- All Exams Instant Download
Which is not a valid reason for receiving a decrypt-cert-validation error?
Which is not a valid reason for receiving a decrypt-cert-validation error?A . Unsupported HSMB . Unknown certificate statusC . Client authenticationD . Untrusted issuerView AnswerAnswer: A
Which Decryption Broker security chain supports bi-directional traffic flow?
An engineer must configure the Decryption Broker feature Which Decryption Broker security chain supports bi-directional traffic flow?A . Layer 2 security chainB . Layer 3 security chainC . Transparent Bridge security chainD . Transparent Proxy security chainView AnswerAnswer: B Explanation: Together, the primary and secondary interfaces form a pair of...
Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama?
An administrator cannot see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports. The configuration problem seems to be on the firewall. Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama? A) B) C) D) A...
Which certificate can be used as the Forward Trust certificate?
Refer to the exhibit. Which certificate can be used as the Forward Trust certificate?A . Domain Sub-CAB . Domain-Root-CertC . Certificate from Default Trusted Certificate AuthoritiesD . Forward-TrustView AnswerAnswer: D
Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?
An engineer must configure a new SSL decryption deployment Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?A . There must be a certificate with both the Forward Trust option and Forward Untrust option selectedB . A Decryption profile must be attached...
A variable name must start with which symbol?
A variable name must start with which symbol?A . $B . &C . !D . #View AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/manage-firewalls/manage-templates-and-template-stacks/configure-template-or-template-stack-variables.html
Before doing so, what must the administrator consider?
An administrator wants to enable zone protection Before doing so, what must the administrator consider?A . Activate a zone protection subscription.B . To increase bandwidth no more than one firewall interface should be connected to a zoneC . Security policy rules do not prevent lateral movement of traffic between zonesD...
Which type of certificate should the administrator use?
A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?A . certificate authority (CA) certificateB . client certificateC . machine certificateD . server certificateView AnswerAnswer: A
Updates to dynamic user group membership are automatic therefore using dynamic user groups instead of static group objects allows you to:
Updates to dynamic user group membership are automatic therefore using dynamic user groups instead of static group objects allows you to:A . respond to changes in user behavior or potential threats using manual policy changesB . respond to changes in user behavior or potential threats without automatic policy changesC ....
Which Panorama tool can help this organization?
An organization has recently migrated its infrastructure and configuration to NGFWs, for which Panorama manages the devices. The organization is coming from a L2-L4 firewall vendor, but wants to use App-ID while identifying policies that are no longer needed Which Panorama tool can help this organization?A . Config AuditB ....
