PA5

What are three sources of malware sample data for the Threat Intelligence Cloud? (Choose three). Next-generation firewalls deployed with WildFire Analysis Security Profiles. WF-500 configured as private clouds for privacy concerns. Correlation Objects generated by AutoFocus. Third-party data feeds such as partnership with ProofPomt and the Cyber Threat Alliance. Palo Alto Networks non-firewall products such as Traps and Prisma SaaS.

What are two core values of the Palo Alto Network Security Operating Platform? (Choose two.). prevention of cyber attacks. safe enablement of all applications. threat remediation. defense against threats with static security solution.

What are two advantages of the DNS Sinkholing feature? (Choose two.). It forges DNS replies to known malicious domains. It monitors DNS requests passively for malware domains. It monitors DNS requests passively for malware domains. It can work upstream from the internal DNS server.

Which two products can send logs to the Cortex Data Lake? (Choose two.). AutoFocus. PA-3260 firewall. Prisma Access. Prisma Public Cloud.

Which two components must be configured within User-ID on a new firewall that has been implemented? (Choose two.). User Mapping. Proxy Authentication. Group Mapping. 802.1X Authentication.

Which four steps of the cyberattack lifecycle does the Palo Alto Networks Security Operating Platform prevent? (Choose four.). breach the perimeter. weaponize vulnerabilities. lateral movement. exfiltrate data. recon the target. deliver the malware.

Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.). define an SSL decryption rulebase. enable User-ID. validate credential submission detection. enable App-ID. define URL Filtering Profile.

An SE is preparing an SLR report for a school and wants to emphasize URL filtering capabilities because the school is concerned that its students are accessing inappropriate websites. The URL categories being chosen by default in the report are not highlighting these types of websites. How should the SE show the customer the firewall can detect that these websites are being accessed?. Create a footnote within the SLR generation tool. Edit the Key-Findings text to list the other types of categories that may be of interest. Remove unwanted categories listed under 'High Risk' and use relevant information. Produce the report and edit the PDF manually.

Which three methods used to map users to IP addresses are supported in Palo Alto Networks firewalls? (Choose three.). eDirectory monitoring. Client Probing. SNMP server. TACACS. Active Directory monitoring. Lotus Domino. RADIUS.

When the Cortex Data Lake is sized for Traps Management Service, which two factors should be considered? (Choose two.). retention requirements. Traps agent forensic data. the number of Traps agents. agent size and OS.

What are two benefits of using Panorama for a customer who is deploying virtual firewalls to secure data center traffic? (Choose two.). It can provide the Automated Correlation Engine functionality, which the virtual firewalls do not support. It can monitor the virtual firewalls' physical hosts and Vmotion them as necessary. It can automatically create address groups for use with KVM. It can bootstrap the virtual firewalls for dynamic deployment scenarios.

Which two tabs in Panorama can be used to identify templates to define a common base configuration? (Choose two.). Network Tab. Policies Tab. Device Tab. Objects Tab.

An endpoint, inside an organization, is infected with known malware that attempts to make a command-and-control connection to a C2 server via the destination IP address Which mechanism prevents this connection from succeeding?. DNS Sinkholing. DNS Proxy. Anti-Spyware Signatures. Wildfire Analysis.

How frequently do WildFire signatures move into the antivirus database?. Every 24 hours. Every 12 hours. once a week. Every 1 hour.

What are two presales selling advantages of using Expedition? (Choose two.). map migration gaps to professional services statement of Works (SOWs). streamline & migrate to Layer7 policies using Policy Optimizer. reduce effort to implement policies based on App-ID and User-ID. easy migration process to move to Palo Alto Networks NGFWs.

Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.). Traffic is separated by zones. Policy match is based on application. Identification of application is possible on any port. Traffic control is based on IP port, and protocol.

An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer. The customer already has multiple M-100s set up as a log collector group. What are two valid reasons for deploying Panorama in High Availability? (Choose two.). Control of post rules. Control local firewall rules. Ensure management continuity. Improve log collection redundancy.

Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics?. A. B. C. D.

Which two network events are highlighted through correlation objects as potential security risks? (Choose two.). Identified vulnerability exploits. Launch of an identified malware executable file. Endpoints access files from a removable drive. Suspicious host behavior.

Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.). use of decryption policies. measure the adoption of URL filters. App-ID. User-ID. use of device management access and settings. expose the visibility and presence of command-and-control sessions. identify sanctioned and unsanctioned SaaS applications.

