- All Exams Instant Download
What should you recommend?
When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?A . Enable SSL decryption for known malicious source IP addressesB . Enable SSL decryption for...
When you configure an active/active high availability pair which two links can you use? (Choose two)
When you configure an active/active high availability pair which two links can you use? (Choose two)A . HA2 backupB . HA3C . Console BackupD . HSCI-CView AnswerAnswer: A,B
What is a key step in implementing WildFire best practices?
What is a key step in implementing WildFire best practices?A . In a mission-critical network, increase the WildFire size limits to the maximum valueB . In a security-first network set the WildFire size limits to the minimum valueC . Configure the firewall to retrieve content updates every minuteD . Ensure...
When overriding a template configuration locally on a firewall, what should you consider?
When overriding a template configuration locally on a firewall, what should you consider?A . Only Panorama can revert the overrideB . Panorama will lose visibility into the overridden configurationC . Panorama will update the template with the overridden valueD . The firewall template will show that it is out of...
Which benefit do policy rule UUIDs provide?
Which benefit do policy rule UUIDs provide?A . functionality for scheduling policy actionsB . the use of user IP mapping and groups in policiesC . cloning of policies between device-groupsD . an audit trail across a policy's lifespanView AnswerAnswer: D Explanation: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/management-features/universally-unique-identifiers-for-policy-rules.html
What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?
What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?A . It keeps trying to establish an IPSec tunnel to the GlobalProtect gatewayB . It stops the tunnel-establishment processing to the GlobalProtect gateway immediatelyC . It tries to establish a tunnel to...
Which value in the Application column indicates UDP traffic that did not match an App-ID signature?
Which value in the Application column indicates UDP traffic that did not match an App-ID signature?A . not-applicableB . incompleteC . unknown-ipD . unknown-udpView AnswerAnswer: D Explanation: To safely enable applications you must classify all traffic, across all ports, all the time. With App-ID, the only applications that are typically...
What is considered best practice for this scenario?
An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version What is considered best practice for this scenario?A . Perform the Panorama and firewall upgrades simultaneouslyB . Upgrade the firewall first wait at least 24 hours and then upgrade the Panorama versionC . Upgrade Panorama...
Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?
Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?A . performing a local firewall commitB . removing the firewall as a managed device in PanoramaC . performing a factory reset of the firewallD . removing the Panorama serial number from the ZTP serviceView...
Which two solutions can the administrator use to scale this configuration?
An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world Panorama will manage the firewalls. The firewalls will provide access to mobile users and act as edge locations to on-premises infrastructure. The administrator wants to scale the configuration out quickly and wants all of the...
