Professional Documents
Culture Documents
PCNSC Dump 2023
PCNSC Dump 2023
THE FIREWALL ADMINISTRATOR IS REQUIRED TO ENABLE SSL FORWARD PROXY DECRYPTION FOR ALL CLIENTS ON AN ACTIVE DIRECTORY
DOMAIN. THE CLIENTS USE ONLY GOOGLE CHROME AS THE WEB BROWSER. THE CERTIFICATE NEEDS TO BE AUTOMATICALLY TRUSTED BY ALL
CURRENT AND FUTURE DOMAIN COMPUTERS WITHOUT INTERVATION. WHAT ORDER OF STEPS WILL THIS REQUIREMENT?
STEP 1 GENERATE A CERTIFICATE CALLED FWDTRUST ON THE FIREWALL TO BE USED AS THE FORWARD TRUST CERTIFICATE THAT IS SIGNED BY
THE SUB-CA CERTIFICATE
STEP 2 GENERATE AND SUBMIT A CSR CALLED SUB-CA TO THE DOMAIN PKI ADMINISTRATOR AND RETRIEVE THE GENERATED CERTIFICATE.
STEP 4 ENABLE THE FORWARD TRUST CERTIFICATE OPTION ON THE FWDTRUST CERTIFICATE
QUESTÃO DE EXPEDITION
( ) ADDRESS IMPORTED FROM SECURITY AND NAT POLICIES WITHOUT CORRESPONDING ADDRESS OBJECTS
ON AN UBUNTU SERVER BY RUNNING AN INSTALATION SCRIPT THAT WILL AUTOMATICALLY DONWLOAD ALL DEPENDENCIES
A CUSTOMER HAS DEPLOYED A GLOBALPROTECT PORTAL AND GATEWAY AS ITS REMOTE-ACCESS VPN SOLUTION FOR ITS FLEET OF WINDOWS 10
LAPTOPS.
THE CUSTOMER WANTS TO USE HOST INFORMATION PROFILE (HIP) DATA COLLECTED AT THE GLOBALPROTECT GATEWAY THROUGHOUT ITS
ENTERPRISE AS AN ADDITIONAL MEANS OF POLICY ENFORMCEMENT.
GLOBALPROTECT LICENSE FOR EACH FIREWALL THAT WILL USE HIP DATA ENFORCE POLICY
QUESTÃO SOBRE ACCESS DOMAIN
A CUSTOMER WHO HAS A MULTI-TENANT ENVIROMENT NEEDS THE ADMINISTRATOR TO BE RESTRICTED SPECIFIC OBJECTS AND POLICIES IN THE
VIRTUAL SYSTEM WHITIN ITS TENANT.
(x) DEFINE AN ACCESS DOMAIN THAT ENABLES THE DEVICE GROUPS ASSIGNED TO THE DOMAIN
( ) DEFINE ADMIN ROLE PROFILE WITH A DEVICE GROUP AND TEMPLATE ENABLING ALL ACCESS
AN ADMINISTRATOR NEEDS TO CREATE A NEW ANTIVIRUS PROFILE TO ADDRRESS A VIRUS THAT IS XXXX INTERNALLY OVER SMB.
TO CREATE A SECURE POSTURE THE ADMINISTRATOR SHOULD CHOOSE WITCH SET OF ACTIONS FOR THE SMB DECODER IN AN ANTIVIRUS
PROFILE?
A CUSTOMER HAS A FIVE-YEAR-OLD FIREWALL IN PRODUCTION IN THE TIME SINCE THE FIREWALL WAS INSTALLED THE IT TEAM DELETED UNUSED
SECUTIRTY POLICIES ON A REGULAR BASIS, BUT DID NOT REMOVE THE ADDRESS OBJECTS AD GROUPS THAT WERE PART OF THESES SECUIRTY
POLICIES.
WHATS IS THE BEST WAY TO DELETE ALL OF THE UNUSED ADDRESS OBJECTS ON THE FIREWALL?