In which two cases should the Hardware offering of Panorama be chosen over the Virtual Offering? (Choose two.). Dedicated Logger Mode is required. Logs per second exceed 10,000. Appliance needs to be moved into data center. Device count is under 100.

How do you configure the rate of file submissions to WildFire in the NGFW?. based on the purchased license uploaded. QoS tagging. maximum number of files per minute. maximum number of files per day.

Which are the three mandatory components needed to run Cortex XDR? (Choose three.). Panorama. NGFW with PANOS 8 0.5 or later. Cortex Data Lake. Traps. Pathfinder. Directory Syn Service.

Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?. Prototype. Inputs. Class. Feed Base URL.

Which two new file types are supported on the WF-500 in PAN-OS 9? (Choose two). ELF. 7-Zip. Zip. RAR.

A customer is concerned about zero-day targeted attacks against its intellectual property. Which solution informs a customer whether an attack is specifically targeted at them?. Traps TMS. AutoFocus. Panorama Correlation Report. Firewall Botnet Report.

Prisma SaaS provides which two SaaS threat prevention capabilities? (Choose two). shellcode protection. file quarantine. SaaS AppID signatures. WildFire analysis. remote procedural call (RPC) interrogation.

A client chooses to not block uncategorized websites. Which two additions should be made to help provide some protection? (Choose two.). A URL filtering profile with the action set to continue for unknown URL categories to security policy rules that allow web access. A data filtering profile with a custom data pattern to security policy rules that deny uncategorized websites. A file blocking profile attached to security policy rules that allow uncategorized websites to help reduce the risk of drive by download. A security policy rule using only known URL categories with the action set to allow.

A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types. The customer uses a firewall with User-ID enabled Which feature must also be enabled to prevent these attacks?. Content Filtering. WildFire. Custom App-ID rules. App-ID.

Decryption port mirroring is now supported on which platform?. all hardware-based and VM-Series firewalls with the exception of VMware NSX. Citrix SDX, or public cloud hypervisors. in hardware only. only one the PA-5000 Series and higher. all hardware-based and VM-Series firewalls regardless of where installed.

Select the BOM for the Prisma Access, to provide access for 5500 mobile users and 10 remote locations (100Mbps each) for one year, including Base Support and minimal logging. The customer already has 4x PA5220r 8x PA3220,1x Panorama VM for 25 devices. 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR. 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-SVC-BAS-PRA-25. 1x PAN-PRA-25. 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YRr 1x PAN-LGS-1TB-1YR, 1x PAN-PRA-25, 1x PAN-SVC-BAS-PRA-25. 1x PAN-GPCS-USER-C-BAS-1YR, 1x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR.

As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?. access key ID. secret access key. administrative Password. AWS account ID.

In which two ways can PAN-OS software consume MineMeld outputs? (Choose two.). TXT. API. CSV. EDL.

Which domain permissions are required by the User-ID Agent for WMI Authentication on a Windows Server? (Choose three.). Domain Administrators. Enterprise Administrators. Distributed COM Users. Event Log Readers. Server Operator.

Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?. WildFire hybrid deployment. 5 minute WildFire updates to threat signatures. Access to the WildFire API. PE file upload to WildFire.

Which option is required to Activate/Retrieve a Device Management License on the M-100 Appliance after the Auth Codes have been activated on the Palo Alto Networks Support Site?. Generate a Stats Dump File and upload it to the Palo Alto Networks support portal. Select Panorama > Licenses and click Activate feature using authorization code. Generate a Tech Support File and call PANTAC. Select Device > Licenses and click Activate feature using authorization code.

What is the basis for purchasing Cortex XDR licensing?. volume of logs being processed based on Datalake purchased. number of nodes and endpoints providing logs. unlimited licenses. number of NGFWs.

XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy. Which two features must be enabled to meet the customer's requirements? (Choose two.). Policy-based forwarding. HA active/active. Virtual systems. HA active/passive.

How often are the databases for Anti-virus. Application, Threats, and WildFire subscription updated?. Anti-virus (weekly): Application (daily). Threats (weekly), WildFire (5 minutes). Anti-virus (weekly), Application (daily), Threats (daily), WildFire (5 minutes). Anti-virus (daily), Application (weekly), Threats (weekly), WildFire (5 minutes). Anti-virus (daily), Application (weekly), Threats (daily), WildFire (5 minutes).

A company has deployed the following • VM-300 firewalls in AWS • endpoint protection with the Traps Management Service • a Panorama M-200 for managing its VM-Series firewalls • PA-5220s for its internet perimeter, • Prisma SaaS for SaaS security. Which two products can send logs to the Cortex Data Lake? (Choose two). Prisma SaaS. Traps Management Service. VM-300 firewalls. Panorama M-200 appliance.

