ThinkPANEngen

Which method will dynamically register tags on the Palo Alto Networks NGFW?. Restful API or the VMWare API on the firewall or on the User-ID agent or the read-only domain controller (RODC). Restful API or the VMware API on the firewall or on the User-ID agent. XML-API or the VMware API on the firewall or on the User-ID agent or the CL. XML API or the VM Monitoring agent on the NGFW or on the User-ID agent.

The SSL Forward Proxy decryption policy is configured. The following four certificate authority (CA) certificates are installed on the firewall. An end-user visits the untrusted website https //www firewall-do-not-trust-website com. Which certificate authority (CA) certificate will be used to sign the untrusted webserver certificate?. Forward-Untrust-Certificate. Forward-Trust-Certificate. Firewall-CA. Firewall-Trusted-Root-CA.

Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?. No Direct Access to local networks. Satellite mode. Tunnel mode. IPSec mode.

What are two valid deployment options for Decryption Broker? (Choose two). Transparent Bridge Security Chain. Layer 3 Security Chain. Layer 2 Security Chain. Transparent Mirror Security Chain.

Which two statements are true for the DNS Security service? (Choose two.). It eliminates the need for dynamic DNS updates. It functions like PAN-DB and requires activation through the app portal. It removes the 100K limit for DNS entries for the downloaded DNS updates. It is automatically enabled and configured.

Place the steps in the WildFire process workflow in their correct order. The firewall hashes the file and look up a veredict in the WildFire database. However, the firewall does not find a match. Wildfire uses static analysis based on machine learning to analyze the file, in order to classify malicious features. Regardless on the veredict, Wildfire uses a heuristic engine to examine the file and determines that the file exhibits suspicious behavior. WildFire generates a new DNS, URL, categorization, and antivirus signatures for the new threat.

An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?. review the configuration logs on the Monitor tab. click Preview Changes under Push Scope. use Test Policy Match to review the policies in Panorama. context-switch to the affected firewall and use the configuration audit tool.

An administrator's device-group commit push is failing due to a new URL category. How should the administrator correct this issue?. update the Firewall Apps and Threat version to match the version of Panorama. change the new category action to "alert" and push the configuration again. ensure that the firewall can communicate with the URL cloud. verity that the URL seed tile has been downloaded and activated on the firewall.

A traffic log might list an application as "not-applicable" for which two reasons? (Choose two ). The firewall did not install the session. The TCP connection terminated without identifying any application data. The firewall dropped a TCP SYN packet. There was not enough application data after the TCP connection was established.

Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.). Create a no-decrypt Decryption Policy rule. Configure an EDL to pull IP addresses of known sites resolved from a CRL. Create a Dynamic Address Group for untrusted sites. Create a Security Policy rule with vulnerability Security Profile attached. Enable the "Block sessions with untrusted issuers" setting.

Which three statements accurately describe Decryption Mirror? (Choose three.). Decryption Mirror requires a tap interface on the firewall. Decryption, storage, inspection and use of SSL traffic are regulated in certain countries. Only management consent is required to use the Decryption Mirror feature. You should consult with your corporate counsel before activating and using Decryption Mirror in a production environment. Use of Decryption Mirror might enable malicious users with administrative access to the firewall to harvest sensitive information that is submitted via an encrypted channel.

Which three items are important considerations during SD-WAN configuration planning? (Choose three.). branch and hub locations. link requirements. the name of the ISP. IP Addresses. connection throughput.

Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.). log forwarding auto-tagging. XML API. GlobalProtect agent. User-ID Windows-based agent.

When configuring the firewall for packet capture, what are the valid stage types?. receive, management, transmit, and non-syn. receive, management, transmit, and drop. receive, firewall, send, and non-syn. receive, firewall, transmit, and drop.

Which statement is true regarding a Best Practice Assessment?. It shows how your current configuration compares to Palo Alto Networks recommendations. It runs only on firewalls. When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.

Which statement accurately describes service routes and virtual systems?. Virtual systems can only use one interface for all global service and service routes of the firewall. The interface must be used for traffic to the required external services. Virtual systems that do not have specific service routes configured inherit the global service and service route settings for the firewall. Virtual systems cannot have dedicated service routes configured: and virtual systems always use the global service and service route settings for the firewall.

Based on the graphic, which statement accurately describes the output shown in the Server Monitoring panel?. The User-ID agent is connected to a domain controller labeled lab-client. The host lab-client has been found by the User-ID agent. The host lab-client has been found by a domain controller. The User-ID agent is connected to the firewall labeled lab-client.

