Palo Alto Firewall Interview Questions & Answers

Question 1. In A New Firewall, Which Port Provides Webui Access By Default?

Answer :

Management port.

Question 2. The Management Network Port On A Firewall Can Be Configured As Which Type Of Interface?

Answer :

Layer 3.

Question 3. How Does Panorama Handle Incoming Logs When It Reaches The Maximum Storage Capacity?

Answer :

Panorama automatically delete older logs to create space for new ones.

Question 4. In An Enterprise Deployment, A Network Security Engineer Wants To Assign To A Group Of Administrators Without Creating Local Administrator Accounts On The Firewall. Which Authentication Method Must Be Used?

Answer :

RADIUS with Vendor-Specific Attributes.

Question 5. When A Malware-infected Host Attempts To Resolve A Known Command-and-control Server, The Traffic Matches A Security Policy With Dns Sinkhole Enabled, Generating A Traffic Log. What Will Be The Destination Ip Address In That Log Entry?

Answer :

The IP Address specified in the sinkhole configuration.

Question 6. A Network Design Change Requires An Existing Firewall To Start Accessing Palo Alto Updates From A Data Plane Interface Address Instead Of The Management Interface. Which Configuration Setting Needs To Be Modified?

Answer :

Service route.

Question 7. What Must Be Used In Security Policy Rule That Contains Addresses Where Nat Policy Applies?

Answer :

Pre-NAT address and Post-Nat zones.

Question 8. The Configuration Of A Dos Protection Profile Can Defend Nodes From Which Attacks?

Answer :

Floods.

Question 9. Does The App Conform To The Common Information Model?

Answer :

Yes! The Common Information Model (CIM) is a set of standards and an app that help other apps conform to a common naming and tagging scheme. This allows Splunk users to search for data across multiple kinds of logs from multiple vendors using the same field names to access the data, which eases correlations across different kinds of data. For example, a Splunk user could correlate between firewall logs and web server logs. To Splunk for Palo Alto Networks app conforms strictly to the Common Information Model.

Question 10. Does The App Have A Data Model?

Answer :

Yes! In Splunk 6.x, the data model feature allows Splunk users to quickly visualize and analyze data with a point-and-click interface (instead of the Splunk search bar language). This capability requires that the data be modeled into a Splunk Data Model which is a highly accelerated summary index of the data. Not only is there a data model for all Palo Alto Networks logs, all the app’s dashboards are based on this accelerated data model for extremely fast data retrieval and visualization. So the app itself is using the same Data Model that Splunk administrators would use to generate visualizations.

Question 11. What Kinds Of Data Does The App Take In?

Answer :

The Splunk for Palo Alto Networks app accepts syslog from Firewalls, Panorama, and Endpoint Security Manager. Also, Wildfire malware reports are pulled from the Wildfire portal as XML. These reports represent a behavioral fingerprint of any malware detected by Wildfire which you can correlate against other logs to detect indicators of compromise.

Question 12. Why Use Palo Alto Networks With My Splunk?

Answer :

Splunk has unmatched ability to consume and analyze data, but for Splunk to present usable and actionable insights, it must have the highest level of visibility and knowledge possible. Palo Alto Networks provides that level of visibility into the network and the endpoint to detect and even predict malicious activity. When an indicator of compromise is detected, Palo Alto Networks and Splunk work together to take action and remediate problems automatically to keep the network secure.

Question 13. Why Use Splunk With My Palo Alto Networks Products?

Answer :

Palo Alto Networks products provide exceptional levels of visibility into network traffic and malicious activity, both in the network and on the endpoint. Combining this visibility with Splunk allows a customer to make correlations and perform analytics around different kinds of data. These correlations can be between different kinds of Palo Alto Networks data, for example, correlating Wildfire reports against traffic logs to detect infected hosts, or correlating firewall logs with endpoint logs. But the real power of Splunk is correlations and analytics across multiple sources of data and multiple vendors, for example, correlating firewall logs with webserver logs, or advanced endpoint security logs with Windows event logs.