( ) SEARCH EACH ADDRESS OBJECTS WITH GLOBAL FIND AND DELETE IF IT SHOWS THAT THE ADDRESS OBJECTS IS NOT REFERENCED
(x) IMPORT THE CONFIGURATION IN EXPEDITION, REMOVE UNUSED ADDRESS OBJECTS AND REIMPORT THE CONFIGURATION
( ) GO TO ADDRESS OBJECTS UNDER THE OBJECTS TAB AND CLICK ON REMOVE UNUSED OBJECTS.
QUESTÃO SOBRE SSL DECRYPTION
YOUR CUSTOMER RECENTLY IMPLEMENT SSL DECRIPTION IN THEIR ENVIROMENT. THE FIREWALL PROTECTING YOUR ENVIROMENTIS USING PAN-
OS 10.0. USERS OF AN APPLICATION ARE FILING SUPPORT CASES CLAIMING THAT A FUNCTION OF THIS APPLICATIONIS NO LONGER WORKING.
( ) THE NAME OF THE INTERNET PROVIDER AND THE COST OF THE LINK
A CUSTOMER'S PALO ALTO NETWORKS NGFW CURRENTLY HAS ONLY ONE SECURITY POLICY ALLOWING ALL TRAFFIC. THEY HAVE IDENTIFIED THAT
THIS A SUBSTANTIAL SECURITY RISK AND HELP THEM EXTRACT SECURITY POLICIES FROM AN "ALLOW ANY" RULE.
( ) THE LOG FILES CAN BE VIEWED ON EXPEDITION, AND RIGHT-CLICKING A LOG ENTRY GIVES THE OPTION TO CREATE SECURITY POLICY FROM
THE LOG ENTRY.
( ) EXPEDITION CANNOT PARSE LOG FILES AND THEREFORE CANNOT BE USED FOR THIS PURPOSE.
(x) BY USING THE MACHINE LEARNING FEATURE, EXPEDITION CAN PARSE THE TRAFFIC LOG FILES RELATED TO THE POLICY AND EXTRACT SECURITY
RULES FOR MATCHING TRAFFIC.
( ) LIVE FIREWALL TRAFFIC CAN BE VIEWED ON EXPEDITION WHEN CONNECTED TO A FIREWALL, AND EXPEDITION CAN AUTOMATICALLY CREATE
AND PUSH POLICIES TO THE FIREWALL.
SSL FORWARD PROXY DECRYPTION IS ENABLED ON THE FIREWALL. WHEN CLIENTS USE CHROME TO BROWSE TO HTTPS SITES THE FIREWALL
RETURNS THE FORWARD TRUST CERTIFICATE, EVEN WHEN ACCESSING WEBSITES WITH INVALID CERTIFICATES. THE CLIENTS NEED TO BE
PRESENTED WITH A BROWNSER WARNING ERROR WITH THE OPTION TO PROCEED TO WEBSITES WITH INVALID CERTIFICATES.
WITCH TWO OPTIONS WILL SATISFY THIS REQUIREMENT? (CHHOSE TWO)
( ) REMOVE THE FORMWARD UNTRUST OPTION FROM THE FORMWARD TRUST CERTIFICATE
( ) CREATE A DECRYPTION PROFILE WITH THE BLOCK SESSIONS WITH EXPIRED CERTIFICATES OPTION ENABLED
-AN ORGANIZATION HAS DEPLOYED AN ACTIVE/PASSIVE 7080 HA PAIR IN THEIR DATA CENTER
-THE 7080 FIREWALL HAS THREE 100G NPCs INSTALLED IN SLOTS 1,2, AND 12
-IN SLOTS 1 AND 2, THE NPCs ARE BEING USED TO CREATE TWO 200G AGGREGATE ELEMENTS WITH LACP TO THEIR SWITCH INFRATRUCTURE IN
A LAYER 3 DEPLOYMENT WITH OSPF AND BGP ROUTING.