A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file named init-cfg.txt. The firewall is currently running PAN-OS 10.0 and using a lab config. The contents of init-cfg.txt in the USB flash drive are as follows: The USB flash drive has been inserted in the firewalls USB port, and the firewall has been restarted using command: > request restart system Upon restart, the firewall fails to begin the bootstrapping process. The failure is caused because: The bootstrap.xml file is a required file, but it is missing. Firewall must be in factory default state or have all private data deleted for bootstrapping. The hostname is a required parameter, but it is missing in init-cfg.txt. PAN-CS version must be 9.1.x at a minimum, but the firewall is running 10.0.x. The USB must be formatted using the ext3 file system. FAT32 is not supported.

An administrator wants to upgrade a firewall HA pair to PAN-OS 10.1. The firewalls are currently running PAN-OS 8.1.17. Which upgrade path maintains synchronization of the HA session (and prevents network outage)?. Upgrade directly to the target major version. Upgrade one major version at a time. Upgrade the HA pair to a base image. Upgrade two major versions at a time.

An administrator has configured PAN-OS SD-WAN and has received a request to find out the reason for a session failover for a session that has already ended. Where would you find this in Panorama or firewall logs?. Traffic Logs. System Logs. Session Browser. You cannot find failover details on closed sessions.

A customer is replacing their legacy remote access VPN solution. The current solution is in place to secure internet egress and provide access to resources located in the main datacenter for the connected clients. Prisma Access has been selected to replace the current remote access VPN solution. During onboarding the following options and licenses were selected and enabled - Prisma Access for Remote Networks 300Mbps - Prisma Access for Mobile Users 1500 Users - Cortex Data Lake 2TB - Trusted Zones trust - Untrusted Zones untrust - Parent Device Group shared What must be configured on Prisma Access to provide connectivity to the resources in the datacenter?. Configure a mobile user gateway in the region closest to the datacenter to enable connectivity to the datacenter. Configure a remote network to provide connectivity to the datacenter. Configure Dynamic Routing to provide connectivity to the datacenter. Configure a service connection to provide connectivity to the datacenter.

You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For Which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three). High. Medium. Critical. Informational. Low.

You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?. Create an Application Group and add Office 365, Evernote Google Docs and Libre Office. Create an Application Group and add business-systems to it. Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory. Create an Application Filter and name it Office Programs then filter on the business-systems category.

Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two). Dos Protection policy. QoS Profile. Zone Protection Profile. DoS Protection Profile.

Which benefit do policy rule UUIDs provide?. functionality for scheduling policy actions. the use of user IP mapping and groups in policies. cloning of policies between device-groups. an audit trail across a policy's lifespan.

During SSL decryption which three factors affect resource consumption1? (Choose three ). TLS protocol version. transaction size. key exchange algorithm. applications that use non-standard ports. certificate issuer.

How can an administrator configure the NGFW to automatically quarantine a device using GlobalProtect?. by adding the devices Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device. by exporting the list of quarantined devices to a pdf or csv file by selecting PDF/CSV at the bottom of the Device Quarantine page and leveraging the appropriate XSOAR playbook. by using security policies, log forwarding profiles, and log settings. there is no native auto-quarantine feature so a custom script would need to be leveraged.

The web server is reachable using a destination Nat policy in the Palo Alto Networks firewall. Which Zone Pair and Rule Type will allow a successful connection for a user on the internet zone to a web server hosted in the DMZ zone?. Source Zone: Internet Destination Zone: DMZ Rule Type: "intrazone". Source Zone: Internet Destination Zone: DMZ Rule Type: "intrazone" or "universal". Source Zone: Internet Destination Zone: Internet Rule Type: "interzone" or "universal". Source Zone: Internet Destination Zone: Internet Rule Type: "intrazone".

An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required. Which interface type would support this business requirement?. Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ. Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRP on subinterfaces only. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRP protocols). Layer 3 interfaces, but configuring EIGRP on the attached virtual router.

A security engineer needs firewall management access on a trusted interface. Which three settings are required on an SSL/TLS Service Profile to provide secure Web Ul authentication? (Choose three.). Authentication Algorithm. Encryption Algorithm. Certificate. Maximum TLS version. Minimum TLS version.

An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?. In the details of the Traffic log entries. Decryption log. Data Filtering log. In the details of the Threat log entries.

