Match the Palo Alto Networks Security Operating Platform architecture to its description.
Select and Place: Threat Intelligence Cloud Next-Generation Firewall Advanced Endpoint Protection.
Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions on a separate processor? management network processing data security processing.
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by
App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed? All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application No impact because the apps were automatically downloaded and installed No impact because the firewall automatically adds the rules to the App-ID interface All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications.
How many zones can an interface be assigned with a Palo Alto Networks firewall? two three four one.
Which two configuration settings shown are not the default? (Choose two.) Enable Security Log Server Log Monitor Frequency (sec) Enable Session Enable Probing.
Which dataplane layer of the graphic shown provides pattern protection for spyware and vulnerability exploits on a Palo Alto Networks Firewall? Signature Matching Network Processing Security Processing Data Interfaces.
Which option shows the attributes that are selectable when setting up application filters? Category, Subcategory, Technology, and Characteristic Category, Subcategory, Technology, Risk, and Characteristic Name, Category, Technology, Risk, and Characteristic Category, Subcategory, Risk, Standard Ports, and Technology.
Actions can be set for which two items in a URL filtering security profile? (Choose two.) Block List Custom URL Categories PAN-DB URL Categories Allow List.
DRAG DROP -
Match the Cyber-Attack Lifecycle stage to its correct description.
Select and Place: Reconnaissance installation Command and Control Act on the Objective.
Actions can be set for which two items in a URL filtering security profile? (Choose two.) Updated application content might change how Security policy rules are enforced. After an application content update, new applications must be manually classified prior to use. Existing security policy rules are not affected by application content updates. After an application content update, new applications are automatically identified and classified.
Which User-ID mapping method should be used for an environment with users that do not authenticate to Active Directory? Windows session monitoring passive server monitoring using the Windows-based agent Captive Portal passive server monitoring using a PAN-OS integrated User-ID agent.
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment? Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory Create an Application Group and add business-systems to it Create an Application Filter and name it Office Programs, then filter it on the business-systems category Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office.
Which statement is true regarding a Best Practice Assessment? The BPA tool can be run only on firewalls It provides a percentage of adoption for each assessment area The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application? intrazone-default Deny Google allowed-security services interzone-default.
Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________. on either the data place or the management plane. after it is matched by a security policy rule that allows traffic. before it is matched to a Security policy rule. after it is matched by a security policy rule that allows or blocks traffic.
When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None? Translation Type Interface Address Type IP Address.
Which interface does not require a MAC or IP address? Virtual Wire Layer3 Layer2 Loopback.
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall? Rule Usage Filter > No App Specified Rule Usage Filter >Hit Count > Unused in 30 days Rule Usage Filter > Unused Apps Rule Usage Filter > Hit Count > Unused in 90 days.
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
Select and Place: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6.
What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.) An implicit dependency does not require the dependent application to be added in the security policy An implicit dependency requires the dependent application to be added in the security policy An explicit dependency does not require the dependent application to be added in the security policy An explicit dependency requires the dependent application to be added in the security policy.
Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules? At the CLI enter the command reset rules and press Enter Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule Reboot the firewall Use the Reset Rule Hit Counter > All Rules option.
Which two App-ID applications will you need to allow in your Security policy to use facebook-chat? (Choose two.) facebook facebook-chat facebook-base facebook-email.
Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources? Windows-based agent deployed on the internal network PAN-OS integrated agent deployed on the internal network Citrix terminal server deployed on the internal network Windows-based agent deployed on each of the WAN Links.
Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP
`"to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW. syslog RADIUS UID redistribution XFF headers.
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command- and-control (C2) server.
Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.) vulnerability protection profile applied to outbound security policies anti-spyware profile applied to outbound security policies antivirus profile applied to outbound security policies URL filtering profile applied to outbound security policies.
At which stage of the Cyber-Attack Lifecycle would the attacker attach an infected PDF file to an email? Delivery Reconnaissance Command and Control Exploitation.
