Palo Alto Firewall PCNSA
What is Palo Alto's 3 data processing feature on its Data Plane? - ✔✔Signature matching, Security
Processing and Network Processing
What are the 2 planes of PAN-FW? - ✔✔Control (Management) Plane and Data plane
What is the principle of Zero Trust model? - ✔✔Never trust, always verify
What visibility does a Zero Trust network provides? - ✔✔Both North-South and East-West traffic
(Lateral and Horizontal)
What is Zero Trust 3 main components - ✔✔All resources are accessed in a secure manner regardless
of location, Access control is on a "need to know" basis and strictly enforced, and All traffic is logged and
inspected.
What is the default IP address on the MGT interface of PAN-FW - ✔✔192.168.1.1
Ways to connect to PAN-FW - ✔✔in-band MGT (IP address) and out-of-band MGT (cable)
What are the 4 methods to manage PAN-FW - ✔✔Web interface, CLI, Panorama and XML API
What firewall action blocks traffic and does not notify the sender? - ✔✔When the firewall DROP the
traffic it does not notify the sender.
What is the default metric for static route? - ✔✔10
,When is the shortest time can you configure the FW to check for Wildfire updates? - ✔✔1 minute
What intervals does the firewall dashboard Refresh Rate have? - ✔✔1 min, 2 mins, 5 mins or Manual
What are the 4 tabs of Application Command Center (ACC)? - ✔✔Network Activity, Threat Activity,
Blocked Activity and Tunnel Activity.
What is Application Command Center (ACC) for? - ✔✔Application Command Center provides a visual
summary of the applications traversing the network, categorized by sessions, bytes, ports, threats and
time.
What port number is available for setting up a Syslog Server Profile? - ✔✔UDP/TCP port 514 or SSL
6514
What is High Availability (HA) deployment for? - ✔✔For redundancy and business continuity
What are the two HA deployment modes? - ✔✔Active/Passive and Active/Active
Does HA increase the session capacity or network throughput? - ✔✔Active/Passive and Active/Active
HA does not increase session capacity or network throughput?
Which interfaces are supported by Active / Passive HA? - ✔✔Layer 3, Layer 2 and Virtual Wire
Which interfaces are supported by Active / Active HA? - ✔✔Layer 3 and Virtual Wire only
What is the HA1 Link called? - ✔✔Control Link
,To set up an Control Link (HA1) which plane must they be placed on? - ✔✔Management (Control) Plane
What is the HA2 Link called? - ✔✔Data Link
To set up an Data Link (HA2) which plane must they be placed on? - ✔✔Data Plane
What does Control link (HA1) synchronize? - ✔✔Configuration, Routing and User-ID information
Can physical ports be used as HA ports? - ✔✔Yes, PA-200 and PA-500 Series do not have dedicated HA
ports, but HA1 can be MGT and its backup on a physical port and HA2 and its backup can be both on a
physical port.
What would happen to HA1/HA2 if the MGT port is a DHCP client? - ✔✔HA1 / HA2 will not be
supported
What is a split brain? - ✔✔Split-Brain is when there is no Backup Control Link configured and the Active
FW's control link is down the Passive FW will become the active FW even thought the other FW is still
operational.
What is the Default Priority of firewalls when selecting the Active Firewall for HA? - ✔✔Default Priority
is 100, if equal lowest MAC wins
What is Preemption feature? - ✔✔Preemption is NOT enabled by default. This feature allows automatic
failback after Active Firewall was down. Which means when Active firewall is down, it becomes the
passive but as soon as it is back up it will switch back again as the Active firewall after repair.
What are the four monitored metrics to detect a FW failure? (HA) - ✔✔1. Heartbeat / Hello messages.
2. Link monitoring (state of the ethernet links)
, 3. Path Monitoring (ICMP)
4. Internal Health Checks
What is the range of group ID for HA pairs? - ✔✔1 to 63
What are the five Active/Passive HA states? - ✔✔1. Initial state - FW remains in this state after boot-up
until it discovers a peer and negotiation begins.
2. Non-functional state (state is in error - could be health check failed or config mismatch)
3. Active state (normal-traffic handling state)
4. Passive state (Normal traffic is discarded; might process LLDP and LACP traffic)
5. Suspended - Administratively disabled
What happens when a FW boots up and no peer is found for HA? - ✔✔When no peer is found the FW
will become active state
What components has to be the same to set up an HA link? - ✔✔OS, Model, Databases, Licenses and
HA interface types
True or False: Blockage of just one stage in the cyberattack lifecycle will protect a company's network
from attack - ✔✔TRUE
What methods can C2 be prevented? - ✔✔1. DNS sinkholing
2. URL filtering (Blocking outbound C2 Comms to malicious links)
3. Limiting attacker's lateral movement within a network
Why establishing security zones are important? - ✔✔1. Security Policies are applied to security zones
2. User access control can be enforced to provide monitoring and inspection of all traffic between zones
What is Palo Alto's 3 data processing feature on its Data Plane? - ✔✔Signature matching, Security
Processing and Network Processing
What are the 2 planes of PAN-FW? - ✔✔Control (Management) Plane and Data plane
What is the principle of Zero Trust model? - ✔✔Never trust, always verify
What visibility does a Zero Trust network provides? - ✔✔Both North-South and East-West traffic
(Lateral and Horizontal)
What is Zero Trust 3 main components - ✔✔All resources are accessed in a secure manner regardless
of location, Access control is on a "need to know" basis and strictly enforced, and All traffic is logged and
inspected.
