In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)
An internal host wants to connect to servers of the internet through using source NAT.
Which policy is required to enable source NAT on the firewall?
Given the detailed log information above, what was the result of the firewall traffic inspection?
Which license is required to use the Palo Alto Networks built-in IP address EDLs?
An administrator should filter NGFW traffic logs by which attribute column to determine if the entry is for the start or end of the session?
Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)
At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?
An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achieve this?
Match the Palo Alto Networks Security Operating Platform architecture to its description.
At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?
An address object of type IP Wildcard Mask can be referenced in which part of the configuration?
Which feature enables an administrator to review the Security policy rule base for unused rules?
In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?
In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)
An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choose two.)
Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?
Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?
Which file is used to save the running configuration with a Palo Alto Networks firewall?
What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)
Which Security policy action will message a user's browser that their web session has been terminated?
The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?
When creating a Panorama administrator type of Device Group and Template Admin, which two things must you create first? (Choose two.)
The administrator profile "SYS01 Admin" is configured with authentication profile "Authentication Sequence SYS01," and the authentication sequence SYS01 has a profile list with four authentication profiles:
• Auth Profile LDAP
• Auth Profile Radius
• Auth Profile Local
• Auth Profile TACACS
After a network outage, the LDAP server is no longer reachable. The RADIUS server is still reachable but has lost the "SYS01 Admin" username and password.
What is the "SYS01 Admin" login capability after the outage?
A systems administrator momentarily loses track of which is the test environment firewall and which is the production firewall. The administrator makes changes to the candidate configuration of the production firewall, but does not commit the changes. In addition, the configuration was not saved prior to
making the changes.
Which action will allow the administrator to undo the changes?
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?
Which two settings allow you to restrict access to the management interface? (Choose two )
Which objects would be useful for combining several services that are often defined together?
What two actions can be taken when implementing an exception to an External Dynamic List? (Choose two.)
An administrator needs to allow users to use only certain email applications.
How should the administrator configure the firewall to restrict users to specific email applications?
An administrator wishes to follow best practices for logging traffic that traverses the firewall
Which log setting is correct?
Given the topology, which zone type should zone A and zone B to be configured with?
What do you configure if you want to set up a group of objects based on their ports alone?
Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?
An administrator has an IP address range in the external dynamic list and wants to create an exception for one specific IP address in this address range.
Which steps should the administrator take?
An administrator would like to create a URL Filtering log entry when users browse to any gambling website. What combination of Security policy and Security profile actions is correct?
An administrator wants to prevent access to media content websites that are risky
Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)
Based on the network diagram provided, which two statements apply to traffic between the User and Server networks? (Choose two.)
A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR.
Which two types of traffic will the rule apply to? (Choose two)
Which path in PAN-OS 10.0 displays the list of port-based security policy rules?
Which solution is a viable option to capture user identification when Active Directory is not in use?
In the PAN-OS Web Interface, which is a session distribution method offered under NAT Translated Packet Tab to choose how the firewall assigns sessions?
An administrator would like to protect against inbound threats such as buffer overflows and illegal code execution.
Which Security profile should be used?
What is a default setting for NAT Translated Packets when the destination NAT translation is selected as Dynamic IP (with session distribution)?
Which object would an administrator create to enable access to all applications in the office-programs subcategory?
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?
You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?
An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone The administrator does not want to allow traffic between the DMZ and LAN zones.
Which Security policy rule type should they use?
Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?
View the diagram.
What is the most restrictive yet fully functional rule to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?
A)
B)
C)
D)
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)
Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall’s
data plane?
Which System log severity level would be displayed as a result of a user password change?
Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)
All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.
Complete the empty field in the Security policy using an application object to permit only this type of access.
Source Zone: Internal -
Destination Zone: DMZ Zone -
Application: __________
Service: application-default -
Action: allow
Based on the screenshot what is the purpose of the group in User labelled ''it"?
Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?
Which two DNS policy actions in the anti-spyware security profile can prevent hacking attacks through DNS queries to malicious domains? (Choose two.)
What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)
What are the two default behaviors for the intrazone-default policy? (Choose two.)
The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering “gambling” category.
Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the “gambling” URL category?
Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)
In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?
Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic
Which statement accurately describes how the firewall will apply an action to matching traffic?
Which Security policy set should be used to ensure that a policy is applied first?
In a security policy what is the quickest way to rest all policy rule hit counters to zero?
During the packet flow process, which two processes are performed in application identification? (Choose two.)
Which administrator type utilizes predefined roles for a local administrator account?
Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications
Which policy achieves the desired results?
A)
B)
C)
D)
In a File Blocking profile, which two actions should be taken to allow file types that support critical apps? (Choose two.)
Which two rule types allow the administrator to modify the destination zone? (Choose two )
Which Security policy action will message a user's browser thai their web session has been terminated?
Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?
What are three configurable interface types for a data-plane ethernet interface? (Choose three.)
What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)
Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)
Your company is highly concerned with their Intellectual property being accessed by unauthorized resources. There is a mature process to store and include metadata tags for all confidential documents.
Which Security profile can further ensure that these documents do not exit the corporate network?
An administrator manages a network with 300 addresses that require translation. The administrator configured NAT with an address pool of 240 addresses and found that connections from addresses that needed new translations were being dropped.
Which type of NAT was configured?
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choices to block the sameURL then which choice would be the last to block access to the URL?
What are three Palo Alto Networks best practices when implementing the DNS Security Service? (Choose three.)
How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?
Which Security profile should be applied in order to protect against illegal code execution?
Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains.
Which type of single unified engine will get this result?
Given the screenshot what two types of route is the administrator configuring? (Choose two )
Arrange the correct order that the URL classifications are processed within the system.
An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?