- All Exams Instant Download
Which two configurations should you check on the firewall?
A firewall should be advertising the static route 10.2.0.0/24 Into OSPF. The configuration on the neighbor is correct, but the route is not in the neighbor's routing table. Which two configurations should you check on the firewall? (Choose two.)A . In the OSFP configuration, ensure that the correct redistribution profile...
Which HA state will the Active firewall go into if ethernet1/1 link goes down due to a failure?
An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Link and Path Monitoring Is enabled with the Failure Condition set to "any." There is one link group configured containing member interfaces ethernet1/1 and ethernet1/2 with a Group Failure Condition set to "all." Which HA state...
Which GlobalProtect component must be configured to enable Clientless VPN?
Which GlobalProtect component must be configured to enable Clientless VPN?A . GlobalProtect satellite B. GlobalProtect app C. GlobalProtect portal D. GlobalProtect gatewayView AnswerAnswer: C Explanation: Creating the GlobalProtect portal is as simple as letting it know if you have accessed it already. A new gateway for accessing the GlobalProtect portal...
What should the enterprise do to use PAN-OS MFA1?
An enterprise information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems However a recent phisning campaign against the organization has prompted Information Security to look for more controls that can secure access to critical assets For users that need to access...
Which statement about the QoS feature is correct?
A network security engineer must implement Quality of Service policies to ensure specific levels of delivery guarantees for various applications in the environment They want to ensure that they know as much as they can about QoS before deploying. Which statement about the QoS feature is correct?A . QoS is...
Given the size of this environment, which User-ID collection method is sufficient?
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management-plane resources are lightly utilized. Given the size of this environment, which User-ID collection method is sufficient?A . Citrix terminal server agent deployed on the network B. Windows-based...
What is the best description of the HA4 Keep-Alive Threshold (ms)?
What is the best description of the HA4 Keep-Alive Threshold (ms)?A . the maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational. B. The time that a passive or active-secondary firewall will wait before taking over as the active...
You have upgraded your Panorama and Log Collectors lo 10.2 x. Before upgrading your firewalls using Panorama, what do you need do?
You have upgraded your Panorama and Log Collectors lo 10.2 x. Before upgrading your firewalls using Panorama, what do you need do?A . Refresh your licenses with Palo Alto Network Support - Panorama/Licenses/Retrieve License Keys from License Server. B. Re-associate the firewalls in Panorama/Managed Devices/Summary. C. Commit and Push the...
Which action and packet-capture setting for items of high severity and critical severity best matches Palo Alto Networks best practice?
The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice. As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall. Which action and packet-capture setting for items...
What can be used to create dynamic address groups?
What can be used to create dynamic address groups?A . dynamic address B. region objects C. tags D. FODN addressesView AnswerAnswer: C
