- All Exams Instant Download
Where is information about packet buffer protection logged?
Where is information about packet buffer protection logged?A . Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log B. All entries are in the System log C. Alert entries are in the System log. Entries for dropped...
Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer?
Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer? A . Heartbeat Interval B. Additional Master Hold Up Time C. Promotion Hold Time D. Monitor Fall Hold Up TimeView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-timers
What are two best practices for incorporating new and modified App-IDs? (Choose two.)
What are two best practices for incorporating new and modified App-IDs? (Choose two.)A . Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs B. Configure a security policy rule to allow new App-IDs that might have network-wide impact C. Perform...
Given the screenshot, how did the firewall handle the traffic?
Given the screenshot, how did the firewall handle the traffic? A . Traffic was allowed by policy but denied by profile as encrypted. B. Traffic was allowed by policy but denied by profile as a threat. C. Traffic was allowed by profile but denied by policy as a threat. D....
What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?
What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?A . SSL/TLS Service profile B. Certificate profile C. SCEP D. OCSP ResponderView AnswerAnswer: C Explanation: If you have a Simple Certificate Enrollment Protocol (SCEP) server in your enterprise PKI, you can configure a SCEP...
What should the firewall administrator do to mitigate this type of attack?
A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone. What should the firewall administrator do to mitigate this type of attack?A . Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules...
Given the rule below, what change should be made to make sure the NAT works as expected?
Review the information below. A firewall engineer creates a U-NAT rule to allow users in the trust zone access to a server in the same zone by using an external, public NAT IP for that server. Given the rule below, what change should be made to make sure the NAT...
Which two methods should be used to identify the dependent applications for the respective rule?
An administrator creates an application-based security policy rule and commits the change to the firewall. Which two methods should be used to identify the dependent applications for the respective rule? (Choose two.)A . Use the show predefined xpath <value> command and review the output. B. Review the App Dependency application...
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port? A . The firewall will allow HTTP, Telnet, HTTPS, SSH, and Ping from IP addresses defined as $permitted-subnet-2. B. The firewall will allow HTTP, Telnet, HTTPS,...
What can be used to create dynamic address groups?
What can be used to create dynamic address groups?A . dynamic address B. region objects C. tags D. FODN addressesView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/use-dynamic-address-groups-in-policy