Identify the correct order to configure the PAN-OS integrated USER-ID agent.
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent
2. define the address of the servers to be monitored on the firewall
3. add the service account to monitor the server(s)
4. commit the configuration, and verify agent connection status 2-3-4-1 1-4-3-2 3-1-2-4 1-3-2-4.
Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services `Application defaults`, and action = Allow Destination IP: 192.168.1.123/24 Application = "Telnet" Log Forwarding USER-ID = "Allow users in Trusted".
Based on the security policy rules shown, ssh will be allowed on which port? 80 53 22 23.
Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall? Threat Prevention WildFire Antivirus URL Filtering.
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity? branch office traffic north-south traffic perimeter traffic east-west traffic.
Given the topology, which zone type should zone A and zone B to be configured with? Layer3 Tap Layer2 Virtual Wire.
To use Active Directory to authenticate administrators, which server profile is required in the authentication profile? domain controller TACACS+ LDAP RADIUS.
Which interface type is used to monitor traffic and cannot be used to perform traffic shaping? Layer 2 Tap Layer 3 Virtual Wire.
Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account? Root Dynamic Role-based Superuser.
Which administrator type utilizes predefined roles for a local administrator account? Superuser Role-based Dynamic Device administrator.
Which two security profile types can be attached to a security policy? (Choose two.) antivirus DDoS protection threat vulnerability.
The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server? Create an anti-spyware profile and enable DNS Sinkhole Create an antivirus profile and enable DNS Sinkhole Create a URL filtering profile and block the DNS Sinkhole category Create a security policy and enable DNS Sinkhole.
Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers? Active Directory monitoring Windows session monitoring Windows client probing domain controller monitoring.
Which three statements describe the operation of Security policy rules and Security Profiles? (Choose three.) Security policy rules are attached to Security Profiles. Security Profiles are attached to Security policy rules. Security Profiles should be used only on allowed traffic. Security policy rules inspect but do not block traffic. Security policy rules can block or allow traffic.
Given the image, which two options are true about the Security policy rules. (Choose two.) The Allow Office Programs rule is using an Application Filter In the Allow FTP to web server rule, FTP is allowed using App-ID The Allow Office Programs rule is using an Application Group In the Allow Social Networking rule, allows all of Facebook's functions
.
Which type of Security policy rule would match traffic flowing between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone? global intrazone interzone universal.
Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways? GlobalProtect AutoFocus Aperture Panorama.
Which two statements are correct regarding multiple static default routes when they are configured as shown in the image? (Choose two.) Path monitoring does not determine if route is useable. Route with highest metric is actively used. Path monitoring determines if route is useable. Route with lowest metric is actively used.
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can run malicious code against a targeted machine. Exploitation Installation Reconnaissance Act on Objective.
Which file is used to save the running configuration with a Palo Alto Networks firewall? running-config.xml run-config.xml running-configuration.xml run-configuration.xml.
In the example security policy shown, which two websites would be blocked? (Choose two.) LinkedIn Facebook YouTube Amazon.
Which Palo Alto Networks component provides consolidated policy creation and centralized management? GlobalProtect Panorama Prisma SaaS AutoFocus.
Which statement is true regarding a Prevention Posture Assessment? The Security Policy Adoption Heatmap component filters the information by device groups, serial numbers, zones, areas of architecture, and other categories It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture It provides a percentage of adoption for each assessment area It performs over 200 security checks on Panorama/firewall for the assessment.
Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.) User identification Filtration protection Vulnerability protection Antivirus Application identification Anti-spyware.
The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.) Add all the URLs from the gambling category except powerball.com to the block list and then set the action for the gambling category to allow. Manually remove powerball.com from the gambling URL category. Add *.powerball.com to the allow list Create a custom URL category called PowerBall and add *.powerball.com to the category and set the action to allow.
Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information? Aperture AutoFocus Panorama GlobalProtect.
