|What are three purposes for the Eval Systems, Security Lifecycle Reviews and Prevention
Posture Assessment tools? (Choose three.) when you're delivering a security strategy when client's want to see the power of the platform provide users visibility into the applications currently allowed on the network help streamline the deployment and migration of NGFWs assess the state of NGFW feature adoption.
What are three sources of malware sample data for the Threat Intelligence Cloud? (Choose
three) Next-generation firewalls deployed with WildFire Analysis Security Profiles WF-500 configured as private clouds for privacy concerns Correlation Objects generated by AutoFocus Third-party data feeds such as partnership with ProofPomt and the Cyber Threat Alliance Palo Alto Networks non-firewall products such as Traps and Prisma SaaS.
How do you configure the rate of file submissions to WildFire in the NGFW?
based on the purchased license uploaded QoS tagging maximum number of files per minute maximum number of files per day.
A client chooses to not block uncategorized websites.
Which two additions should be made to help provide some protection? (Choose two.) A URL filtering profile with the action set to continue for unknown URL categories to security
policy rules that allow web access A data filtering profile with a custom data pattern to security policy rules that deny uncategorized
websites A file blocking profile attached to security policy rules that allow uncategorized websites to help
reduce the risk of drive by downloads A security policy rule using only known URL categories with the action set to allow.
A customer is concerned about malicious activity occurring directly on their endpoints and will
not be visible to their firewalls.
Which three actions does the Traps agent execute during a security event, beyond ensuring the IT Certification Guaranteed, The Easy Way! prevention of this activity? (Choose three.) Informs WildFire and sends up a signature to the Cloud Collects forensic information about the event Communicates the status of the endpoint to the ESM Notifies the user about the event Remediates the event by deleting the malicious file.
Which two components must be configured within User-ID on a new firewall that has been
implemented? (Choose two.) User Mapping Proxy Authentication
Group Mapping 802.1X Authentication.
As you prepare to scan your Amazon S3 account, what enables Prisma service permission to
access Amazon S3? access key ID secret access key administrative Password AWS account ID.
Which three new script types can be analyzed in WildFire? (Choose three.) VBScript JScript MonoScript PythonScript PowerShell Script.
When the Cortex Data Lake is sized for Prisma Access mobile users, what is a valid log size
range you would use per day. per user? 1500 to 2500 bytes 10MB to 30 MB 1MB to 5 MB 100MB to 200 MB.
Which three methods used to map users to IP addresses are supported in Palo Alto Networks
firewalls? (Choose three.) eDirectory monitoring Client Probing SNMP server TACACS Active Directory monitoring Lotus Domino RADIUS.
Which three items contain information about Command-and-Control (C2) hosts? (Choose three.) Threat logs WildFire analysis reports Botnet reports Data filtering logs SaaS reports.
What is the basis for purchasing Cortex XDR licensing? volume of logs being processed based on Datalake purchased number of nodes and endpoints providing logs unlimited licenses number of NGFWs.
Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld
indicators? Prototype Inputs Class Feed Base URL.
What are two core values of the Palo Alto Network Security Operating Platform? (Choose two.} prevention of cyber attacks safe enablement of all applications threat remediation defense against threats with static security solution.
Which two products can send logs to the Cortex Data Lake? (Choose two.) AutoFocus PA-3260 firewall Prisma Access Prisma Public Cloud.
In which two ways can PAN-OS software consume MineMeld outputs? (Choose two.) TXT API CSV EDL.
Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.) Traffic is separated by zones Policy match is based on application Identification of application is possible on any port Traffic control is based on IP port, and protocol.
When log sizing is factored for the Cortex Data Lake on the NGFW, what is the average log size used in calculation? 8MB depends on the Cortex Data Lake tier purchased 18 bytes 1500 bytes.
A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall? Palo Alto Networks keep ports closed by default, only opening ports after understanding the
application request, and then opening only the application-specified ports. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that
do not reference ports Default policies block all interzone traffic. Palo Alto Networks empowers you to control
applications by default ports or a configurable list of approved ports on a per-policy basis. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by
Which functionality is available to firewall users with an active Threat Prevention
subscription, but no WildFire license? WildFire hybrid deployment
5 minute WildFire updates to threat signatures Access to the WildFire API PE file upload to WildFire.
A company has deployed the following
* VM-300 firewalls in AWS
* endpoint protection with the Traps Management Service
* a Panorama M-200 for managing its VM-Series firewalls
* PA-5220s for its internet perimeter,
* Prisma SaaS for SaaS security.
Which two products can send logs to the Cortex Data Lake? (Choose two). Prisma SaaS Traps Management Service VM-300 firewalls Panorama M-200 appliance.
Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.) define an SSL decryption rulebase enable User-ID validate credential submission detection enable App-ID define URL Filtering Profile.
Prisma SaaS provides which two SaaS threat prevention capabilities? (Choose two) shellcode protection file quarantine SaaS AppID signatures WildFire analysis remote procedural call (RPC) interrogation.
