Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 9

1 - https://docs.paloaltonetworks.com/best-practices/8-1/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/deploy-dos-and-zone-protection-using-bestpractices.html#:~:text=DoS%20and%20Zone%20Protection%20help,device%20at%20the%20internet%20perimeter.

2 - https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/zone-protection-and-dosprotection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps.html

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/zone-protection-and-dosprotection.html

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-interfaces/virtual-wire-interfaces"The virtual wire supports blocking or allowing traffic based on virtual LAN (VLAN) tags, in addition to supporting security policy rules, App-ID, Content-ID, User-ID, decryption, LLDP, active/passive and active/active HA, QoS, zone protection (with some exceptions), non-IP protocol protection, DoS protection, packet buffer protection, tunnel content inspection, and NAT."

The Best Practice Assessment (BPA) tool compares the configuration of firewalls and Panorama to the Palo Alto Networks best practice recommendations. Run the BPA periodically to identify security weaknesses, see the best practice settings, and implement them to improve your security posture.https://docs.paloaltonetworks.com/best-practices/10-2/bpa-getting-started

The best way to minimize the BGP configuration and management overhead on on-prem network devices is to summarize BGP routes before advertising them. Route summarization is a technique that reduces the number of routes in a routing table by aggregating multiple routes into a single route with a less specific prefix. This reduces the size of routing updates and the memory and CPUusage of routers. Prisma Access supports route summarization for service connections and remotenetwork connections that use BGP routing1. You should not implement target service connection for traffic steering, as this is a feature that allows you to select a specific service connection for traffic from a remote network connection or a mobile user based on destination IP address orapplication. This does not affect the BGP configuration or management on on-prem networkdevices2. You should not implement hot potato routing, as this is a routing technique that selects the closest exit point to the destination network based on the number of hops or the lowest IGPmetric. This does not affect the BGP configuration or management on on-prem network devices3.You should not implement default routing, as this is a routing technique that uses a default route to forward packets to an unknown destination. This does not affect the BGP configuration ormanagement on on-prem network devices, and it may not provide optimal routing for Prisma Access traffic4. Reference: 1: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access- panorama-admin/prepare-the-prisma-access-infrastructure/service-connection-overview/configure- route-summarization-for-service-connections 2: https://docs.paloaltonetworks.com/prisma/prisma- access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/service- connection-overview/target-service-connection-for-traffic-steering 3: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed- admin/prisma-access-service-connections/service-connection-routing 4:https://docs.paloaltonetworks.com/prisma/prisma-access/ prisma-access-cloud-managed- admin/prisma-access-service-connections/service-connection-routing/routing-for-service-connection-traffic-cloud-management.html

Logging is a function that is handled by the management plane (control plane) of a Palo Alto Networks firewall. The management plane is responsible for managing and configuring the firewall, as well as generating and storing logs and reports. The management plane communicates with the data plane (also known as the packet forwarding plane) through an internal backplane interface.Signature matching for content inspection, IPSec tunnel standup, and Quality of Service are functions that are handled by the data plane of a Palo Alto Networks firewall. The data plane is responsible for processing and forwarding packets, as well as applying security policies and features to the traffic.The data plane consists of multiple dedicated hardware components, such as the Single-Pass Parallel Processing (SP3) engine, the Security Processing Unit (SPU), and the Network Processing Unit (NPU).Reference: : https://docs.paloaltonetworks.com/ pan-os/10-2/pan-os-admin/firewall- administration/manage-firewall-administrators/firewall-management-interfaces :https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/firewall- concepts/firewall-overview

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-forward-proxy.html

https://docs.paloaltonetworks.com/best-practices/10-2/decryption-best-practices/decryption-best- practices/plan-ssl-decryption-best-practice-deployment https://live.paloaltonetworks.com/t5/general-topics/decrypt-guest-network-traffic/td-p/119388