-THE NETWORKING TEAM HAS RECEIVED ALERTS VIA SOLARWINDS RECENTLY THAT THE NPC IN SLOT 1 HAS A HIGH DP LOAD AND HIGH NETWORK
UTLIZATION ON ONE OF TWO INTERFACES.
WHAT CAN YOU RECOMMEND TO THE TEAM TO BALANCE THE TRAFFIC MORE EVENLY AND REDUCE HIGH UTILIZATION OG SLOT 1?
( ) ADD 100G INTERFACE FROM SLOT 12 THE AGGREGATE ETHERNET TO PROVIDE MORE BANDWIDTH.
YOUR CUSTOMER IS SETTING UP AN IPSEC VPN WITH A THIRD PARTY. THE THIRD-PARTY DEVICE ONLY SUPPORTS POLICY-BASED IPSEC VPN
TUNNELS.
WHAT MUST BE SET UP ON IPSEC TUNNEL ON THE PALO ALTO NGFW TO SUPPORT POLICY-BASED TUNNELS?
( ) DNS PROXY
( ) POLICY-BASED FORWARD
( ) STATIC ROUTE
(x) PROXY-ID
A CUSTOMER IS ADDING A NEW SITE-TO-SITE TUNNEL FROM A PALO ALTO NGFW TO A THIRD PARTY WITH A POLICY BASED VPN PEER. AFTER
THE INITIAL CONFIGURATION IS COMPLETED, PHASE 2 FAILS TO ESTABLISH.
A FIREWALL WAS PREVIOUSLY CONNECTED TO A USER-ID AGENT SERVER NOW SHOWS DISCINNECTED.
( ) THE FIREWALL WAS UPGRADED TO PAN-OS VERSION THAT IS NOT COMPATIBLE WITH AGENT VERSION
WHICH CLI COMMAND SHOULD YOU USE TO VERIFY WHETHER ALL SFP, SFP+ OR OSPF MODULES ARE INSTALLED IN A FIREWALL?
THE WEB INTERFACE OF YOUR HA PEER OF PALO ALTO NGFW IS NOT RESPONDING.
THE CUSTOMER
WHICH TWO ACTIONS WILL BE TAKEN WHEN THIS URL IS VISITED? (CHOOSE TWO)
(x) LOG
( ) ALLOW
(x) BLOCK
( ) CONTINUE
A CUSTOMER HAS A PART-OF-PANORAMA HA APPLIANCES RUNNING LOCAL LOG COLLECTORS AND WANTS TO HAVE A LOG REDUNDANCY ON
LOGS FORWARDED FROM FIREWALLS.
WHICH TWO CONFIGURATION OPTIONS WILL THE CUSTOMER'S REQUIREMENT FOR A "BIG REDUNDANCY"? (CHOOSE TWO)
WHICH FIREWALL INTERFACE TYPE ALLOWS YOU TO NON-DISRUPTIVELY MONITOR TRAFFIC COMMING FROM A PORT OPERATING IN
PROMISCUOUS MODE?
( ) LAYER-2
( ) V-WIRE
(x) TAP
( ) LAYER-3
A CUSTOMER IS ADDING A NEW SITE-TO-SITE TUNNEL FROM A PALO ALTO NGFW TO A THIRD PARTY WITH A POLICY BASED VPN PEER. AFTER
THE INITHIAL CONFIGURATION IS COMPLETED AND THE CONNECTED PHASE 2 FAILS TO STABLISH.
WICH TWO CHANGES MAY BE REQUIRED TO FIX THE ISSUE? (CHOOSE TWO)
(x) ADD PROXY ID's TO THE IPSEC TUNNEL CONFIGURATION
WICH CATEGORY OF VULNERABILITY SIGNATURE IS MOST LIKELY TO TRIGGER FALSE POSITIVE ALERTS?
