|An administrator cannot see any if the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct? A B C D.
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time? Configure the option for "Threshold". Disable automatic updates during weekdays. Automatically "download only" and then install Applications and Threats later, after the administrator approves the update. Automatically "download and install" but with the "disable new applications" option used.
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage Security policy rule allowing SSL to the target server Firewall connectivity to a CRL Root certificate imported into the firewall with "Trust" enabled Importation of a certificate from an HSM.
Decrypted packets from the website https://www.microsoft.com will appear as which application and service within the Traffic log? web-browsing and 443 SSL and 80 SSL and 443 web-browsing and 80.
A Security policy rule is configured with a Vulnerability Protection Profile and an action of `Deny". Which action will this cause configuration on the matched traffic? The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to "Deny". The configuration will allow the matched session unless a vulnerability is detected. The "Deny" action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile. The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit. The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to "Deny.".
A user's traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http://www.company.com.
How can the firewall be configured automatically disable the PBF rule if the next hop goes down? Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question. Enable and configure a Link Monitoring Profile for the external interface of the firewall. Configure path monitoring for the next hop gateway on the default route in the virtual router.
A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.
Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080. application: web-browsing; service: application-default application: web-browsing; service: service-https application: ssl; service: any application: web-browsing; service: (custom with destination TCP port 8080).
A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correctly categorize their custom database application? (Choose two.) Application Override policy. Security policy to identify the custom application. Custom application. Custom Service object.
An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 188.8.131.52 port 80/TCP needs to be forwarded to the server at 10.1.1.22
Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly? A B C D.
If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft? Mapping to the IP address of the logged-in user. First four letters of the username matching any valid corporate username. Using the same user's corporate username and password. Marching any valid corporate username.
The firewall identifies a popular application as an unknown-tcp.
Which two options are available to identify the application? (Choose two.) Create a custom application. Create a custom object for the custom application server to identify the custom application Submit an App-ID request to Palo Alto Networks. Create a Security policy to identify the custom application.
Which two features does PAN-OS® software use to identify applications? (Choose two.) Transaction characteristics Session number port number application layer payload.
Which operation will impact performance of the management plane? DoS protection WildFire submissions generating a SaaS Application report decrypting SSL sessions.
Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updates while applying only new content-IDs to traffic? Select download-and-install Select download-only Select download-and-install, with "Disable new apps in content update" selected Select disable application updates and select "Install only Threat updates".