1. What is App-ID and how does it work internally?
2. How does User-ID enhance firewall visibility?
3. Explain Content-ID and its role in threat prevention.
4. What are Security Zones and why are they important?
5. Difference between Tap, Virtual Wire, Layer 2, and Layer 3 modes.
6. How does the Single Pass Parallel Processing (SP3) architecture work?
7. What is the session-based architecture of Palo Alto?
8. Explain how traffic classification happens step-by-step.
9. What are Application Override Policies and when are they used?
10. What is Expedition Tool and what is it used for?
Section 2: Firewall Policies & Rulebase
11. Difference between Security Policy and NAT Policy.
12. What is the purpose of Intrazone and Interzone rules?
13. What is the implicit deny rule in Palo Alto?
14. What is log forwarding profile and where is it applied?
15. How to reduce rulebase complexity in enterprise environments?
16. What is Policy Optimizer and how does it help?
17. What is DoS Protection Profile and DoS Policies?
18. When would you use a Security Group Tag (SGT) with TrustSec?
19. What is the purpose of Application Groups?
20. What is Security Profile vs. Security Policy?
Section 3: NAT, Routing & Networking
21. Difference between source NAT and destination NAT.
22. Explain Dynamic IP & Port (DIPP) NAT.
23. What is Bidirectional NAT?
24. How to configure Port Forwarding in Palo Alto.
25. What is Policy-Based Forwarding (PBF) and when is it used?
26. Explain Virtual Router and routing table processing.
27. What is ECMP and how to configure it?
28. What is ARP Cache and how do you inspect it?
29. What is Link Aggregation (LACP) and how is it configured?
30. How does Palo Alto support IPv6?
Section 4: Threat Prevention & Content Updates
31. What are Dynamic Updates in Palo Alto?
32. Explain Antivirus, Anti-Spyware & Anti-Malware workflow.
33. What are Vulnerability Protection Profiles?
34. How URL Filtering works and what categories mean.
35. What is DNS Security and why is it important?
36. What are File Blocking Profiles?
37. How does Palo Alto detect command & control traffic (C2)?
38. What is the difference between “alert,” “block,” and “continue”?
39. What is WildFire and how does it detect zero-day attacks?
40. Explain the significance of WildFire submission logs.
Section 5: VPN & Secure Connectivity
41. How to configure site-to-site IPSec VPN?
42. Difference between policy-based VPN and route-based VPN.
43. Why use Tunnel Interface for IPSec?
44. What is IKEv1 vs IKEv2 and which is preferred?
45. What is GlobalProtect and how does it work?
46. Difference between Portal and Gateway in GlobalProtect.
47. Explain HIP Profiles and why they matter.
48. What is Always-On VPN?
49. What GlobalProtect logs are critical during troubleshooting?
50. How split tunneling works in GlobalProtect?
No comments:
Post a Comment