What 4 methods of access exist for accessing Palo's NGFWs? - ANS1. Web interface
2. CLI
3. Panorama
4. XML API
What is Panorama? - ANSProvides Central Management for multiple PAN NGFW's
What is the difference between control plane and data plane? - ANSControl plane is used to
separate mgmt functions, data plane is used for network traffic processing. The separation helps
safeguard access to the firewall and enhances performance.
What is the XML API used for? - ANSProvides an interface based on REST, used for accessing
firewall configs, operational status, reports, and packet captures.
What can the XML API be used for in automation? - ANS1. Create/modify configurations
2. Retreive reports
3. Manage users through User-ID
4. Execute operational commands
5. Update dynamic objects without modifying/commit new configuration
Can management access be provided over a data interface? - ANSYes
What configurations are included for each data interface? (3 default, 8 total) - ANSHTTPS
(Default)
SSH (Default)
Ping (Default)
Telnet
HTTP
SNMP
Resnpose Pages
User-ID
What is an Interface Management Profile used for? - ANSProtects firewall from unauthorized
access by defining the protocol, services, and IP addresses that a firewall interface permits for
management.
What happens if an interface management profile is NOT added to an interface? - ANSFirewall
will deny management access for all IPs, protocols and services by default.
, What type of interfaces can Interface Management Profiles be assigned to? - ANSL3 Ethernet
Interfaces (incl sub-interfaces)
Logical interfaces, suc has aggregate group, VLAN, loopback, and tunnel interfaces.
What is a service route? - ANSService routes are used so that the communication between the
firewall and servers go through the data ports on the data plane.
By default the firewall uses management interfaces to communicate with various servers, ex for
EDL, DNS, email, PAN updates.
Which key services must be setup during the initial firewall configuration? - ANSDNS and NTP
What configuration parameters can DHCP dynamically learn? - ANSIP for mgmt, subnetmask,
default gateway, and at least one DNS server address
What is an authentication profile? - ANSProvides authentication settings that can be applied to
administrator accounts, SSL-VPN access, and Captive Portal.
What authentication profile types can be used? - ANSLocal Database
Radius
LDAP
TACACS+
SAML
Kerberos
What is an authentication sequence used for? - ANSAdmin roles for external administrator
accounts can be assigned to an authentication sequence, which includes a sequence of one or
more authentication profiles that are processed in a specific order.
Ex Check LDAP first then RADIUS.
What can the pre-defined role superuser do? - ANSFull access to firewall
Can define new administrator accounts and virtual systems
Can be used to create administrative user with superuser privileges.
What can the pre-defined role superuser (read-only) access? - ANSHas read-only access to the
firewall.
What can the pre-defined role Device Administrator do? - ANSFull access to firewall settings
except for defining new accounts or virtual systems.
What can the pre-defined role Device Administrator (read-only) access? - ANSRead-only
access to all firewall settings except password profiles and administrator accounts.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Legitexams. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.