You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?
What are three configurable interface types for a data-plane ethernet interface? (Choose three.)
An administrator is updating Security policy to align with best practices.
Which Policy Optimizer feature is shown in the screenshot below?
Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?
Which interface type can use virtual routers and routing protocols?
To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?
By default, which action is assigned to the interzone-default rule?
Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?
What are two valid selections within an Anti-Spyware profile? (Choose two.)
How does the Policy Optimizer policy view differ from the Security policy view?
Which definition describes the guiding principle of the zero-trust architecture?
Which User Credential Detection method should be applied within a URL Filtering Security profile to check for the submission of a valid corporate username and the associated password?
Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?
An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choose two.)
What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)
Based on the security policy rules shown, ssh will be allowed on which port?
Within a WildFire Analysis Profile, what match criteria can be defined to forward samples for analysis?
Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?
Which type firewall configuration contains in-progress configuration changes?
Which operations are allowed when working with App-ID application tags?
What is a recommended consideration when deploying content updates to the firewall from Panorama?
An administrator is reviewing the Security policy rules shown in the screenshot below.
Which statement is correct about the information displayed?
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?
What is a prerequisite before enabling an administrative account which relies on a local firewall user database?
You need to allow users to access the office–suite application of their choice. How should you configure the firewall to allow access to any office-suite application?
What Policy Optimizer policy view differ from the Security policy do?
Match each rule type with its example
Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?
In the example security policy shown, which two websites fcked? (Choose two.)
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?
Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?
What is used to monitor Security policy applications and usage?
Given the topology, which zone type should zone A and zone B to be configured with?
Where within the firewall GUI can all existing tags be viewed?
Which statement is true regarding a Prevention Posture Assessment?
Which rule type is appropriate for matching traffic both within and between the source and destination zones?
Which option is part of the content inspection process?
Prior to a maintenance-window activity, the administrator would like to make a backup of only the running configuration to an external location.
What command in Device > Setup > Operations would provide the most operationally efficient way to achieve this outcome?
Which Security policy action will message a user's browser thai their web session has been terminated?
The Palo Alto Networks NGFW was configured with a single virtual router named VR-1 What changes are required on VR-1 to route traffic between two interfaces on the NGFW?
Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?
What are three factors that can be used in domain generation algorithms? (Choose three.)
What do you configure if you want to set up a group of objects based on their ports alone?
Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?
By default, what is the maximum number of templates that can be added to a template stack?
Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website
How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?
Access to which feature requires PAN-OS Filtering licens?
In a File Blocking profile, which two actions should be taken to allow file types that support critical apps? (Choose two.)
What action will inform end users when their access to Internet content is being restricted?
To what must an interface be assigned before it can process traffic?
What is the maximum volume of concurrent administrative account sessions?
How do you reset the hit count on a security policy rule?
How are Application Fillers or Application Groups used in firewall policy?
Which statement best describes the use of Policy Optimizer?
Which Security profile can you apply to protect against malware such as worms and Trojans?
Match each feature to the DoS Protection Policy or the DoS Protection Profile.
Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )
The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.
Which Security profile feature could have been used to prevent the communications with the command-and-control server?
An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value.
What type of Security policy rule is created?
Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?
What is a function of application tags?
An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.
What should the administrator do?
What is a recommended consideration when deploying content updates to the firewall from Panorama?
Which Security policy action will message a user's browser that their web session has been terminated?
Within an Anti-Spyware security profile, which tab is used to enable machine learning based engines?
Which protocol used to map username to user groups when user-ID is configured?
The administrator profile "SYS01 Admin" is configured with authentication profile "Authentication Sequence SYS01," and the authentication sequence SYS01 has a profile list with four authentication profiles:
• Auth Profile LDAP
• Auth Profile Radius
• Auth Profile Local
• Auth Profile TACACS
After a network outage, the LDAP server is no longer reachable. The RADIUS server is still reachable but has lost the "SYS01 Admin" username and password.
What is the "SYS01 Admin" login capability after the outage?
Which profile should be used to obtain a verdict regarding analyzed files?
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?
Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications
Which policy achieves the desired results?
A)
B)
C)
D)
Based on the screenshot what is the purpose of the included groups?
Based on the network diagram provided, which two statements apply to traffic between the User and Server networks? (Choose two.)
Where in the PAN-OS GUI can an administrator monitor the rule usage for a specified period of time?
How frequently can wildfire updates be made available to firewalls?
An administrator is configuring a NAT rule
At a minimum, which three forms of information are required? (Choose three.)
An administrator wants to enable access to www.paloaltonetworks.com while denying access to all other sites in the same category.
Which object should the administrator create to use as a match condition for the security policy rule that allows access to www.paloaltonetworks.com?
Which path in PAN-OS 10.0 displays the list of port-based security policy rules?
Place the following steps in the packet processing order of operations from first to last.
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.
Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP –to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.
A Security Profile can block or allow traffic at which point?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains.
Which type of single unified engine will get this result?
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?
A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?
When is the content inspection performed in the packet flow process?
Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?
What is the default action for the SYN Flood option within the DoS Protection profile?
What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?
Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?
What is an advantage for using application tags?
An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action (or the profile. If a virus gets detected, how wilt the firewall handle the traffic?
If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?
A)
B)
C)
D)
Which action can be performed when grouping rules by group tags?
In which two types of NAT can oversubscription be used? (Choose two.)
An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?
An organization has some applications that are restricted for access by the Human Resources Department only, and other applications that are available for any known user in the organization.
What object is best suited for this configuration?
Which two statements are correct about App-ID content updates? (Choose two.)
Why does a company need an Antivirus profile?
Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?
What is the best-practice approach to logging traffic that traverses the firewall?
Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?
Which type of address object is www.paloaltonetworks.com?
A website is unexpectedly allowed due to miscategorization.
What are two way-s to resolve this issue for a proper response? (Choose two.)
Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)
Identify the correct order to configure the PAN-OS integrated USER-ID agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent
What are three ways application characteristics are used? (Choose three.)