What are three tasks that cannot be configured from Panorama by using a template stack? (Choose three). configure a device block list. rename a vsys on a multi-vsys firewall. enable operational modes such as normal mode, multi-vsys mode, or FIPS-CC mode. add administrator accounts. change the firewall management IP address.

The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice. As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall. Which action and packet-capture setting for items of high severity and critical severity best matches Palo Alto Networks best practice'?. action 'reset-both' and packet capture 'extended-capture'. action 'default' and packet capture 'single-packet'. action 'reset-both' and packet capture 'single-packet'. action 'reset-server' and packet capture 'disable'.

Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.). inherit address-objects from templates. define a common standard template configuration for firewalls. standardize server profiles and authentication configuration across all stacks. standardize log-forwarding profiles for security polices across all stacks.

The following objects and policies are defined in a device group hierarchy. Dallas-Branch has Dallas-FW as a member of the Dallas-Branch device-group NYC-DC has NYC-FW as a member of the NYC-DC device-group What objects and policies will the Dallas-FW receive if "Share Unused Address and Service Objects" is enabled in Panorama?. Address Objects - Shared Address1 - Branch Address1 Policies - Shared Policy1 - Branch Policy1. Address Objects - Shared Address1 - Shared Address2 - Branch Address1 Policies - Shared Policy1 - Shared Policy2 - Branch Policy1. Address Objects - Shared Address1 - Shared Address2 - Branch Address1 - DC Address1 Policies - Shared Policy1 - Shared Policy2 - Branch Policy1. Address Objects - Shared Address1 - Shared Address2 - Branch Address1 Policies - Shared Policy1 - Branch Policy1.

In a security-first network what is the recommended threshold value for content updates to be dynamically updated?. 1 to 4 hours. 6 to 12 hours. 24 hours. 36 hours.

An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair. Which configuration will enable this HA scenario?. The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP. Each firewall will have a separate floating IP, and priority will determine which firewall has the primary IP. The firewalls do not use floating IPs in active/active HA. The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.

While troubleshooting an SSL Forward Proxy decryption issue, which PAN-OS CLI command would you use to check the details of the end entity certificate that is signed by the Forward Trust Certificate or Forward Untrust Certificate?. show system setting ssl-decrypt certs. show system setting ssl-decrypt certificate. debug dataplane show ssl-decrypt ssl-stats. show system setting ssl-decrypt certificate-cache.

when two events might trigger an automatic commit recovery if the event caused the connection with Panorama to breack? (Choose two). an aggregate Ethernet interface component fails. Panorama pushes a configuration. a firewall HA pair fails over. a firewall performs a local commit.

An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version. What is considered best practice for this scenario?. Perform the Panorama and firewall upgrades simultaneously. Upgrade the firewall first wait at least 24 hours and then upgrade the Panorama version. Upgrade Panorama to a version at or above the target firewall version. Export the device state perform the update, and then import the device state.

Refer to the exhibit. Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?. ethernet1/6. ethernet1/3. ethernet1/7. ethernet1/5.

Which two statements are true about DoS Protection and Zone Protection Profiles? (Choose two). Zone Protection Profiles protect ingress zones. Zone Protection Profiles protect egress zones. DoS Protection Profiles are packet-based, not signature-based. DoS Protection Profiles are linked to Security policy rules.

Refer to the diagram. An administrator needs to create an address object that will be useable by the NYC. MA, CA and WA device groups. Where will the object need to be created within the device-group hierarchy?. Americas. US. East. West.

SSL Forward Proxy decryption is configured but the firewall uses Untrusted-CA to sign the website https //www important-website com certificate End-users are receiving me "security certificate is not trusted is warning Without SSL decryption the web browser shows that the website certificate is trusted and signed by a well-known certificate chain Well-Known-lntermediate and Well-Known-Root-CA. The network security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled: 1 End-users must not get the warning for the https://www.very-important-website.com website. 2 End-users should get the warning for any other untrusted website Which approach meets the two customer requirements?. Navigate to Device > Certificate Management > Certificates > Device Certificates, import Well-Known-lntermediate-CA and Well-Known-Root-CA select the Trusted Root CA checkbox and commit the configuration. Install the Well-Known-lntermediate-CA and Well-Known-Root-CA certificates on all end-user systems m the user and local computer stores. Navigate to Device > Certificate Management > Certificates > Default Trusted Certificate Authorities, import Well-Known-intermediate-CA and Well-Known-Root-CA select the Trusted Root CA check box and commit the configuration. Clear the Forward Untrust Certificate check box on the Untrusted-CA certificate and commit the configuration.