(x) BRUTE-FORCE
( ) PHISHING
( ) INFO-LEAK
( ) CODE-EXECUTION
WHICH TWO OPTIONS DESCRIBE THE BEHAVIOR OF THE DIRECTION PROPERTY IN A WILDFIRE ANALYSIS PROFILE RULE? (CHOOSE TWO)
( ) THE BOTH DIRECTION OPTION MATCHES ALL FILES THAT ARE SEEN BY THE FIREWALL, REGARDLESS OF WHETHER THE TRANSFER IS STARTED
BY THE CONNECTION INITIATOR OR REPONDER.
(x) THE DOWNLOAD DIRECTION OPTION MACTHES FILES THAT THE CONNECTION INITIATOR RECEIVED FROM THE SERVICE IT CONNECTED TO.
(x) THE UPLOAD DIRECTION MATCHES ONLY FILES THAT WERE UPLOADED TO THE INTERNET BY A USER ON THE INSIDE NETWORK.
( ) THE BOTH DIRECTION OPTION MATCHES ALL FILES, BUT ONLY IF THE TRANSFER IS STARTEDBY THE CONNECTION INITIATOR.
( ) THE NAME OF THE INTERNET PROVIDER AND THE COST OF THE LINK
A CUSTOMER HAS A FIVE-YEAR-OLD FIREWALL IN PRODUCTION. IN THE SINCE THE FIREWALL WAS INSTALLED, THE IT TEAM DELETED SECUIRTY
POLICIES ON A REGULAR BASIS, BUT DID NOT REMOVE THE ADDRESS OBJECTS AND GROUPS THAT WERE PART OF THESE SECURITY POLICIES.
WHAT IS THE BEST WAY TO DELETE ALL OF THE UNUSED OBJECTS ON THE FIREWALL?
( ) SEARCH EACH ADDRESS OBJECT WITH GLOBAL FIND AND DELETE IF IT SHOWS THAT THE ADDRESS OBJECT IS NOT REFERENCED.
(x) IMPORT THE CONFIGURATION IN EXPEDITION, REMOVE UNUSED ADDRESS OBJECTS AND REIMPORT THE CONFIGURATION
( ) GO TO ADDRESS OBJECTS UNDER THE OBJECTS TAB AND CLICK ON REMOVE UNUSED OBJECTS
DRAG AND DROP
+------------------------+
1º | SHARED PRE-RULES |
+------------------------+
+------------------------+
+------------------------+
+------------------------+
5º | SHARED POST-RULES |
+------------------------+
A CLIENT INITIATES A SSL SESSION WITH THE SERVER. THE NGFW INTERCEPTS THE CLIENTE'S SSL REQUEST. FOR WHAT HAPPENS NEXT, MATCH
EACH SSL FORWARD PROXY TASK WITH ITS ORDER IN THE PROCCESS
STEP 3 NGFW SIGNS A COPY OF THE SERVER CERTIFICATE AND SENDS IT TO THE CLIENT FOR AUTHENTICATION. THE CLIENT THAN VERIFIES THE
CERTIFICATE FROM THE NGFW
STEP 4 SSL TUNNELS ARE ESTABLISHISHED BETWEEN THE CLIENT SERVER AND THE NGFW AND THE SERVER
WHAT ARE THE THREE PREDEFINED EXTERNAL DYNAMIC LISTS IN PAN-OS THAT CUSTOMERS RECEIVED WITH THEIR CONTENT AND THREAT
UPDATES? (CHOOSE THREE)
( ) COMMAND-AND-CONTROL IP ADDRESSES
( ) EMBARGOED-COUNTRY IP ADDRESSES
TO CREATE A SECURE POSTURE THE ADMINISTRATOR SHOULD CHOOSE WITCH SET OF ACTIONS FOR THE SMB DECODER IN AN ANTIVIRUS
PROFILE?
