGMPv2,
IGMPv3, PIM‐SM, PIM ‐ASM, PIM ‐SSM
routing information base (RIB) Correct Ans - The firewall initially
populates its learned routes
