- All Exams Instant Download
When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?
When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?A . The interface must be used for traffic to the required servicesB . You must enable DoS and zone protectionC . You must set...
Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?
An administrator is using Panorama to manage me and suspects an IKE Crypto mismatch between peers, from the firewalls to Panorama. However, pre-existing logs from the firewalls are not appearing in Panorama. Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?A . Export...
Which data flow describes redistribution of user mappings?
Which data flow describes redistribution of user mappings?A . User-ID agent to firewallB . firewall to firewallC . Domain Controller to User-ID agentD . User-ID agent to PanoramaView AnswerAnswer: B Explanation: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/configure-firewalls-to-redistribute-user-mapping-information https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for-user-id-redistribution.html#ide3661b46-4722-4936-bb9b-181679306809
In order to reach the web server, which Security rule and NAT rule must be configured on the firewall?
A user at an external system with the IP address 65. 124.57.5 queries the DNS server at 4.2.2.2 for the IP address of the web server, www.xyz.com. The DNS server returns an address of 172.16.15.1 In order to reach the web server, which Security rule and NAT rule must be...
What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram?
What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram? A . IP NetmaskB . IP AddressC . IP Wildcard MaskD . IP RangeView AnswerAnswer: C
When you navigate to Network>Global Protect>Portals>Agent>(config)>App and look in the Connect Method section, which three options are available? (Choose three.)
When you navigate to Network>Global Protect>Portals>Agent>(config)>App and look in the Connect Method section, which three options are available? (Choose three.)A . pre-logon the non-demandB . certificate-logonC . on-demand (manual user-initiated connection)D . post-logon (always on)E . user-logon (always on)View AnswerAnswer: ACE
What is the best solution for the customer?
An existing NGFW customer requires direct internet access offload locally at each site, and IPSec connectivity to all branches over public internet. One requirement is that no new SD-WAN hardware be introduced to the environment. What is the best solution for the customer?A . Upgrade to a PAN-OS SD-WAN subscriptionB...
What should be done to ensure that the settings in the "Local" template are applied while maintaining settings from both templates?
A firewall has been assigned to a new template stack that contains both "Global" and "Local" templates in Panorama, and a successful commit and push has been performed. While validating the configuration on the local firewall, the engineer discovers that some settings are not being applied as intended. The setting...
The end-user's browser will show that the certificate for www.example-website.comwas issued by which of the following?
A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (CAs): i. Enterprise-Trusted-CA, which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system.) ii. Enterprise-Untrusted-CA, which is verified as Forward Untrust...
What should the administrator implement?
A network administrator plans a Prisma Access deployment with three service connections, each with a BGP peering to a CPE. The administrator needs to minimize the BGP configuration and management overhead on on-prem network devices. What should the administrator implement?A . hot potato routingB . summarized BGP routes before advertisingC...