A CUSTOMER HAS DEPLOYED A GLOBALPROTECT PORTAL AND GATEWAY AS ITIS REMOTE-ACCESS VPN SOLUTION FOT ITIS FLEET OF WINDOWS
10 LAPTOPS.
THE CUSTOMER WANTS TO USE HOST IMFORMATION PROFILE (HIP) DATA COLLECTED AT THE GLOBALPROTECT GATEWAY THROUGHOUT ITS
ENTERPRISE AS AN ADDITIONAL MEANS OF POLICY ENFORCEMENT.
(x) GLOBALPROTECT LICENSE FOR EACH FIREWALL THAT USE HIP DATA TO ENFORCE POLICY.
( ) WILDFIRE LICENSE
THE COMPANY WANTS TO KNOW THE RECOMMENDED HARDWARE REQUIREMENTS FOR INSTALLATION IN THEIR DATACENTER.
( ) ADDRESSES IMPORTED FROM SECURITY AND NAT POLICIES WITHOUT CORRESPONDING ADDRESS OBJECTS.
A CUSTOMER RECENTLY PURCHASE A LICENSE FOR URL AND IS HAVING TROUBLE ACTIVATING PAN-DB. WICH TWO COMMANDS CAN BE USED
TO THROUBLESHOOTING THIS ISSUE? (CHOOSE TWO)
IN PREPARATION FOR A CUTOVER EVENT, WHAT TWO PROCCESSES OR PROCEDURES SHOULD BE VERIFIED? (CHOOSE TWO)
( ) AUDITING
WICH THREE ATRIBUTES CAN BE USED TO EXCLUDE TRAFFIC FROM AN SSL DECRYPTION POLICY? (CHOOSE THREE)
( ) APPLICATION
(x) DESTINATION
(x) USER-ID
( ) HIP-PROFILE
WICH ROUTING CONFIGURATION SHOULD YOU RECOMMEND TO A CUSTOMER WHO WISHES TO ACTIVELY USE MULTIPLE PATHWAYS TO THE
SAME DESTINATION?
(x) ECMP
( ) BGP
( ) RIPv2
( ) OSPF
A CUSTOMER USED AN IN-HOUSE SCRIPT TO MIGRATE AN ASA CONFIGURATION WITH 1250 ADDRESS AND SERVICE OBJECTS TO A PANORAMA
DEVICE GROUP FOR THAT LOCATION.
THEY ARE PUSHING THE DEVICE GROUP AND TEMPLATE CONFIGURATION TO A PA-820 FOR THE FIRST TIME, AND IT FAILS WITH THE FOLLOWING
ERROR:
"ERROR: NUMBER OS ADDRESSES, DYNAMIC GROUPS, EXTERNAL-IP-LISTS... EXCEEDED PLATAFORM CAPACITY (2500)."
WHAT ARE THREE EFICIENT WAYS TO SOLVE THIS PROBLEM? (CHOOSE THREE)
( ) UPGRADE THE LICENSE CAPACITY TO ALLOW MORE OBJECTS ON THE PA-820 APPLIANCE.
(x) VERIFY THE "SHARE UNUSED ADDRESS AND SERVICE OBJECTS WITH DEVICES" SETTING IN THE PANORAMA GUI.
(x) CLEAN UP AND MERGE THE DEVICE GROUP ADDRESS AND SERVICE OBJECTS USING EXPEDITION.
(x) UPGRADE TO A PA-850 APPLIANCE, WHICH SUPPORTS 3500 ADDRESS AND SERVICE OBJECTS.
( ) IMPORT THE ADDRESS AND SERVICE OBJECTS DIRECTLY TO THE PA-820 APPLIANCE.
DURING A DESIGN SESSION A COMPANY IDENTIFIES A HARDWARE MODEL FOR DEPLOYMENT. IT IS IMPORTANT TO IMPLEMNT QOS ACROSS THE
COMPANY'S AGGREGATE ETHERNET (AE) CONFIGURATIONS.