Which four actions can be configured in an Anti-Spyware profile to address command-andcontrol traffic from compromised hosts? (Choose four.) Quarantine Allow Reset Redirect Drop Alert.
Which profile or policy should be applied to protect against port scans from the internet? Interface management profile on the zone of the ingress interface Zone protection profile on the zone of the ingress interface An App-ID security policy rule to block traffic sourcing from the untrust zone Security profiles to security policy rules for traffic sourcing from the untrust zone.
Which two network events are highlighted through correlation objects as potential security, The Easy Way! risks? (Choose two.) Identified vulnerability exploits Launch of an identified malware executable file Endpoints access files from a removable drive Suspicious host behavior.
Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN
An endpoint, inside an organization, is infected with known malware that attempts to make a
command-and-control connection to a C2 server via the destination IP address Which mechanism
prevents this connection from succeeding? DNS Sinkholing DNS Proxy Anti-Spyware Signatures Wildfire Analysis.
A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at
100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center Which VM instance should be used to secure the network by this customer?
VM-200 VM-100 VM-50 VM-300.
Which two steps are required to configure the Decryption Broker? (Choose two.) reboot the firewall to activate the license activate the Decryption Broker license enable SSL Forward Proxy decryption enable a pair of virtual wire interfaces to forward decrypted traffic.
Which four steps of the cyberattack lifecycle does the Palo Alto Networks Security Operating
Platform prevent? (Choose four.) breach the perimeter weaponize vulnerabilities lateral movement exfiltrate data recon the target deliver the malware.
How frequently do WildFire signatures move into the antivirus database? every 24 hours every 12 hours once a week every 1 hour.
Which two types of security chains are supported by the Decryption Broker? (Choose two.) virtual wire transparent bridge Layer 3 Layer 2.
The firewall includes predefined reports, custom reports can be built for specific data and actionable tasks, or predefined and custom reports can be combined to compile information needed to monitor network security The firewall provides which three types of reports? (Choose three.) SNMP Reports PDF Summary Reports Netflow Reports Botnet Reports User or Group Activity Reports.
Which three categories are identified as best practices in the Best Practice Assessment tool?
(Choose three.) use of decryption policies
measure the adoption of URL filters. App-ID. User-ID use of device management access and settings expose the visibility and presence of command-and-control sessions identify sanctioned and unsanctioned SaaS applications.
Which two configuration items are required when the NGFW needs to act as a decryption broker for multiple transparent bridge security chains? (Choose two.)
dedicated pair of decryption forwarding interfaces required per security chain a unique Transparent Bridge Decryption Forwarding Profile to a single Decryption policy rule a unique Decryption policy rule is required per security chain a single pair of decryption forwarding interfaces.
Which three signature-based Threat Prevention features of the firewall are informed by intelligence from the Threat Intelligence Cloud? (Choose three.) Anti-Spyware Anti-Virus Botnet detection App-ID protection Vulnerability protection.
A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types. The customer uses a firewall with User-ID enabled
Which feature must also be enabled to prevent these attacks? Content Filtering WildFire Custom App-ID rules App-ID.
Which two tabs in Panorama can be used to identify templates to define a common base configuration?(Choose two.)
Network Tab Policies Tab Device Tab Objects Tab.
What are two presales selling advantages of using Expedition? (Choose two.) map migration gaps to professional services statement of Works (SOWs) streamline & migrate to Layer7 policies using Policy Optimizer reduce effort to implement policies based on App-ID and User-ID easy migration process to move to Palo Alto Networks NGFWs
An SE is preparing an SLR report for a school and wants to emphasize URL filtering capabilities
because the school is concerned that its students are accessing inappropriate websites. The URL
categories being chosen by default in the report are not highlighting these types of websites. How
should the SE show the customer the firewall can detect that these websites are being accessed?
Create a footnote within the SLR generation tool Edit the Key-Findings text to list the other types of categories that may be of interest Remove unwanted categories listed under 'High Risk' and use relevant information Produce the report and edit the PDF manually.
An administrator wants to justify the expense of a second Panorama appliance for HA of the
management layer. The customer already has multiple M-100s set up as a log collector group. What are two valid reasons
for deploying Panorama in High Availability? (Choose two.)
Control of post rules Control local firewall rules Ensure management continuity Improve log collection redundancy.
Which are the three mandatory components needed to run Cortex XDR? (Choose three.) Panorama NGFW with PANOS 8 0.5 or later Cortex Data Lake Traps Pathfinder Directory Syn Service.
n which two cases should the Hardware offering of Panorama be chosen over the Virtual Offering? (Choose two.)
Dedicated Logger Mode is required Logs per second exceed 10,000 Appliance needs to be moved into data center Device count is under 100.
What are two advantages of the DNS Sinkholing feature? (Choose two.) It forges DNS replies to known malicious domains. It monitors DNS requests passively for malware domains. It can be deployed independently of an Anti-Spyware Profile. It can work upstream from the internal DNS server.
