- All Exams Instant Download
Which statement is true about Panorama managed devices?
Which statement is true about Panorama managed devices?A . Panorama automatically removes local configuration locks after a commit from Panorama B. Local configuration locks prohibit Security policy changes for a Panorama managed device C. Security policy rules configured on local firewalls always take precedence D. Local configuration locks can be...
Which solution is a viable option to capture user identification when Active Directory is not in use?
Which solution is a viable option to capture user identification when Active Directory is not in use?A . Cloud Identity Engine B. group mapping C. Directory Sync Service D. Authentication PortalView AnswerAnswer: D
Which policy is required to enable source NAT on the firewall?
An internal host wants to connect to servers of the internet through using source NAT. Which policy is required to enable source NAT on the firewall?A . NAT policy with source zone and destination zone specified B. post-NAT policy with external source and any destination address C. NAT policy with...
What are three differences between security policies and security profiles? (Choose three.)
What are three differences between security policies and security profiles? (Choose three.)A . Security policies are attached to security profiles B. Security profiles are attached to security policies C. Security profiles should only be used on allowed traffic D. Security profiles are used to block traffic by themselves E. Security...
What is a recommended consideration when deploying content updates to the firewall from Panorama?
What is a recommended consideration when deploying content updates to the firewall from Panorama?A . Before deploying content updates, always check content release version compatibility. B. Content updates for firewall A/P HA pairs can only be pushed to the active firewall. C. Content updates for firewall A/A HA pairs need...
Which log setting is correct?
An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?A . Disable all logging B. Enable Log at Session End C. Enable Log at Session Start D. Enable Log at both Session Start and EndView AnswerAnswer: B Explanation: Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC
Which administrator type utilizes predefined roles for a local administrator account?
Which administrator type utilizes predefined roles for a local administrator account?A . Superuser B. Role-based C. Dynamic D. Device administratorView AnswerAnswer: C
What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?
What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?A . any supported Palo Alto Networks firewall or Prisma Access firewall B. an additional subscription free of charge C. a firewall device running with a minimum version of PAN-OS 10.1 D. an additional paid subscriptionView AnswerAnswer: A
Which Security policy rule will allow traffic to flow to the web server?
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server?A . Untrust (any) to DMZ (10.1.1.100), web browsing -Allow B. Untrust (any) to Untrust (1.1.1.100), web browsing -...