(x) PA-3200
( ) PA-850
(x) PA-7000
(x) PA-5200
( ) VM-SERIES
YOU HAVE JUST COMPLETED A FIREWALL MIGRATION PROJECT IN EXPEDITION. EXPEDITION IS NOT DIRECTLY CONNECTED TO A FIREWALL. YOU
DECIDE TO EXPORT THE CONFIGURATION.
WHAT TWO FILE TYPES WILL BE AVAILABLE TO YOU IN THE DOWNLOAD OPTIONS? (CHOOSE TWO)
MATCH THE APP-ID ADOPTION TASK WITH ITS ORDER IN THE PROCESS
STEP 1 PERFORM A LIKE-FOR-LIKE (LAYER 3/4) MIGRATION FROM THE LEGACY FIREWALL TO THE PALO ALTO NETWORKS NGFW.
STEP 2 CLONE THE LEGACY RULES AND ADD APPLICATION INFORMATION TO THE INTENDED APPLICATION-BASED RULES
STEP 3 CAPTURE, RETAIN, AND VERIFY THAT ALL TRAFFIC HAS BEEN LOGGED FOR A PERIOD OF TIME
WHAT HAPPENS WHEN A PACKET FROM AN EXISTING SESSION IS RECEIVED BY A FIREWALL THAT IS NOT OWNER IN HA ACTIVE/ACTIVE
CONFIGURATION?
(x) THE FIREWALL FORWARDS THE PACKET TO THE PEER FIREWALL OVER THE HA3 LINK.
SYSTEM ADMINISTRATOR ------> MANAGES THE SOFTWARE DISTRIBUTION METHOD FOR THE CORTEX XDR CLIENT
SYSTEM OPERATIONS ANALIST ------> MANAGES THE ALERTS AND RESPONDS TO THREATS IDENTIFIED ON THE NETWORK OS ENDPOINTS.
NETWORK ENINEER ------> MANAGE THE ROUTING, SWITCHING, AND GENERAL DEVICE
INTERCONNECTIVITY
INNTEAD OF DISABLING APP-IDS REGULARY, A SECURITY POLICY RULE IS GOING TO BE CONFIGURED TO TEMPORARILY ALLOW NEW APP-ID's. IN
WHICH TWO CIRCUMSTANCES IS IT VALID TO DISABLE APP-IDs AS PART OF CONTENT UPDATE? (CHOOSE TWO)
(x) WHEN AN ORGANIZATION OPERATES A MISSION-CRITICAL NETWORK AND HAS ZERO TOLERANCE FOR DOWNTIME
(x) WHEN YOU WANT TO IMMEDIATELY BENEFIT FROM THE LATEST THREAT PREVENTION
TAC HAS REQUESTED A PACAP ON YOUR PANORAMA TO SEE SHY THE DNS APP IS HAVING INTERMMITENT ISSUES RESOLVING FQDN.
( ) TO ALLOW THE CONTENT UPDATES TO BE LOADED ON A FRIDAY BUT INSTALLED OVER THE WEEKEND.
( ) TO ENSURE THAT THE CONTENT UPDATES IS INSTALLED ONLY DURING A CHANGE WINDOW
(x) TO ALLOW TIME TO SEE IT THE CONTENT UPDATE GETS REDACTED BY PALO ALTO NETWORKS
( ) TO LET THE FIREWALL LOAD THE CONTENT UPDATES BEFORE IT ACTUALLY INSTALLS THEM
WITCH THREE STEPS MUST AN ADMINISTRATOR PERFORM TO LOAD ONLY ADDRESS OBJECTS FROM A PAN-OS SAVED CONFIGURATION FILE INTO
A VM-300 FIREWALL THAT IS IN PRODUCTION? (CHOOSE THREE)
WHAT IS THE DEFAULT PORT USED TO COMMUNICATE WITH THE FIREWALL BY THE WINDOWS USER-ID AGENT SOFTWARE?