Palo Alto Networks publishes updated Command-and-Control signatures. How frequently
should the related signatures schedule be set? Once a day Once a week Once every minute Once an hour.
Which three signature-based Threat Prevention features of the firewall are informed by
intelligence from the Threat Intelligence Cloud? (Choose three.) Vulnerability protection Anti-Spyware Anti-Virus Botnet detection App-ID protection.
Which option is required to Activate/Retrieve a Device Management License on the M-100
Appliance after the Auth Codes have been activated on the Palo Alto Networks Support Site?
Generate a Stats Dump File and upload it to the Palo Alto Networks support portal Select Panorama > Licenses and click Activate feature using authorization code Generate a Tech Support File and call PANTAC Select Device > Licenses and click Activate feature using authorization code.
Decryption port mirroring is now supported on which platform? all hardware-based and VM-Series firewalls with the exception of VMware NSX. Citrix SDX, or public cloud hypervisors in hardware only only one the PA-5000 Series and higher all hardware-based and VM-Series firewalls regardless of where installed.
Which two new file types are supported on the WF-500 in PAN-OS 9? (Choose two) ELF 7-Zip
Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the
specified virtual SD-WAN interface, along with the performance metrics? >show sdwan rule interface <sdwan.x> show sdwan connection all >show sdwan path-monitor show sdwan session ..
When the Cortex Data Lake is sized for Traps Management Service, which two factors should
be considered? (Choose two.) retention requirements Traps agent forensic data the number of Traps agents agent size and OS.
A customer is concerned about zero-day targeted attacks against its intellectual property.
Which solution informs a customer whether an attack is specifically targeted at them? Traps TMS AutoFocus Panorama Correlation Report Firewall Botnet Report.
An Administrator needs a PDF summary report that contains information compiled from existing reports based on data for the Top five(5) in each category Which two timeframe options are available to send this report? (Choose two.)
Daily Monthly Weekly Bi-weekly.
Which domain permissions are required by the User-ID Agent for WMI Authentication on a Windows Server? (Choose three.)
Domain Administrators Enterprise Administrators Distributed COM Users Event Log Readers Server Operator.
Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?
WildFire on the firewall, and AutoFocus on Panorama Threat Prevention on the firewall, and Support on Panorama GlobalProtect on the firewall, and Threat Prevention on Panorama URL Filtering on the firewall, and MineMeld on Panorama.
What are two benefits of using Panorama for a customer who is deploying virtual firewalls to
secure data center traffic? (Choose two.) It can provide the Automated Correlation Engine functionality, which the virtual firewalls do not support.
It can monitor the virtual firewalls' physical hosts and Vmotion them as necessary It can automatically create address groups for use with KVM. It can bootstrap the virtual firewalls for dynamic deployment scenarios.
A service provider has acquired a pair of PA-7080s for its data center to secure its customer
base's traffic. The server provider's traffic is largely generated by smart phones and averages
6.000,000 concurrent sessions.
Which Network Processing Card should be recommended in the Bill of Materials? PA-7000-20GQ-NPC PA-7000-40G-NPC PA-7000-20GQXM-NPC PA-7000-20G-NPC.
9 How often are the databases for Anti-virus. Application, Threats, and WildFire subscription updated?
Anti-virus (weekly): Application (daily). Threats (weekly), WildFire (5 minutes) Anti-virus (weekly), Application (daily), Threats (daily), WildFire (5 minutes) Anti-virus (daily), Application (weekly), Threats (weekly), WildFire (5 minutes) Anti-virus (daily), Application (weekly), Threats (daily), WildFire (5 minutes).
Select the BOM for the Prisma Access, to provide access for 5500 mobile users and 10 remote
locations (100Mbps each) for one year, including Base Support and minimal logging. The customer
already has 4x PA5220r 8x PA3220,1x Panorama VM for 25 devices.
5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1xPAN-LGS-1TB-1YR 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1xPAN-SVC-BAS-PRA-25. 1x PAN-PRA-25
5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YRr 1xPAN-LGS-1TB-1YR, 1x PAN-PRA-25, 1x PAN-SVC-BAS-PRA-25 1x PAN-GPCS-USER-C-BAS-1YR, 1x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR.
XYZ Corporation has a legacy environment with asymmetric routing. The customer
understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy.
Which two features must be enabled to meet the customer's requirements? (Choose two.)
Policy-based forwarding HA active/active Virtual systems HA active/passive.
Which Palo Alto Networks pre-sales tool involves approximately 4 hour interview to discuss a
customer's current security posture? BPA PPA Expedition SLR.
What can be applied to prevent users from unknowingly downloading malicious file types
from the internet? A vulnerability profile to security policy rules that deny general web access An antivirus profile to security policy rules that deny general web access A zone protection profile to the untrust zone A file blocking profile to security policy rules that allow general web access.