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall's signature database has been updated? antivirus profile applied to outbound security policies data filtering profile applied to inbound security policies data filtering profile applied to outbound security policies vulnerability profile applied to inbound security policies.
Which update option is not available to administrators? New Spyware Notifications New URLs New Application Signatures New Malicious Domains New Antivirus Signatures.
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make? Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin.
How often does WildFire release dynamic updates? in realtime every 5 minutes every 15 minutes every 30 minutes.
What is the minimum frequency for which you can configure the firewall to check for new WildFire antivirus signatures? every 30 minutes every 5 minutes every 24 hours every 1 minute.
Your company has 10 Active Directory domain controllers spread across multiple WAN links. All users authenticate to Active Directory. Each link has substantial network bandwidth to support all mission-critical applications. The firewall's management plane is highly utilized.
Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks? Windows-based agent on a domain controller Captive Portal Citrix terminal server agent with adequate data-plane resources PAN-OS integrated agent.
DRAG DROP -
Arrange the correct order that the URL classifications are processed within the system.
Select and Place: first second third fourth fifth sixth.
What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a non-local account? authentication sequence LDAP server profile authentication server list authentication list profile.
Which Security Profile mitigates attacks based on packet count? zone protection profile URL filtering profile antivirus profile vulnerability profile.
Which interface type uses virtual routers and routing protocols? Tap Layer3 Virtual Wire Layer2.
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL? Override Allow Block Continue.
An internal host needs to connect through the firewall using source NAT to servers of the internet.
Which policy is required to enable source NAT on the firewall? NAT policy with internal zone and internet zone specified post-NAT policy with external source and any destination address NAT policy with no internal or internet zone selected pre-NAT policy with external source and any destination address.
Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet's source and destination IP addresses? DoS protection URL filtering packet buffering anti-spyware.
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.) Layer-ID User-ID QoS-ID App-ID.
Which path is used to save and load a configuration with a Palo Alto Networks firewall? Device>Setup>Services Device>Setup>Management Device>Setup>Operations Device>Setup>Interfaces.
DRAG DROP -
Match the network device with the correct User-ID technology.
Select and Place Microsoft exchange Linux authentication Windows Clients Citrix Clients.
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures? Review Policies Review Apps Pre-analyze Review App Matches.
How do you reset the hit count on a Security policy rule? Select a Security policy rule, and then select Hit Count > Reset. Reboot the data-plane. First disable and then re-enable the rule. Type the CLI command reset hitcount <POLICY-NAME>.
Given the topology, which zone type should you configure for firewall interface E1/1? Tap Tunnel Virtual Wire Layer3.
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall? Management High Availability Aggregate Aggregation.
Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones? intrazone interzone universal global.
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL? EDL in URL Filtering Profile Custom URL category in URL Filtering Profile Custom URL category in Security policy rule PAN-DB URL category in URL Filtering Profile.
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL? EDL in URL Filtering Profile Custom URL category in URL Filtering Profile Custom URL category in Security policy rule PAN-DB URL category in URL Filtering Profile.
Which data flow direction is protected in a zero-trust firewall deployment that is not protected in a perimeter-only firewall deployment? north-south inbound outbound east-west.
Which protocol is used to map usernames to user groups when User-ID is configured? TACACS+ SAML LDAP RADIUS.
Which definition describes the guiding principle of the zero-trust architecture? trust, but verify always connect and verify never trust, never connect never trust, always verify.
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.
Complete the two empty fields in the Security policy rules that permits only this type of access.
Source Zone: Internal -
Destination Zone: DMZ Zone -
Application: _________?
Service: ____________? Service = application-default Service = service-telnet Application = Telnet Application = any.
In which profile should you configure the DNS Security feature? Anti-Spyware Profile Zone Protection Profile Antivirus Profile URL Filtering Profile.
Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.) GlobalProtect agent XML API User-ID Windows-based agent log forwarding auto-tagging.
