- All Exams Instant Download
Which CLI command should the administrator use to obtain the packet capture for validating the configuration?
An administrator needs to troubleshoot a User-ID deployment. The administrator believes that there is an issue related to LDAP authentication. The administrator wants to create a packet capture on the management plane Which CLI command should the administrator use to obtain the packet capture for validating the configuration?A . >...
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three)
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three)A . Destination ZoneB . App-IDC . Custom URL CategoryD . User-IDE . Source InterfaceView AnswerAnswer: A,D,E
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?A . PAN-OS integrated User-ID agentB . LDAP Server Profile configurationC . GlobalProtectD . Windows-based User-ID agentView AnswerAnswer: A
Which GlobalProtect Client connect method requires the distribution and use of machine certificates?
Which GlobalProtect Client connect method requires the distribution and use of machine certificates?A . User-logon (Always on)B . At-bootC . On-demandD . Pre-logonView AnswerAnswer: D
During SSL decryption which three factors affect resource consumption1? (Choose three)
During SSL decryption which three factors affect resource consumption1? (Choose three)A . TLS protocol versionB . transaction sizeC . key exchange algorithmD . applications that use non-standard portsE . certificate issuerView AnswerAnswer: A,B,C Explanation: https://docs.paloaltonetworks.com/best-practices/8-1/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment.html
Which rule type controls end user SSL traffic to external websites?
Which rule type controls end user SSL traffic to external websites?A . SSL Outbound Proxyless InspectionB . SSL Forward ProxyC . SSL Inbound InspectionD . SSH ProxyView AnswerAnswer: C
In a Panorama template which three types of objects are configurable? (Choose three)
In a Panorama template which three types of objects are configurable? (Choose three)A . HIP objectsB . QoS profilesC . interface management profilesD . certificate profilesE . security profilesView AnswerAnswer: A,C,E
What are two benefits of nested device groups in Panorama? (Choose two.)
What are two benefits of nested device groups in Panorama? (Choose two.)A . Reuse of the existing Security policy rules and objectsB . Requires configuring both function and location for every deviceC . All device groups inherit settings form the Shared groupD . Overwrites local firewall configurationView AnswerAnswer: A,C Explanation:...
Which of the following statements is a best practice for SSL decryption?
An engineer is planning an SSL decryption implementation Which of the following statements is a best practice for SSL decryption?A . Obtain an enterprise CA-signed certificate for the Forward Trust certificateB . Obtain a certificate from a publicly trusted root CA for the Forward Trust certificateC . Use an enterprise...
When you configure a Layer 3 interface what is one mandatory step?
When you configure a Layer 3 interface what is one mandatory step?A . Configure Security profiles, which need to be attached to each Layer 3 interfaceB . Configure Interface Management profiles which need to be attached to each Layer 3 interfaceC . Configure virtual routers to route the traffic for...