A superuser is tasked with creating administrator accounts for three contractors. For compliance purposes, all three contractors will be working with different device-groups in their hierarchy to deploy policies and objects. Which type of role-based access is most appropriate for this project?. Create a Dynamic Admin with the Panorama Administrator role. Create a Custom Panorama Admin. Create a Device Group and Template Admin. Create a Dynamic Read only superuser.

Given the following snippet of a WildFire submission log. did the end-user get access to the requested information and why or why not?. Yes. because the action is set to "allow''. No because WildFire categorized a file with the verdict "malicious". Yes because the action is set to "alert". No because WildFire classified the seventy as "high.".

To support a new compliance requirement, your company requires positive username attribution of every IP address used by wireless devices. You must collect IP address-to-username mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufacturers. Given the scenario, choose the option for sending IP address-to-username mappings to the firewall. UID redistribution. RADIUS. syslog listener. XFF headers.

SAML SLO is supported for which two firewall features? (Choose two.). GlobalProtect Portal. CaptivePortal. WebUI. CLI.

An administrator has a PA-820 firewall with an active Threat Prevention subscription. The administrator is considering adding a WildFire subscription. How does adding the WildFire subscription improve the security posture of the organization1?. Protection against unknown malware can be provided in near real-time. WildFire and Threat Prevention combine to provide the utmost security posture for the firewall. After 24 hours WildFire signatures are included in the antivirus update. WildFire and Threat Prevention combine to minimize the attack surface.

PBF can address which two scenarios? (Select Two). forwarding all traffic by using source port 78249 to a specific egress interface. providing application connectivity the primary circuit fails. enabling the firewall to bypass Layer 7 inspection. routing FTP to a backup ISP link to save bandwidth on the primary ISP link.

A variable name must start with which symbol?. $. &. #. !.

Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a "No Decrypt" action? (Choose two.). Block sessions with expired certificates. Block sessions with client authentication. Block sessions with unsupported cipher suites. Block sessions with untrusted issuers. Block credential phishing.

An administrator cannot see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports. The configuration problem seems to be on the firewall. Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama?.

What are two best practices for incorporating new and modified App-IDs? (Choose two.). Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs. Configure a security policy rule to allow new App-IDs that might have network-wide impact. Perform a Best Practice Assessment to evaluate the impact of the new or modified App-IDs. Study the release notes and install new App-IDs if they are determined to have low impact.

An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used. After looking at the configuration, the administrator believes that the firewall is not using a static route. What are two reasons why the firewall might not use a static route? (Choose two.). no install on the route. duplicate static route. path monitoring on the static route. disabling of the static route.

What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram?. IP Netmask. IP Wildcard Mask. IP Address. IP Range.

As a best practice, which URL category should you target first for SSL decryption?. Online Storage and Backup. High Risk. Health and Medicine. Financial Services.

Drag and Drop Question Based on PANW Best Practices for Planning DoS and Zone Protection, match each type of DoS attack to an example of that type of attack. application-based attack. Protocol-bases attack. volumetric attack.

monitoring and security management platforms. The network team has reported excessive traffic on the corporate WAN. How could the Palo Alto Networks NGFW administrator reduce WAN traffic while maintaining support for all existing monitoring platforms?. Forward logs from firewalls only to Panorama and have Panorama forward logs to other external services. Forward logs from external sources to Panorama for correlation, and from Panorama send them to the NGFW. Configure log compression and optimization features on all remote firewalls. Any configuration on an M-500 would address the insufficient bandwidth concerns.

When deploying PAN-OS SD-WAN, which routing protocol can you use to build a routing overlay?. OSPFv3. BGP. OSPF. RIP.

A customer is replacing its legacy remote-access VPN solution. Prisma Access has been selected as the replacement. During onboarding, the following options and licenses were selected and enabled: - Prisma Access for Remote Networks: 300Mbps - Prisma Access for Mobile Users: 1500 Users - Cortex Data Lake: 2TB - Trusted Zones: trust - Untrusted Zones: untrust - Parent Device Group: shared The customer wants to forward to a Splunk SIEM the logs that are generated by users that are connected to Prisma Access for Mobile Users. Which two settings must the customer configure? (Choose two.). Configure Panorama Collector group device log forwarding to send logs to the Splunk syslog server. Configure Cortex Data Lake log forwarding and add the Splunk syslog server. Configure a log forwarding profile and select the Panorama/Cortex Data Lake checkbox. Apply the Log Forwarding profile to all of the security policy rules in Mobile_User_Device_Group. Configure a Log Forwarding profile, select the syslog checkbox, and add the Splunk syslog server. Apply the Log Forwarding profile to all of the security policy rules in the Mobile_User_Device_Group.