The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop. The malware contacted a known command- and-control server, which caused the infected laptop to begin exfiltrating corporate data.
Which security profile feature could have been used to prevent the communication with the command-and-control server? Create an anti-spyware profile and enable DNS Sinkhole feature Create an antivirus profile and enable its DNS Sinkhole feature. Create a URL filtering profile and block the DNS Sinkhole URL category Create a Data Filtering Profiles and enable its DNS Sinkhole feature.
You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane? virtual router Admin Role profile DNS proxy service route.
Which component provides network security for mobile endpoints by inspecting traffic routed through gateways? Prisma SaaS GlobalProtect AutoFocus Panorama.
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile? TACACS+ RADIUS LDAP SAML.
Which operations are allowed when working with App-ID application tags? Predefined tags may be deleted. Predefined tags may be augmented by custom tags. Predefined tags may be modified. Predefined tags may be updated by WildFire dynamic updates.
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilized.
Which User-ID agent is sufficient in your network? Windows-based agent deployed on each domain controller PAN-OS integrated agent deployed on the firewall Citrix terminal server agent deployed on the network Windows-based agent deployed on the internal network a domain member.
Which statement is true about a URL Filtering Profile’s continue password? There is a password per session. There is a password per firewall administrator account. There is a single, per-firewall password. There is a password per website.
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions? Role-based Multi-Factor Authentication Dynamic SAML.
Which statement is true regarding a Heatmap report? When guided by authorized sales engineer, it helps determine the areas of greatest security risk It runs only on firewalls. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture. It provides a percentage of adoption for each assessment area.
Based on the screenshot presented, which column contains the link that when clicked, opens a window to display all applications matched to the policy rule? Apps Allowed Service Name Apps Seen.
Access to which feature requires the PAN-OS Filtering license? PAN-DB database DNS Security Custom URL categories URL external dynamic lists.
Based on the screenshot, what is the purpose of the Included Groups? They are groups that are imported from RADIUS authentication servers. They are the only groups visible based on the firewall's credentials. They contain only the users you allow to manage the firewall. They are used to map users to groups.
Based on the graphic, which statement accurately describes the output shown in the Server Monitoring panel? The User-ID agent is connected to a domain controller labeled lab-client The host lab-client has been found by the User-ID agent. The host lab-client has been found by a domain controller. The User-ID agent is connected to the firewall labeled lab-client.
Which action results in the firewall blocking network traffic without notifying the sender? Drop Deny Reset Server Reset Client.
What do Dynamic User Groups help you to do? create a policy that provides auto-remediation for anomalous user behavior and malicious activity create a dynamic list of firewall administrators create a QoS policy that provides auto-remediation for anomalous user behavior and malicious activity create a policy that provides auto-sizing for anomalous user behavior and malicious activity.
Which link in the web interface enables a security administrator to view the Security policy rules that match new application signatures? Review App Matches Review Apps Pre-analyze Review Policies.
Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside zone? interzone-default internal-inside-dmz inside-portal egress-outside.
Which type of firewall configuration contains in-progress configuration changes? backup candidate running committed.
Which three configuration settings are required on a Palo Alto Network firewall management interface? (Choose three.) hostname netmask default gateway auto-negotiation IP address.
What is an advantage for using application tags? They are helpful during the creation of new zones. They help content updates automate policy updates. They help with the creation of interfaces. They help with the design of IP address allocations in DHCP.
At which point in the App-ID update process can you determine if an existing policy rule is affected by an App-ID update? after clicking Check Now in the Dynamic Update window after committing the firewall configuration after installing the update after downloading the update.
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection? Vulnerability Protection Profile applied to outbound Security policy rules. Anti-Spyware Profile applied to outbound security policies. Antivirus Profile applied to outbound Security policy rules Data Filtering Profile applied to outbound Security policy rules.
