A customer with a fully licensed Palo Alto Networks firewall is concerned about threats based on domain generation algorithms (DGAS).
Which Security profile is used to configure Domain Name Security (DNS) to Identity and block previously unknown DGA-based threats in real time?
- A . URL Filtering profile
- B . WildFire Analysis profile
- C . Vulnerability Protection profile
- D . Anti-Spyware profile
Which two features are key in preventing unknown targeted attacks? (Choose two)
- A . nighty botnet report
- B . App-ID with the Zero Trust model
- C . WildFire Cloud threat analysis
- D . Single Pass Parallel Processing (SP3)
What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?
- A . Run a Perl script to regularly check for updates and alert when one is released
- B . Monitor update announcements and manually push updates to Crewall
- C . Store updates on an intermediary server and point all the firewalls to it
- D . Use dynamic updates with the most aggressive schedule required by business needs
Which three actions should be taken before deploying a firewall evaluation unt in a customer environment? (Choose three.)
- A . Request that the customer make part 3978 available to allow the evaluation unit to communicate with Panorama
- B . Inform the customer that a SPAN port must be provided for the evaluation unit, assuming a TAP mode deployment.
- C . Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned.
- D . Set expectations for information being presented in the Security Lifecycle Review (SLR) because personal user information will be made visible
- E . Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed
When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?
- A . X-Forwarded-For
- B . HTTP method
- C . HTTP response status code
- D . Content type
Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?
- A . Security policy rule
- B . Tag
- C . Login ID
- D . IP address
In Panorama, which three reports or logs will help identify the inclusion of a host source in a command-and-control (C2) incident? (Choose three.)
- A . SaaS reports
- B . data filtering logs
- C . WildFire analysis reports
- D . threat logs
- E . botnet reports
The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?
- A . WildFire
- B . DNS Security
- C . Threat Prevention
- D . loT Security
in which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization’s critical data, applications, assets, and services (DAAS) be identified?
- A . Step 4. Create the Zero Trust policy.
- B . Step 2: Map the transaction flows.
- C . Step 3. Architect a Zero Trust network.
- D . Step 1: Define the protect surface
Which of the following statements is valid with regard to Domain Name System (DNS) sinkholing?
- A . it requires the Vulnerability Protection profile to be enabled
- B . DNS sinkholing signatures are packaged and delivered through Vulnerability Protection updates
- C . infected hosts connecting to the Sinkhole Internet Protocol (IP) address can be identified in the traffic logs
- D . It requires a Sinkhole license in order to activate
Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?
- A . Vulnerability Protection profile
- B . Antivirus profile
- C . URL Filtering profile
- D . Anti-Spyware profile
Which built-in feature of PAN-OS allows the NGFW administrator to create a policy that provides auto remediation for anomalous user behavior and malicious activity while maintaining user visibility?
- A . Dynamic user groups (DUGS)
- B . tagging groups
- C . remote device User-ID groups
- D . dynamic address groups (DAGs)
Which three mechanisms are valid for enabling user mapping? (Choose three.)
- A . Captive Portal
- B . Domain server monitoring
- C . Reverse DNS lookup
- D . User behaviour recognition
- E . Client probing
Which statement best describes the business value of Palo Alto Networks Zero Touch Provisioning (ZTP)?
- A . It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server.
- B . When it is in place, it removes the need for an onsite firewall
- C . When the service is purchased, Palo Alto Networks sends an engineer to physically deploy the firewall to the customer environment
- D . It allows a firewall to be automatically connected to the local network wirelessly
What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two)
- A . Add the user to an external dynamic list (EDL).
- B . Tag the user using Panorama or the Web Ul of the firewall.
- C . Tag the user through the firewalls XML API.
- D . Tag the user through Active Directory
A packet that is already associated with a current session arrives at the firewall.
What is the flow of the packet after the firewall determines that it is matched with an existing session?
- A . it is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.
- B . It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress
- C . It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress
- D . It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress
The Palo Ao Networks Cloud Identity Engino (CIE) includes which service that supports identity Providers (ldP)?
