Académique Documents
Professionnel Documents
Culture Documents
Question 2 of 45.
Question 3 of 45.
An Antivirus Security Profile specifies Actions and WildFire Actions. Wildfire Actions enable you to
configure the firewall to perform which operation?
Question 4 of 45.
MGT port-based
any
web-based
non-TCP/IP
Because a firewall examines every packet in a session, a firewall can detect application ________?
groups
shifts
errors
filters
Question 6 of 45.
Finding URLs matched to the not-resolved URL category in the URL Filtering log file might indicate
that you should take which action?
Question 7 of 45.
For which firewall feature should you create forward trust and forward untrust certificates?
Question 8 of 45.
If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are
recorded in which log type?
Data Filtering
Traffic
WildFire Submissions
Threat
Question 9 of 45.
If there is an HA configuration mismatch between firewalls during peer negotiation, which state
will the passive firewall enter?
PASSIVE
INITIAL
NON-FUNCTIONAL
ACTIVE
Question 10 of 45.
In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose
three.)
synchronizing sessions
exchanging hellos
synchronizing configuration
exchanging heartbeats
Question 11 of 45.
In an HA configuration, which two failure detection methods rely on ICMP ping? (Choose two.)
link groups
hellos
path groups
heartbeats
Question 12 of 45.
Which two user mapping methods are supported by the User-ID integrated agent? (Choose two.)
LDAP Filters
WMI probing
Client Probing
NetBIOS Probing
Question 13 of 45.
SSL Inbound Inspection requires that the firewall be configured with which two components?
(Choose two.)
client's digital certificate
client•'s public key
server's private key
server's digital certificate
Question 14 of 45.
The Threat log records events from which three Security Profiles? (Choose three.)
Vulnerability Protection
File Blocking
Antivirus
URL Filtering
WildFire Analysis
Anti-Spyware
Question 15 of 45.
firewall interface
firewall
User-ID agent
firewall security zone
What are the two separate planes that make up the PAN-OS architecture? (Choose two.)
signature processing plane
control/management plane
dataplane
HA plane
routing plane
Question 17 of 45.
What are two benefits of attaching a Decryption Profile to a Decryption policy no-decrypt rule?
(Choose two.)
acceptable protocol checking
expired certificate checking
URL category match checking
untrusted certificate checking
Question 18 of 45.
Question 19 of 45.
What is a use case for deploying Palo Alto Networks NGFW in the public cloud?
Question 20 of 45.
When SSL traffic passes through the firewall, which component is evaluated first?
Security policy
Decryption policy
Decryption Profile
Decryption exclusions list
Question 21 of 45.
Where does a GlobalProtect client connect to first when trying to connect to the network?
GlobalProtect Portal
AD agent
GlobalProtect Gateway
User-ID agent
Question 22 of 45.
Which condition must exist before a firewall's in-band interface can process traffic?
Question 23 of 45.
Question 24 of 45.
Which interface type does NOT require any configuration changes to adjacent network devices?
Virtual Wire
Layer 2
Tap
Layer 3
Question 25 of 45.
Virtual Wire
VLAN
HA
Layer 3
Question 26 of 45.
Question 27 of 45.
The running configuration is transferred from memory to the firewall'•s storage device.
A copy of the configuration is uploaded to the cloud as a backup.
The candidate configuration is transferred from memory to the firewall'•s storage device.
A saved configuration is transferred to an external host•s storage device.
Mark for follow up
Question 28 of 45.
Question 29 of 45.
Which three are valid configuration options in a WildFire Analysis Profile? (Choose three.)
maximum file size
application
file types
direction
Question 30 of 45.
Which three MGT port configuration settings are required in order to access the WebUI? (Choose
three.)
Default gateway
IP address
Hostname
Netmask
Question 31 of 45.
Which three network modes are supported by active/passive HA? (Choose three.)
Virtual Wire
Layer 3
Layer 2
Tap
Question 32 of 45.
Which two file types can be sent to WildFire for analysis if a firewall has only a standard
subscription service? (Choose two.)
.jar
.pdf
.dll
.exe
Question 33 of 45.
Which user mapping method is recommended for a highly mobile user base?
GlobalProtect
Client Probing
Session Monitoring
Server Monitoring
Question 34 of 45.
Which User-ID user mapping method is recommended for environments where users frequently
change IP addresses?
Client Probing
Captive Portal
Session Monitoring
Server Monitoring
Question 35 of 45.
Which file must be downloaded from the firewall to create a Heatmap and Best Practices
Assessment report?
XML file
Tech Support File
firewall config file
stats dump file
Question 36 of 45.
GlobalProtect clientless VPN provides secure remote access to web applications that use which
three technologies? (Choose three.)
Java
HTML
JavaScript
HTML5
Python
Ruby
Question 37 of 45.
Which three subscription services are included as part of the GlobalProtect cloud service? (Choose
three.)
WildFire®
Panorama
Threat Prevention
AutoFocus
URL Filtering
Aperture
Question 38 of 45.
What is the maximum number of WildFire® appliances that can be grouped in to a WildFire®
appliance cluster?
12
24
32
20
Question 39 of 45.
The decryption broker feature is supported by which three Palo Alto Networks firewall series?
(Choose three.)
PA-5200
PA-3000
PA-5000
PA-3200
VM-Series
PA-7000
Question 40 of 45.
Which three HTTP header insertion types are predefined? (Choose three.)
WebEx
Box
Google
Slack
YouTube
Dropbox
Question 41 of 45.
Which VM-Series model was introduced with the release of PAN-OS® 8.1?
VM-300 Lite
VM-50 Lite
VM-200 Lite
VM-100 Lite
Question 42 of 45.
Which cloud computing platform provides shared resources, servers, and storage in a pay-as-you-
go model?
hybrid
community
private
public
Question 43 of 45.
Which cloud computing service model will enable an application developer to develop, manage,
and test their applications without the expense of purchasing equipment?
platform as a service
infrastructure as a service
software as a service
code as a service
Question 44 of 45.
Cloud security is a shared responsibility between the cloud provider and the customer. Which
security platform is the cloud provider responsible for?
encryption management
identity and access management
firewall and network traffic
foundation services
Question 45 of 45.
Which essential cloud characteristic is designed for applications that will be required to run on all
platforms including smartphones, tablets, and laptops?
measured services
on-demand self service
broad network access
rapid elasticity