- All Exams Instant Download
How can an administrator configure the NGFW to automatically quarantine a device using GlobalProtect?
How can an administrator configure the NGFW to automatically quarantine a device using GlobalProtect?A . by adding the device's Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined deviceB . by using secunty policies, log forwarding profiles, and...
Which is not a valid reason for receiving a decrypt-cert-validation error?
Which is not a valid reason for receiving a decrypt-cert-validation error?A . Unsupported HSMB . Unknown certificate statusC . Client authenticationD . Untrusted issuerView AnswerAnswer: A
Which method will dynamically register tags on the Palo Alto Networks NGFW?
Which method will dynamically register tags on the Palo Alto Networks NGFW?A . Restful API or the VMWare API on the firewall or on the User-ID agent or the read-only domain controller (RODC)B . Restful API or the VMware API on the firewall or on the User-ID agentC . XML-API...
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)A . TACACS+B . KerberosC . PAPD . LDAPE . SAMLF . RADIUSView AnswerAnswer: AEF Explanation: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication
Which Security policy rule will allow traffic to flow to the web server?
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server?A . Untrust (any) to Untrust (10. 1.1. 100), web browsing C AllowB . Untrust (any) to Untrust (1....
SAML SLO is supported for which two firewall features? (Choose two.)
SAML SLO is supported for which two firewall features? (Choose two.)A . GlobalProtect PortalB . CaptivePortalC . WebUID . CLIView AnswerAnswer: A, C
Which solution in PAN-OS® software would help in this case?
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS® software would help in this case?A . application overrideB . Virtual Wire modeC . content inspectionD . redistribution of user mappingsView AnswerAnswer: D Explanation:...
If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?
If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?A . TLS Bidirectional InspectionB . SSL Inbound InspectionC . SSH Forward ProxyD . SMTP Inbound DecryptionView AnswerAnswer: B Explanation: Reference:...
How would an administrator configure the interface to 1Gbps?
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch port which it connects. How would an administrator configure the interface to 1Gbps?A . set deviceconfig interface speed-duplex 1Gbps-full-duplexB . set deviceconfig system speed-duplex 1Gbps-duplexC . set deviceconfig system speed-duplex 1Gbps-full-duplexD . set deviceconfig Interface...
Which one is the correct configuration?
To more easily reuse templates and template slacks, you can create term plate variables in place of firewall-specific and appliance-specific IP literals in your configurations Which one is the correct configuration?A . @PanoramaB . #PancramaC . &PanoramaD . $PanoramaView AnswerAnswer: D