Which two statements are true regardi ng the candidate configuration? (Choose two.) It controls the current operation of the firewall It contains possible change s to the current configuration It can be reverted to the current configuration It always contains the factory default configuration.
True or false? The running config uration consists of configuration ch anges in progress but not active on the firewall true false .
When committing changes to a firewall, what is the result of clicking the Preview Changes link? shows any error messages that would appear during a commit lists the individual settings for which you are committing changes compares the candidate configuration to the running configuration displays any unresolved application dependencies .
True or false? The Export operations transfer configurations as XML-formatted files from the firewall true false.
When creating a custom admin role, which four types of privileges can be defined? (Choose four.) WebUI Panorama REST API Command Line Java API XML API .
True or false? Server Profiles de fine connections that the firewa ll can make to external servers. true false .
Global user authentication is supported by which three authentication services? (Choose three.) SAML LDAP RADIUS Certificate TACACS + .
True or false? Certificate-based authentication replaces all other forms of either local or external authentication. true false.
Which two items are supported routing protocols on a virtual router? (Choose two.) OSPF IGRP EGP BGP .
Which three interface types are valid on a Palo Alto Networks firewall? (Choose three.) FC Layer3 FCoE Tap Virtual wire .
Which two firewall interface types can be adde d to a Layer3-type security zone? (Choose two.) Tunnel Virtual wire Tap Loopback .
Which type of firewall interface enables passive monitoring of network traffic? Virtual wire Tap Loopback Tunnel .
True or false? A Layer 3 interface can be configured as a dual-stack with IPv4 and IPv6 addresses. true false.
Which two items are required to match criteria in a Palo Alto Networks S ecurity policy rule? (Choose two.) source zone destination zone destination address destination port .
Which type of Security policy rule is the default rule type? intrazone interzone universal default .
Which action in a Security policy rule results in traffic being silently rejected? deny drop reset server reset client .
True or false? Logging on intrazone-default and inte rzone-default Security polic y rules is enabled by default. true false.
NAT oversubscription is used in conj unction with which NAT translation type? static dynamic IP dynamic IP and port dynamic IP with session distribution .
Which source NAT type changes the course IP address while leaving the source port unchanged? Static IP Dynamic IP Dynamic IP and port .
When configuring a destination NAT Security policy, what destination address would you use? address of the web server address of the egress firewall interface address of the ingress firewall interface .
True or false? Source NAT is commonly used fo r private users to access the public internet. true false.
Which three methods does App-ID use to identify network traffic? (Choose three.) signatures protocol decoders heuristics URL category application filter match .
How would App-ID label TCP traffic when the thre e-way handshake completes but not enough data is sent to identify an application? not-applicable incomplete insufficient-data unknown-tcp .
True or false? When migration is done from another vendor’s firewall to a Palo Alto Networks firewall, a best practice is always to migrate the existing Security policy. true false .
True or false? If App-ID cannot identify the traffic, Content-ID cannot inspect the traffic for malware. true false .
When an Applications and Threats content update is performed, which is the earliest point you can review the impact of new application signatures on existing policies? after clicking Check Now after download after install after commit.
Which anti-spyware feature enables an administrator to quickly identify a potentially infected host on the network? data filtering log entry continue response page DNS sinkhole CVE number .
True or false? A Security Profile a ttached to a Security policy rule is ev aluated only if the Security policy rule matches traffic and the rule action is set to “allow.” true false .
A Zone Protection Profile is applied to which item? ingress ports Security policy rules egress ports Address Groups .
Network traffic matches an “allow” rule in the Security policy, but the attached File Blocking Profile is configured with a “block” action. To which two locations will the traffic be logged? (Choose two.) Threat log Traffic log Data Filtering log Alarms log .
Which profile type is designed to protect against reconnaissance attacks such as host sweeps and port scans? Ant-Spyware Data Filtering Zone Protection DoS Protection.
Which URL Filtering Profile action will result in a user being interactively prompted for a password? alert allow continue override .
