- All Exams Instant Download
Where is information about packet buffer protection logged?
Where is information about packet buffer protection logged?A . Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log B. All entries are in the System log C. Alert entries are in the System log. Entries for dropped...
Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer?
Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer? A . Heartbeat Interval B. Additional Master Hold Up Time C. Promotion Hold Time D. Monitor Fall Hold Up TimeView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-timers
What are two best practices for incorporating new and modified App-IDs? (Choose two.)
What are two best practices for incorporating new and modified App-IDs? (Choose two.)A . Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs B. Configure a security policy rule to allow new App-IDs that might have network-wide impact C. Perform...
Given the screenshot, how did the firewall handle the traffic?
Given the screenshot, how did the firewall handle the traffic? A . Traffic was allowed by policy but denied by profile as encrypted. B. Traffic was allowed by policy but denied by profile as a threat. C. Traffic was allowed by profile but denied by policy as a threat. D....
What should the firewall administrator do to mitigate this type of attack?
A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone. What should the firewall administrator do to mitigate this type of attack?A . Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules...
What can be used to create dynamic address groups?
What can be used to create dynamic address groups?A . dynamic address B. region objects C. tags D. FODN addressesView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/use-dynamic-address-groups-in-policy
What are the next steps to migrate configuration from the firewalls to Panorama?
A company with already deployed Palo Alto firewalls has purchased their first Panorama server. The security team has already configured all firewalls with the Panorama IP address and added all the firewall serial numbers in Panorama. What are the next steps to migrate configuration from the firewalls to Panorama?A ....
What are two explanations for this type of issue?
After configuring HA in Active/Passive mode on a pair of firewalls the administrator gets a failed commit with the following details. What are two explanations for this type of issue? (Choose two)A . The peer IP is not included in the permit list on Management Interface Settings B. The Backup...
Which statement best describes the Automated Commit Recovery feature?
Which statement best describes the Automated Commit Recovery feature?A . It performs a connectivity check between the firewall and Panorama after every configuration commit on the firewall. It reverts the configuration changes on the firewall if the check fails. B. It restores the running configuration on a firewall and Panorama...