( ) 5009
( ) 636
( ) 443
(x) 5007
WICH INTERFACE DEPLOYMENTS SUPPORT THE AGGREGATE ETHERNET ACTIVE CONFIGURATION? (CHOOSE THREE)
( ) LLDP IN LAYER 2
( ) LACP IN TAP
YOUR CUSTOMER BELIVIES THAT PANORAMA APPLIANCE IS BEING OVERWHELMED BY THE LOGS FROM DEPLOYED PALO ALTO NETWORKS NGFW.
WHAT CLI COMMAND CAN YOU RUN TO DETERMINE THE NUMBER OF LOGS PER SECOND SEND BY EACH FIREWALL?
THE MANAGEMENT NETWORK AND THE INSIDE ZONE ARE NOT CONNECTED THROUGH ROUTING. THE WINDOWS USER-ID AGENT IS INSTALLED
AND STARTED ON THE LDAP SERVER USING TCP PORT 5007 FOR COMMUNICATION.
+-------+-----------+------+------+---------+
+-------+-----------+------+------+---------+
+-------+-----------+------+------+---------+
( ) THE USER-ID AGENT IS RUNNING USING THE DEFAULT SERVICE ROUTE SETTINGS
WHAT IS THE DEFAULT PORT USED BY THE TERMINAL SERVER AGENT TO COMMUNICATE WITH A FIREWALL:
( ) 636
(x) 5009
( ) 5007
( ) 443
WICH THE TASK OF SERVER SETTINGS IN GROUP MAPPING WITH ITS ORDER IN THE PROCESS
STEP 1 CREATE AN LDAP SERVER PROFILE
STEP 2 IMPORT CONFIGURATION INTO EXPEDITION OR THE TOOL OF YOUR CHOICE AND PERFORM A LIKE-FOR-LIKE MIGRATION
STEP 3 ALLOW TRAFFIC TO MATCH THE SERVICE/PORT-BASED RULES FOR A TIME PERIOD AGREEABLE TO THE CUSTOMER
STEP 4 IMPORT AND LOAD THE LIKE-FOR-LIKE CONFIGURATION IN THE NGFW OR PANORAMA
STEP 5 ALLOW TIME FOR TRAFFIC TO MATCH APP-ID RULES. ENSURE THAT THE PORT RULES ARE NOT GETTING HITS. DELETE PORT RULES WHEN
THEY ARE NOT GETTING HITS.
SHA256
SHA384
WHAT INFORMATION IS NECESSARY TO PROPERTY PLAN THE DEPLOYMENT OF A PANORAMA HARDWARE APPLIANCE FOR FIREWALL
MANAGEMENT?
atraves da HA3
o session setup firewall faz o match da regra de NAT, mas o NAT ocorre no firewall que tem a session owner.
CLIENTE VERIFICOU QUE TEM ACESSO A PARTE DE JOGOS DO FACEBOOK E DESEJA BLOQUEAR, O QUE ELE PRECISA?
CRIAR UMA REGRA DA REDE INTERNA PARA A INTERNET PARA ACESSAR SSH
TEM UMA REGRA CRIADA E PERGUNTA QUAL SECURITY PROFILE GROUP FOI APLICADO
captive portal
xml api
syslog
DECRYPTION POLICY - CAI QUESTOES ENVOLVENDO AS OPCOES DO QUE PODE FAZER OU NAO NA DECRYPTION POLICY, QUANDO USAR PARA
DETERMINADO CASO, ETC.
service/url - servico/url
Type:
CLIENTE TEM 2000 REGRAS SEM APLICACAO E DESEJA TRANSFORMÁ-LAS EM APP-ID COMO FAZER?
clonar as regras e manter antes das regras antigas a regra com app-id - marquei esse
CLIENTE ESTÁ VENDO TRÁFEGO NAO RECONHECIDO NOS LOGS O QUE FAZER (MARCAR DUAS OPCOES)
name
source - zone,ip
destination - zone,ip
TCP e UDP
serial da caixa
informação de contato