Which profile or policy should be applied to protect against port scans from the internet?. Interface management profile on the zone of the ingress interface. Zone protection profile on the zone of the ingress interface. An App-ID security policy rule to block traffic sourcing from the untrust zone. Security profiles to security policy rules for traffic sourcing from the untrust zone.

When log sizing is factored for the Cortex Data Lake on the NGFW, what is the average log size used in calculation?. 8MB. depends on the Cortex Data Lake tier purchased. 18 bytes. 1500 bytes.

Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN interface?. A. B. C. D.

A service provider has acquired a pair of PA-7080s for its data center to secure its customer base's traffic. The server provider's traffic is largely generated by smart phones and averages 6.000,000 concurrent sessions. Which Network Processing Card should be recommended in the Bill of Materials?. PA-7000-20GQ-NPC. PA-7000-40G-NPC. PA-7000-20GQXM-NPC. PA-7000-20G-NPC.

A customer is concerned about malicious activity occurring directly on their endpoints and will not be visible to their firewalls. Which three actions does the Traps agent execute during a security event, beyond ensuring the prevention of this activity? (Choose three.). Informs WildFire and sends up a signature to the Cloud. Collects forensic information about the event. Communicates the status of the endpoint to the ESM. Notifies the user about the event. Remediates the event by deleting the malicious file.

Which two types of security chains are supported by the Decryption Broker? (Choose two.). virtual wire. transparent bridge. Layer 3. Layer 2.

Which three new script types can be analyzed in WildFire? (Choose three.). VBScript. JScript. MonoScript. PythonScript. PowerShell Script.

Which two configuration items are required when the NGFW needs to act as a decryption broker for multiple transparent bridge security chains? (Choose two.). dedicated pair of decryption forwarding interfaces required per security chain. a unique Transparent Bridge Decryption Forwarding Profile to a single Decryption policy rule. a unique Decryption policy rule is required per security chain. a single pair of decryption forwarding interfaces.

Which four actions can be configured in an Anti-Spyware profile to address command-and-control traffic from compromised hosts? (Choose four.). Quarantine. Allow. Reset. Redirect. Drop. Alert.

A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at 100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center Which VM instance should be used to secure the network by this customer?. VM-200. VM-100. VM-50. VM-300.

Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?. WildFire on the firewall, and AutoFocus on Panorama. Threat Prevention on the firewall, and Support on Panorama. GlobalProtect on the firewall, and Threat Prevention on Panorama. URL Filtering on the firewall, and MineMeld on Panorama.

Which three items contain information about Command-and-Control (C2) hosts? (Choose three.). Threat logs. WildFire analysis reports. Botnet reports. Data filtering logs. SaaS reports.

When the Cortex Data Lake is sized for Prisma Access mobile users, what is a valid log size range you would use per day. per user?. 1500 to 2500 bytes. 10MB to 30 MB. 1MB to 5 MB. 100MB to 200 MB.

A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default.

Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default. reboot the firewall to activate the license. activate the Decryption Broker license. enable SSL Forward Proxy decryption. enable a pair of virtual wire interfaces to forward decrypted traffic.

What are three purposes for the Eval Systems, Security Lifecycle Reviews and Prevention Posture Assessment tools? (Choose three.). when you're delivering a security strategy. when client's want to see the power of the platform. provide users visibility into the applications currently allowed on the network. help streamline the deployment and migration of NGFWs. assess the state of NGFW feature adoption.

An Administrator needs a PDF summary report that contains information compiled from existing reports based on data for the Top five(5) in each category Which two timeframe options are available to send this report? (Choose two.). Daily. Monthly. Weekly. Bi-weekly.

Which three signature-based Threat Prevention features of the firewall are informed by intelligence from the Threat Intelligence Cloud? (Choose three.). Vulnerability protection. Anti-Spyware. Anti-Virus. Botnet detection. App-ID protection.

The firewall includes predefined reports, custom reports can be built for specific data and actionable tasks, or predefined and custom reports can be combined to compile information needed to monitor network security The firewall provides which three types of reports? (Choose three.). SNMP Reports. PDF Summary Reports. Netflow Reports. Botnet Reports. User or Group Activity Reports.

Which Palo Alto Networks pre-sales tool involves approximately 4 hour interview to discuss a customer's current security posture?. BPA. PPA. Expedition. SLR.