- A . Directory Sync and Cloud Authentication Service that support IdP ung SAML 2.0 and OAuth2
- B . Cloud Authentication Service that supports IdP using SAML 2.0 and OAuth2
- C . Directory Sync and Cloud Authentication Service that support IdP ng SAML 2.0
- D . Directory Sync that supports IdP using SAML 2.0
A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture.
What are two steps in this process? (Choose two.)
- A . Validate user identities through authentication
- B . Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall
- C . Categorize data and applications by levels of sensitivity
- D . Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls
WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through.
Which command returns a valid result to verify the ML is working from the command line.
- A . show wfml cloud-status
- B . show mlav cloud-status
- C . show ml cloud-status
- D . show av cloud-status
Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)
- A . Enable User Credential Detection
- B . Enable User-ID
- C . Define a Secure Sockets Layer (SSL) decryption rule base
- D . Enable App-ID
- E . Define a uniform resource locator (URL) Filtering profile
A customer requires an analytics tool with the following attributes:
– Uses the logs on the firewall to detect actionable events on the network
– Automatically processes a series of related threat events that, when combines, indicate a likely comprised host on the network
– Pinpoints the area of risk and allows for assessment of the risk to action can be taken to prevent exploitation of network resources
Which feature of PAN-OS will address these requirements?
- A . WildFire with application program interface (API) calls for automation
- B . Third-party security information and event management (SIEM) which can ingest next-generation firewall (NGFW) logs
- C . Automated correlation engine (ACE)
- D . Cortex XDR and Cortex Data Lake
What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three)
- A . operational efficiencies due to reduction in manual incident review and decrease in mean time to resolution (MTTR)
- B . improved revenue due to more efficient network traffic throughput
- C . Increased security due to scalable cloud delivered security Services (CDSS)
- D . Cost savings due to reduction in IT management effort and device
WildFire can discover zero-day malware in which three types of traffic? (Choose three)
- A . SMTP
- B . HTTPS
- C . FTP
- D . DNS
- E . TFTP
A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network.
Which version of WildFire will meet this customer’s requirements?
- A . WildFire Private Cloud
- B . WildFire Government Cloud
- C . WildFire Secure Cloud
- D . WildFire Public Cloud
Which three script types can be analyzed in WildFire? (Choose three)
- A . PythonScript
- B . MonoSenpt
- C . JScript
- D . PowerShell Script
- E . VBScript
Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?
- A . M-600 appliance
- B . Panorama Interconnect plugin
- C . Panorama Large Scale VPN (LSVPN) plugin
- D . Palo Alto Networks Cluster license
Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.)
- A . WildFire analysis
- B . Dynamic user groups (DUGs)
- C . Multi-factor authentication (MFA)
- D . URL Filtering Profiles
Which CLI command allows visibility into SD-WAN events such as path Selection and path quality measurements?
- A . >show sdwan path-monitor stats vif
- B . >show sdwan session distribution policy-name
- C . >show sdwan connection all
- D . >show sdwan event
A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port.
Which capability of PAN-OS would address the customer’s lack of visibility?
- A . Device ID, because it will give visibility into which devices are communicating with external destinations over port 53
- B . single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection
- C . User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53
- D . App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53
In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)
- A . grayware
- B . command and control (C2)
- C . benign
- D . government
- E . malware
What is an advantage of having WildFire machine learning (ML) capability Inline on the firewall?
- A . It eliminates of the necessity for dynamic analysis in the cloud
- B . It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity
- C . It is always able to give more accurate verdicts than the cloud ML analysis reducing false positives and false negatives
- D . It improves the CPU performance of content inspection
A customer worried about unknown attacks is hesitant to enable SSL decryption due to privacy and regulatory issues .
How does the platform address the customer’s concern?
- A . It overcomes reservations about SSL decrypt by offloading to a higher-capacity firewall to help with the decrypt throughput
- B . It shows how AutoFocus can provide visibility into targeted attacks at the industry sector
- C . It allows a list of websites or URL categories to be defined for exclusion from decryption
- D . It bypasses the need to decrypt SSL traffic by analyzing the file while still encrypted
Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto networks next-generation firewall (NGFW)? (Choose two.)
