- All Exams Instant Download
Which log type would provide information about traffic blocked by a Zone Protection profile?
Which log type would provide information about traffic blocked by a Zone Protection profile?A . Data Filtering B. IP-Tag C. Traffic D. ThreatView AnswerAnswer: C
Which two statements correctly describe Session 380280? (Choose two.)
Which two statements correctly describe Session 380280? (Choose two.) A . The session went through SSL decryption processing. B. The session has ended with the end-reason unknown. C. The application has been identified as web-browsing. D. The session did not go through SSL decryption processing.View AnswerAnswer: A,C
Why is the AE interface showing down on the passive firewall?
The Aggregate Ethernet interface is showing down on a passive PA-7050 firewall of an active/passive HA pair. The HA Passive Link State is set to "Auto" under Device > High Availability > General > Active/Passive Settings. The AE interface is configured with LACP enabled and is up only on the...
Which three items are import considerations during SD-WAN configuration planning? (Choose three.)
Which three items are import considerations during SD-WAN configuration planning? (Choose three.)A . link requirements B. the name of the ISP C. IP Addresses D. branch and hub locationsView AnswerAnswer: A,C,D Explanation: https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/plan-sd-wan-configuration
Which strategy is consistent with decryption best practices to ensure consistent performance?
A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practices to ensure consistent performance?A . Use RSA in a Decryption profile tor higher-priority and higher-risk traffic, and use less processor-intensive decryption methods for lower-risk traffic B. Use PFS in a...
Which type of certificate should the administrator use?
A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?A . certificate authority (CA) certificate B. client certificate C. machine certificate D. server certificateView AnswerAnswer: D Explanation: Use only signed certificates, not CA certificates, in SSL/TLS service profiles. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configure-an-ssltls-service-profile.html
Which configuration setting or step will allow the firewall to get automatic application signature updates?
An administrator has configured the Palo Alto Networks NGFW’s management interface to connect to the internet through a dedicated path that does not traverse back through the NGFW itself. Which configuration setting or step will allow the firewall to get automatic application signature updates?A . A scheduler will need to...
What is a common obstacle for decrypting traffic from guest devices?
An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network. What is a common obstacle for decrypting traffic from guest devices?A . Guest devices may not trust the CA certificate used for the forward untrust certificate. B. Guests may use operating systems...
What command could the engineer run to see the current state of the BGP state between the two devices?
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?A . show...
Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three.)
Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three.)A . The environment requires real, full-time redundancy from both firewalls at all times B. The environment requires Layer 2 interfaces in the deployment C. The environment requires that both firewalls maintain their own routing...
