- All Exams Instant Download
A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones?
A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones? A. Create V-Wire objects with...
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?A . NAT B. DOS protection C. QoS D. Tunnel inspectionView AnswerAnswer: A
What two attributes should a forward trust certificate have?
A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.)A . A subject alternative name B. A private key C. A server certificate D. A certificate authority (CA) certificateView AnswerAnswer: B,D Explanation: When deploying SSL Forward Proxy decryption, a...
What is the best description of the HA4 Keep-Alive Threshold (ms)?
What is the best description of the HA4 Keep-Alive Threshold (ms)?A . the maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational. B. The time that a passive or active-secondary firewall will wait before taking over as the active...
Which two mandatory options are used to configure a VLAN interface?
A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)A . Virtual router B. Security zone C. ARP entries D. Netflow ProfileView AnswerAnswer: A,B Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAK VLAN interface is...
Which CLI command can the engineer use?
An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI. Which CLI command can the engineer use?A . test vpn flow B. test vpn Ike―sa C. test vpn tunnel D. test vpn gatewayView AnswerAnswer: C
A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file named init-cfg txt. The firewall is currently running PAN-OS 10.0 and using a lab config.
A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file...
What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?
What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?A . Phase 1 and Phase 2 SAs are synchronized over HA3 links. B. Phase 1 SAs are synchronized over HA1 links. C. Phase 2 SAs are synchronized over HA2 links. D. Phase 1 and Phase 2 SAs...
Which Decryption Broker security chain supports bi-directional traffic flow?
An engineer must configure the Decryption Broker feature Which Decryption Broker security chain supports bi-directional traffic flow?A . Layer 2 security chain B. Layer 3 security chain C. Transparent Bridge security chain D. Transparent Proxy security chainView AnswerAnswer: B Explanation: Together, the primary and secondary interfaces form a pair of...
What should the firewall administrator do to mitigate this type of attack?
A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone. What should the firewall administrator do to mitigate this type of attack?A . Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules...