- A . Active / active high availability (HA)
- B . Multiple virtual systems
- C . non-SYN first packet
- D . Asymmetric routing profile
A customer requires protections and verdicts for portable executable (PE) and executable and linkable format (ELF), as well as the ability to integrate with existing security tools.
Which Cloud-Delivered Security Service (CDSS) does Palo Alto Networks provide that will address this requirement?
- A . Dynamic Unpacking
- B . WildFire
- C . DNS Security
- D . File Blocking profile
What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?
- A . allow the request and all subsequent responses
- B . temporarily disable the DNS Security function
- C . block the query
- D . discard the request and all subsequent responses
Which statement applies to Palo Alto Networks Single Pass Parallel Processing (SP3)?
- A . It processes each feature in a separate single pass with additional performance impact for each enabled feature.
- B . Its processing applies only to security features and does not include any networking features.
- C . It processes all traffic in a single pass with no additional performance impact for each enabled feature.
- D . It splits the traffic and processes all security features in a single pass and all network features in a separate pass
Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?
- A . AutoFocus
- B . Panorama Correlation Report
- C . Cortex XSOAR Community edition
- D . Cortex XDR Prevent
Which Palo Alto Networks security component should an administrator use to and NGFW policies to remote users?
- A . Prisma SaaS API
- B . Threat intelligence Cloud
- C . GlobalProtect
- D . Cortex XDR
Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?
- A . Step 3: Architect a Zero Trust Network
- B . Step 5. Monitor and Maintain the Network
- C . Step 4: Create the Zero Trust Policy
- D . Step 1: Define the Protect Surface
- E . Step 2 Map the Protect Surface Transaction Flows
What will best enhance security of a production online system while minimizing the impact for the existing network?
- A . Layer 2 interfaces
- B . active / active high availability (HA)
- C . Virtual wire
- D . virtual systems
Which two methods are used to check for Corporate Credential Submissions? (Choose two.)
- A . doman credentialiter
- B . User-ID credential check
- C . LDAP query
- D . IP user mapping
A customer is designing a private data center to host their new web application along with a separate headquarters for users.
Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?
- A . Threat Prevention
- B . DNS Security
- C . WildFire
- D . Advanced URL Filtering (AURLF)
Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive.
How should the site be made available?
- A . Disable URL Filtering inline ML
- B . Create a custom URL category and add it to the Security policy
- C . Create a custom URL category and add it on exception of the inline ML profile
- D . Change the action of real-time detection category on URL filtering profile
Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of internet protocol (IP) address or network segment?
- A . User ID and Device-ID
- B . Source-D and Network.ID
- C . Source ID and Device-ID
- D . User-ID and Source-ID
What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)
- A . The client communicates with it instead of the malicious IP address
- B . It represents the remediation server that the client should visit for patching
- C . It will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime
- D . In situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain
What is the default behavior in PAN-OS when a 12 MB portable executable (PE) fe is forwarded to the WildFire cloud service?
- A . PE File is not forwarded.
- B . Flash file is not forwarded.
- C . PE File is forwarded
- D . Flash file is forwarded
A WildFire subscription is required for which two of the following activities? (Choose two)
- A . Filter uniform resource locator (URL) sites by category.
- B . Forward advanced file types from the firewall for analysis.
- C . Use the WildFire Application Programming Interface (API) to submit website links for analysis
- D . Enforce policy based on Host Information Profile (HIP)
- E . Decrypt Secure Sockets Layer (SSL)
What helps avoid split brain in active / passive high availability (HA) pair deployment?
- A . Enable preemption on both firewalls in the HA pair.
- B . Use a standard traffic interface as the HA3 link.
- C . Use the management interface as the HA1 backup link
- D . Use a standard traffic interface as the HA2 backup
Which two of the following does decryption broker provide on a NGFW? (Choose two.)
- A . Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once
- B . Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement
- C . Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement
- D . Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times
A,B
Explanation:
Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/decryption/decryption-broker.html
How frequently do WildFire signatures move into the antivirus database?
- A . every 24 hours
- B . every 12 hours
- C . once a week
- D . every 1 hour
A
Explanation: https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/wildfire-overview/wildfire-concepts/wildfire-signatures