- Email support@dumps4free.com
An engineer is configuring a firewall with three interfaces:
A. Set DNS and Palo Alto Networks Services to use the ethernet1/1 source interface.
B. Set DNS and Palo Alto Networks Services to use the ethernet1/2 source interface.
C. Set DNS and Palo Alto Networks Services to use the MGT source interface.
D. Set DDNS and Palo Alto Networks Services to use the MGT source interface.
An administrator is required to create an application-based Security policy rule to allow Evernote. The Evernote application implicitly uses SSL and web browsing. What is the minimum the administrator needs to configure in the Security rule to allow only Evernote?
A. Add the Evernote application to the Security policy rule, then add a second Security policy rule containing both HTTP and SSL.
B. Create an Application Override using TCP ports 443 and 80.
C. Add the HTTP. SSL. and Evernote applications to the same Security policy
D. Add only the Evernote application to the Security policy rule.
Explanation: To create an application-based Security policy rule to allow Evernote, the administrator only needs to add the Evernote application to the Security policy rule. The Evernote application is a predefined App-ID that identifies the traffic generated by the Evernote client or web interface. The Evernote application implicitly uses SSL and web browsing as dependencies, which means that the firewall automatically allows these applications when the Evernote application is allowed. Therefore, there is no need to add HTTP, SSL, or web browsing applications to the same Security policy rule. Adding these applications would broaden the scope of the rule and potentially allow unwanted traffic. References: App-ID Overview, Create a Security Policy Rule
Refer to the diagram. Users at an internal system want to ssh to the SSH server. The server is configured to respond only to the ssh requests coming from IP 172.16.16.1. In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must be configured on the firewall?
A. NAT Rule:
Source Zone: Trust -
Source IP: Any -
Destination Zone: Server -
Destination IP: 172.16.15.10 -
Source Translation: Static IP / 172.16.15.1
Security Rule:
Source Zone: Trust -
Source IP: Any -
Destination Zone: Trust -
Destination IP: 172.16.15.10 -
Application: ssh
B. NAT Rule:
Source Zone: Trust -
Source IP: 192.168.15.0/24 -
Destination Zone: Trust -
Destination IP: 192.168.15.1 -
Destination Translation: Static IP / 172.16.15.10
Security Rule:
Source Zone: Trust -
Source IP: 192.168.15.0/24 -
Destination Zone: Server -
Destination IP: 172.16.15.10 -
Application: ssh
C. NAT Rule:
Source Zone: Trust -
Source IP: Any -
Destination Zone: Trust -
Destination IP: 192.168.15.1 -
Destination Translation: Static IP /172.16.15.10
Security Rule:
Source Zone: Trust -
Source IP: Any -
Destination Zone: Server -
Destination IP: 172.16.15.10 -
Application: ssh
D. NAT Rule:
Source Zone: Trust -
Source IP: Any -
Destination Zone: Server -
Destination IP: 172.16.15.10 -
Source Translation: dynamic-ip-and-port / ethernet1/4
Security Rule:
Source Zone: Trust -
Source IP: Any -
Destination Zone: Server -
Destination IP: 172.16.15.10 -
Application: ssh
Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?
A. No Direct Access to local networks
B. Tunnel mode
C. iPSec mode
D. Satellite mode
An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)
A. Inherit settings from the Shared group
B. Inherit IPSec crypto profiles
C. Inherit all Security policy rules and objects
D. Inherit parent Security policy rules and objects
| Page 8 out of 65 Pages |
| Previous |