What is the default IP address on the MGT interface of PAN-FW - ✔✔192.168.1.1
Ways to connect to PAN-FW - ✔✔in-band MGT (IP address) and out-of-band MGT (cable)
What are the 4 methods to manage PAN-FW - ✔✔Web interface, CLI, Panorama and XML API
What firewall action blocks traffic and does not notify the sender? - ✔✔When the firewall DROP the
traffic it does not notify the sender.
What is the default metric for static route? - ✔✔10
,When is the shortest time can you configure the FW to check for Wildfire updates? - ✔✔1 minute
What intervals does the firewall dashboard Refresh Rate have? - ✔✔1 min, 2 mins, 5 mins or Manual
What are the 4 tabs of Application Command Center (ACC)? - ✔✔Network Activity, Threat Activity,
Blocked Activity and Tunnel Activity.
What is Application Command Center (ACC) for? - ✔✔Application Command Center provides a visual
summary of the applications traversing the network, categorized by sessions, bytes, ports, threats and
time.
What port number is available for setting up a Syslog Server Profile? - ✔✔UDP/TCP port 514 or SSL
6514
What is High Availability (HA) deployment for? - ✔✔For redundancy and business continuity
What are the two HA deployment modes? - ✔✔Active/Passive and Active/Active
Does HA increase the session capacity or network throughput? - ✔✔Active/Passive and Active/Active
HA does not increase session capacity or network throughput?
Which interfaces are supported by Active / Passive HA? - ✔✔Layer 3, Layer 2 and Virtual Wire
Which interfaces are supported by Active / Active HA? - ✔✔Layer 3 and Virtual Wire only
What is the HA1 Link called? - ✔✔Control Link
,To set up an Control Link (HA1) which plane must they be placed on? - ✔✔Management (Control) Plane
What is the HA2 Link called? - ✔✔Data Link
To set up an Data Link (HA2) which plane must they be placed on? - ✔✔Data Plane
What does Control link (HA1) synchronize? - ✔✔Configuration, Routing and User-ID information
Can physical ports be used as HA ports? - ✔✔Yes, PA-200 and PA-500 Series do not have dedicated HA
ports, but HA1 can be MGT and its backup on a physical port and HA2 and its backup can be both on a
physical port.
What would happen to HA1/HA2 if the MGT port is a DHCP client? - ✔✔HA1 / HA2 will not be
supported
What is a split brain? - ✔✔Split-Brain is when there is no Backup Control Link configured and the Active
FW's control link is down the Passive FW will become the active FW even thought the other FW is still
operational.
What is the Default Priority of firewalls when selecting the Active Firewall for HA? - ✔✔Default Priority
is 100, if equal lowest MAC wins
What is Preemption feature? - ✔✔Preemption is NOT enabled by default. This feature allows automatic
failback after Active Firewall was down. Which means when Active firewall is down, it becomes the
passive but as soon as it is back up it will switch back again as the Active firewall after repair.
What are the four monitored metrics to detect a FW failure? (HA) - ✔✔1. Heartbeat / Hello messages.
2. Link monitoring (state of the ethernet links)
, 3. Path Monitoring (ICMP)
4. Internal Health Checks
What is the range of group ID for HA pairs? - ✔✔1 to 63
What are the five Active/Passive HA states? - ✔✔1. Initial state - FW remains in this state after boot-up
until it discovers a peer and negotiation begins.
2. Non-functional state (state is in error - could be health check failed or config mismatch)
3. Active state (normal-traffic handling state)
4. Passive state (Normal traffic is discarded; might process LLDP and LACP traffic)
5. Suspended - Administratively disabled
What happens when a FW boots up and no peer is found for HA? - ✔✔When no peer is found the FW
will become active state
What components has to be the same to set up an HA link? - ✔✔OS, Model, Databases, Licenses and
HA interface types
True or False: Blockage of just one stage in the cyberattack lifecycle will protect a company's network
from attack - ✔✔TRUE
What methods can C2 be prevented? - ✔✔1. DNS sinkholing
2. URL filtering (Blocking outbound C2 Comms to malicious links)
3. Limiting attacker's lateral movement within a network
Why establishing security zones are important? - ✔✔1. Security Policies are applied to security zones
2. User access control can be enforced to provide monitoring and inspection of all traffic between zones
