Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?A . Deny application facebook-chat before allowing application facebookB . Deny application facebook on topC . Allow application facebook on topD . Allow application facebook before denying application facebook-chat View Answer Answer: A Explanation: Reference: https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat-Consistently/ta-p/115673...
How does Panorama prompt VMWare NSX to quarantine an infected VM?
How does Panorama prompt VMWare NSX to quarantine an infected VM?A . HTTP Server ProfileB . Syslog Server ProfileC . Email Server ProfileD . SNMP Server Profile View Answer Answer: A...
Which configuration will enable this HA scenario?
An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair. Which configuration will enable this HA scenario? A. The two firewalls will share a single floating IP and will use...
Continue readingIf the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft?
If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft?A . Mapping to the IP address of the logged-in user.B . First four letters of the username matching any valid corporate username.C . Using the same user’s corporate username and password.D...
Continue readingWhich action would enable the firewalls to send their pre-existing logs to Panorama?
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables log forwarding from the firewalls to Panoram A. Pre-existing logs from the firewalls are not appearing in Panoram A. Which action would enable the firewalls to send their pre-existing logs to...
Continue readingWhich three steps will reduce the CPU utilization on the management plane? (Choose three.)
Which three steps will reduce the CPU utilization on the management plane? (Choose three.)A . Disable SNMP on the management interface.B . Application override of SSL application.C . Disable logging at session start in Security policies.D . Disable predefined reports.E . Reduce the traffic being decrypted by the firewall. View Answer Answer: A,C,D Explanation:...
Continue readingWhich feature can provide NGFWs with User-ID mapping information?
Which feature can provide NGFWs with User-ID mapping information?A . GlobalProtectB . Web CaptchaC . Native 802.1q authenticationD . Native 802.1x authentication View Answer Answer: A...
How quickly will the firewall receive back a verdict?
A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes. How quickly will the firewall receive back a verdict?A . More than 15 minutesB . 5 minutesC . 10 to 15 minutesD . 5...
Continue readingWhich administrative authentication method supports authorization by an external service?
Which administrative authentication method supports authorization by an external service?A . CertificatesB . LDAPC . RADIUSD . SSH keys View Answer Answer: C...
Which DoS protection mechanism detects and prevents session exhaustion attacks?
Which DoS protection mechanism detects and prevents session exhaustion attacks?A . Packet Based Attack ProtectionB . Flood ProtectionC . Resource ProtectionD . TCP Port Scan Protection View Answer Answer: C Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/dos-protection-profiles...