PCNSE Flash Cards, PCNSE ALREADY
PASSED
How many firewalls warrant the use of Panorama - ✔✔6
A PA's default MGT IP is - ✔✔192.168.1.1
Disable ________ and _________ on the MGT interface - ✔✔Telnet and HTTP
Palo Alto recommends not giving the ____ port _______ access, instead: give ______ access to a
_______ port - ✔✔MGT, external, external, data
___________ ________________ are how a PA accesses updates, etc., they can be customized per vsys
- ✔✔Service routes
How do you configure service routes - ✔✔Device > setup > services > global > service route
configuration
What is the security policy best practice regarding IDing applications? - ✔✔Use the application ID, NOT
the application's usual port.
How should you leave the service tab configured in a security policy rule for the most effective filtering?
- ✔✔Application default, not 'any'
The threat prevention license includes.... - ✔✔A/V, anti-spyware, and vulnerability protection
,The decryption mirroring license allows... - ✔✔Decrypted traffic to be sent to a separate collector
The URL filtering license allows... - ✔✔The ability to make security policy rules based on dynamic URL
categories
What are the three different options for URL filtering updates? - ✔✔Brightcloud
Pan-db public
Pan-db private (on-prem appliance)
The virtual systems license allows... - ✔✔PA-3000 to have multiple vsys
PA-4000,5000,5200 and 7000 to have more than default vsys (varies by platform)
What platforms do not support virtual systems - ✔✔PA 800, 500, 200, 220 and VM series
Can you get wildfire updates without a wildfire license? What license allows this? - ✔✔Yes you can,
with the threat prevention license
What types of files can you scan with a WF license - ✔✔PDF
APK
JAVA
Office Suite
How fast can you get wildfire updates if you have a WF license? - ✔✔Real-time, immediately
How often does Palo recommend getting WF updates with a WF license? - ✔✔Every minute
,Can you get WF updates from a WF-500 appliance with the threat prevention license? - ✔✔No, you
need a WF license for this function
Can you deploy Global Protect without a Global Protect license? - ✔✔Yes
What additional Global Protect features does the Global Protect license provide? - ✔✔IPV6
Mobile App
Clientless VPN
What is AutoFocus? - ✔✔Graphical analysis of Firewall logs
What are the three options you can use to activate a license? - ✔✔Retrieve license keys from license
server
Use authorization code
Manually upload using license key
What license activation requires a commit before it becomes functional? - ✔✔WF license
What are the different types of content updates (7)? - ✔✔A/V
APPLICATIONS
APPLICATIONS AND THREATS
GLOBAL PROTECT DATA FILE
GLOBAL PROTECT CLIENTLESS VPN
BRIGHTCLOUD URL FILTERING
WILDFIRE
WF-PRIVATE
, A/V content updates require what license - ✔✔TP
Do application content updates require a license? - ✔✔No, just a valid support contract
Do application and threat content updates require a license? - ✔✔Yes, TP license
What is the purpose of global protect data file content updates? - ✔✔Vendor specific info for
evaluating HIP data returned by Global Protect agent
What license if required for GP data file content updates? - ✔✔GP license
What is the purpose of global protect clientless vpn content updates? - ✔✔App signatures for clientless
access to common web apps
What is the purpose of Brightcloud URL filtering content updates? - ✔✔Used to gather brightcloud URL
filtering DB updates
How often are Brightcloud updates published? - ✔✔Daily
Do you need to schedule PAN-DB URL filtering updates? - ✔✔No, they are pushed automatically
What is the purpose of WF content updates? - ✔✔Realtime MW and A/V sigs
If you only have a threat prevention license, how often can you get WF updates? - ✔✔Every 24 to 48
hours
PASSED
How many firewalls warrant the use of Panorama - ✔✔6
A PA's default MGT IP is - ✔✔192.168.1.1
Disable ________ and _________ on the MGT interface - ✔✔Telnet and HTTP
Palo Alto recommends not giving the ____ port _______ access, instead: give ______ access to a
_______ port - ✔✔MGT, external, external, data
___________ ________________ are how a PA accesses updates, etc., they can be customized per vsys
- ✔✔Service routes
How do you configure service routes - ✔✔Device > setup > services > global > service route
configuration
What is the security policy best practice regarding IDing applications? - ✔✔Use the application ID, NOT
the application's usual port.
How should you leave the service tab configured in a security policy rule for the most effective filtering?
- ✔✔Application default, not 'any'
The threat prevention license includes.... - ✔✔A/V, anti-spyware, and vulnerability protection
,The decryption mirroring license allows... - ✔✔Decrypted traffic to be sent to a separate collector
The URL filtering license allows... - ✔✔The ability to make security policy rules based on dynamic URL
categories
What are the three different options for URL filtering updates? - ✔✔Brightcloud
Pan-db public
Pan-db private (on-prem appliance)
The virtual systems license allows... - ✔✔PA-3000 to have multiple vsys
PA-4000,5000,5200 and 7000 to have more than default vsys (varies by platform)
What platforms do not support virtual systems - ✔✔PA 800, 500, 200, 220 and VM series
Can you get wildfire updates without a wildfire license? What license allows this? - ✔✔Yes you can,
with the threat prevention license
What types of files can you scan with a WF license - ✔✔PDF
APK
JAVA
Office Suite
How fast can you get wildfire updates if you have a WF license? - ✔✔Real-time, immediately
How often does Palo recommend getting WF updates with a WF license? - ✔✔Every minute
,Can you get WF updates from a WF-500 appliance with the threat prevention license? - ✔✔No, you
need a WF license for this function
Can you deploy Global Protect without a Global Protect license? - ✔✔Yes
What additional Global Protect features does the Global Protect license provide? - ✔✔IPV6
Mobile App
Clientless VPN
What is AutoFocus? - ✔✔Graphical analysis of Firewall logs
What are the three options you can use to activate a license? - ✔✔Retrieve license keys from license
server
Use authorization code
Manually upload using license key
What license activation requires a commit before it becomes functional? - ✔✔WF license
What are the different types of content updates (7)? - ✔✔A/V
APPLICATIONS
APPLICATIONS AND THREATS
GLOBAL PROTECT DATA FILE
GLOBAL PROTECT CLIENTLESS VPN
BRIGHTCLOUD URL FILTERING
WILDFIRE
WF-PRIVATE
, A/V content updates require what license - ✔✔TP
Do application content updates require a license? - ✔✔No, just a valid support contract
Do application and threat content updates require a license? - ✔✔Yes, TP license
What is the purpose of global protect data file content updates? - ✔✔Vendor specific info for
evaluating HIP data returned by Global Protect agent
What license if required for GP data file content updates? - ✔✔GP license
What is the purpose of global protect clientless vpn content updates? - ✔✔App signatures for clientless
access to common web apps
What is the purpose of Brightcloud URL filtering content updates? - ✔✔Used to gather brightcloud URL
filtering DB updates
How often are Brightcloud updates published? - ✔✔Daily
Do you need to schedule PAN-DB URL filtering updates? - ✔✔No, they are pushed automatically
What is the purpose of WF content updates? - ✔✔Realtime MW and A/V sigs
If you only have a threat prevention license, how often can you get WF updates? - ✔✔Every 24 to 48
hours
