An administrator needs to perform several maintenance tasks on a managed firewall directly from the Panorama console, without using the Context Switch feature.
Which set of tasks can the administrator fully execute from the Panorama UI? (Choose one answer)
Palo Alto Networks Panorama provides a centralized management platform that allows administrators to manage firewalls through two primary constructs: Templates and Device Groups. When working directly within the Panorama UI (without switching to the firewall's context), an administrator interacts with these constructs to push configurations down to the managed devices.
The tasks listed in Option C represent the core functionality of Panorama's hierarchical management:
Edit a post-rule: Security policies are managed within Device Groups. Post-rules are specific rules that appear after any locally defined rules on the firewall, allowing Panorama to enforce a 'bottom-line' security posture across all managed devices.
Create a new certificate profile: Object management, including certificate profiles, is handled within Templates or Device Groups (depending on scope) and can be easily defined at the Panorama level.
Configure the firewall's hostname: System-level settings, such as hostnames, DNS, and NTP, are managed via Templates.
Conversely, the other options include tasks that generally require a direct connection or a 'Context Switch' to the specific firewall's management plane. For example, viewing real-time session details (Option A) or the local ACC (Option B) requires querying the specific firewall's data plane. While Panorama can trigger a software update, performing a device reboot (Option A) or managing local administrator accounts (Option D) are typically performed either locally or through the context switch to ensure the administrator is interacting with the device's specific local database rather than the global Panorama template.
Currently there are no comments in this discussion, be the first to comment!