According to best practices, which two URL filtering categories should be blocked in most URL Filtering Profiles? (Choose two.) high-risk medium-risk new-registered-domain adult .
Which three statements are true regarding Safe Search Enforcement? (Choose three.) Safe search is a web server setting. Safe search is a web browser setting. Safe search is a best-effort setting. Safe search is designed to block violent web content. Safe search works only in conjunc tion with credential submission websites. .
True or false? A URL Filtering license is not re quired to define and use custom URL categories. true false.
Which file type can a firewall send to WildFire when the firewall does not have a WildFire subscription? PDF JAR APK EXE .
Which WildFire verdict might indicate obtrusive behavior but not a security threat? benign grayware malware phishing .
True or false? When a malicious file or link is de tected in an email, WildFire can update antivirus signatures in the PAN-DB database. true false .
Assume you have a WildFire subscription. Which file state or condition might result in a file not being analyzed by WildFire? executable file signed by a trusted signer file size limit exceeded file already has WildFire hash file located in a JAR or RAR archive.
Which two statements are true regarding User-ID and firewall configuration? (Choose two) Communications between the firewall and the User-ID agent are sent over an encrypted SSL Connection The firewall needs to have information for every User-ID agent to which it will connect. NetBIOS is the only client probing method supported by the User-ID agent. The User-ID agent must be installed on the domain controller.
Which three items are valid choices when configuring the Source User field in a security policy rule (choose three.) all known-user any unknown none.
You must deploy the Windows-based User-ID agent to collect IP address-to-username mappings from a Windows AD domain controller. true false.
Which statement is true regarding User-ID and Security Policy rules? If the user associated with an IP address cannot be determined, all traffic from that address will be dropped. The Source User field can match only users, not groups The Source IP and Sourch User fields cannot be used in the same policy Users can be used in policy rules only if they are known by the firewall.
Which two types of activities does SSL/TLS decryp tion by the firewall helps to block? (Choose two.) malware introduction denial-of-service attacks sensitive data exfiltration protocol-based attacks .
True or false? CRL is consulted first if OCSP and CRL are configured on a firewall. true false .
Which type of firewall decryption requires the admin istrator to import a server certificate and a private key into the firewall? SSH decryption SSH tunnel decryption SSL Forward Proxy decryption SSL Inbound Inspection decryption .
True or false? The SSL forward untrust certificate shoul d not be trusted by the client but should still be a CA certificate. true false .
True or false? The firewall can still check for expired or untrusted certificates even if the SSL traffic is not decrypted. true false.
Which two actions affect all of the widgets in the Application Command Center? (Choose two.) setting a local filter setting a global filter setting a global search selecting a time range .
Which two firewall features to display information using widgets? (Choose two.) ACC Dashboard Traffic log botnet report .
True or false? You can customize the list of logs that are aggregated into the Unified log. true false .
Which three statements about the automated co rrelation engine are co rrect? (Choose three.) It detects possible infected hosts. It is available only in Panorama. It uses correlation objects as input. It outputs correlation events. It requires Cortex Data Lake. .
True or false? SNMP GET requests a firewall return operational statistics, and SNMP SET requests update the firewall configuration. true false .
Which three statements about the predefined reports are correct? (Choose three There are more than 40 predefined reports. They are generated daily by default. They are grouped into five categories. They are grouped into seven categories. There are minus than 40 predefined reports. .
Which operation is used by a GlobalProtect client to determine whether it should connect to an internal or external gateway? reverse DNS lookup user selection during agent startup IP address of the client system GlobalProtect agent starting in online or offline mode .
The GlobalProtect agent is available in which two formats? (Choose two.) dmg exe msi pkg .
True or false? If a GlobalProtect agent fails to establish an IPsec connection, the connection type will fall back to SSL-VPN. true false .
Which GlobalProtect component provides the manageme nt functions for the GlobalProtect infrastructure? agent internal gateway external gateway portal .
|
