- All Exams Instant Download
Which Panorama objects restrict administrative access to specific device-groups?
Which Panorama objects restrict administrative access to specific device-groups?A . templatesB . admin rolesC . access domainsD . authentication profilesView AnswerAnswer: C
In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)
In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)A . wildcard server certificateB . enterprise CA certificateC . client certificateD . server certificateE . self-signed CA certificateView AnswerAnswer: B,E
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)A . TACACS+B . KerberosC . PAPD . LDAPE . SAMLF . RADIUSView AnswerAnswer: B,D,E Explanation: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication
What are two reasons why the firewall might not use a static route"?
An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used After looking at the configuration, the administrator believes that the firewall is not using a static route What are two reasons why the firewall might not use a static route"? (Choose...
Which upgrade path maintains synchronization of the HA session (and prevents network outage)?
An administrator wants to upgrade a firewall HA pair to PAN-OS 10.1. The firewalls are currently running PAN-OS 8.1.17. Which upgrade path maintains synchronization of the HA session (and prevents network outage)?A . Upgrade directly to the target major versionB . Upgrade one major version at a timeC . Upgrade...
PBF can address which two scenarios? (Select Two)
PBF can address which two scenarios? (Select Two)A . forwarding all traffic by using source port 78249 to a specific egress interfaceB . providing application connectivity the primary circuit failsC . enabling the firewall to bypass Layer 7 inspectionD . routing FTP to a backup ISP link to save bandwidth...
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)A . the website matches a category that is not allowed for most usersB . the website matches a high-risk categoryC . the web server requires mutual authenticationD . the website matches...
How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?
A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks. How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?A . Define a...
In a firewall, which three decryption methods are valid? (Choose three)
In a firewall, which three decryption methods are valid? (Choose three)A . SSL Inbound InspectionB . SSL Outbound Proxyless InspectionC . SSL Inbound ProxyD . Decryption MirrorE . SSH ProxyView AnswerAnswer: A,D,E
The end-user's browser will show that the certificate for www example-website com was issued by which of the following?
A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (Cas) i. Enterprise-Trusted-CA; which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system) ii. Enterpnse-Untrusted-CA, which is verified as Forward Untrust...