An administrator needs to troubleshoot a User-ID deployment. The administrator believes that there is an issue related to LDAP authentication. The administrator wants to create a packet capture on the management plane. Which CLI command should the administrator use to obtain the packet capture for validating the configuration?. > ftp export mgmt-pcap from mgmt.pcap to <FTP host>. > scp export mgmt-pcap from mgmt.pcap to (username@host:path). > scp export poap-mgmt from poap.mgmt to (username@host:path). > scp export pcap from pcap to (usernameQhost:path).

In a device group, which two configuration objects are defined? (Choose two ). DNS Proxy. address groups. SSL/TLS profiles. URL Filtering profiles.

An engineer is creating a security policy based on Dynamic User Groups (DUG) What benefit does this provide?. Automatically include users as members without having to manually create and commit policy or group changes. DUGs are used to only allow administrators access to the management interface on the Palo Alto Networks firewall. It enables the functionality to decrypt traffic and scan for malicious behaviour for User-ID based policies. Schedule commits at a regular intervals to update the DUG with new users matching the tags specified.

When you configure an active/active high availability pair which two links can you use? (Choose two). HA2 backup. HA3. Console Backup. HSCI-C.

What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?. It keeps trying to establish an IPSec tunnel to the GlobalProtect gateway. It stops the tunnel-establishment processing to the GlobalProtect gateway immediately. It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS. It tries to establish a tunnel to the GlobalProtect portal using SSL/TLS.

Users within an enterprise have been given laptops that are joined to the corporate domain. In some cases, IT has also deployed Linux-based OS systems with a graphical desktop. Information Security needs IP-to-user mapping, which it will use in group-based policies that will limit internet access for the Linux desktop users. Which method can capture IP-to-user mapping information for users on the Linux machines?. You can configure Captive Portal with an authentication policy. IP-to-user mapping for Linux users can only be learned if the machine is joined to the domain. You can set up a group-based security policy to restrict internet access based on group membership. You can deploy the User-ID agent on the Linux desktop machines.

SD-WAN is designed to support which two network topology types? (Choose two.). point-to-point. hub-and-spoke. full-mesh. ring.

Which three options are supported in HA Lite? (Choose three.). Virtual link. Active/passive deployment. Synchronization of IPsec security associations. Configuration synchronization. Session synchronization.

Which configuration task is best for reducing load on the management plane?. Disable logging on the default deny rule. Enable session logging at start. Disable pre-defined reports. Set the URL filtering action to send alerts.

A network-security engineer attempted to configure a bootstrap package on Microsoft Azure, but the virtual machine provisioning process failed. In reviewing the bootstrap package, the engineer only had the following directories: /config, /license and /software. Why did the bootstrap process fail for the VM-Series firewall in Azure?. All public cloud deployments require the /plugins folder to support proper firewall native integrations. The /content folder is missing from the bootstrap package. The VM-Series firewall was not pre-registered in Panorama and prevented the bootstrap process from successfully completing. The /config or /software folders were missing mandatory files to successfully bootstrap.

A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket. The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The user is getting no error response on the system. Where is the best place to validate if the firewall is blocking the user's TAR file?. Threat log. Data Filtering log. WildFire Submissions log. URL Filtering log.

A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?. certificate authority (CA) certificate. client certificate. machine certificate. server certificate.

A standalone firewall with local objects and policies needs to be migrated into Panoram. What procedure should you use so Panorama is fully managing the firewall?. Use the "import Panorama configuration snapshot" operation, then perform a device-group commit push with "include device and network templates". Use the "import device configuration to Panorama" operation, then "export or push device config bundle" to push the configuration. Use the "import Panorama configuration snapshot" operation, then "export or push device config bundle" to push the configuration. Use the "import device configuration to Panorama" operation, then perform a device-group commit push with "include device and network templates".

Which feature must you configure to prevent users form accidentally submitting their corporate credentials to a phishing website?. URL Filtering profile. Zone Protection profile. Anti-Spyware profile. Vulnerability Protection profile.