What are three best practices for running an Ultimate Test Drive (UTD)? (Choose three.)
- A . It should be used to create pipeline and customer interest.
- B . It should be used to demonstrate the power of the platform.
- C . The lab documentation should be reviewed and tested.
- D . It should be led by Palo Alto Network employees.
- E . The required equipment should be shipped to lab site in advance.
Which two designs require virtual systems? (Choose two.)
- A . A shared gateway interface that does not need a full administrative boundary
- B . A virtual router as a replacement for an internet-facing router
- C . A single physical firewall shared by different organizations, each with unique traffic control needs
- D . A VMware NSX deployment that needs micros segmentation
Which option is required to activate/retrieve a Device Management License on the M.100 Appliance after the Auth Codes have been activated on the Palo Alto Networks Support Site?
- A . Generate a Tech Support File and call PANTAC
- B . Select Device > Licenses and click activate feature using authorization code
- C . Select PANORAMA > Licenses and click Activate feature using authorization code
- D . Generate a State Dump File and upload it to the Palo Alto Network support portal
The botnet report displays a confidence score of 1 to 5 indicating the likelihood of a botnet infection.
Which three sources are used by the firewall as the basis of this score? (Choose three.)
- A . Bad Certificate Reports
- B . Traffic Type
- C . Botnet Reports
- D . Number of Events
- E . Executable Downloads
- F . Threat Landscape
B,D,E
Explanation:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/monitoring/generate-botnet-reports
Which profile or policy should be applied to protect against port scans from the internet?
- A . An App-ID security policy rule to block traffic sourcing from the untrust zone
- B . Security profiles to security policy rules for traffic sourcing from the untrust zone
- C . Interface management profile on the zone of the ingress interface
- D . Zone protection profile on the zone of the ingress interface
Which two components must to be configured within User-ID on a new firewall that has been implemented? (Choose two.)
- A . Group Mapping
- B . 802.1X Authentication
- C . Proxy Authentication
- D . User mapping
A,D
Explanation:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/enable-user-id
Which three methods used to map users to IP addresses are supported in Palo Alto Networks firewalls? (Choose three.)
- A . Client Probing
- B . TACACS
- C . eDirectory monitoring
- D . SNMP server
- E . Lotus Domino
- F . RADIUS
- G . Active Directory monitoring
A,B,F
Explanation:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/user-id-concepts/user-mapping
In which two cases should the Hardware offering of Panorama be chosen over the Virtual Offering? (Choose two)
- A . Dedicated Logger Mode is required
- B . Logs per second exceed 10,000
- C . Appliance needs to be moved into data center
- D . Device count is under 100
How does SSL Forward Proxy decryption work?
- A . SSL Forward Proxy decryption policy decrypts and inspects SSL/TLS traffic from internal users to the web.
- B . The SSL Forward Proxy Firewall creates a certificate intended for the client that is intercepted and altered by the firewall.
- C . If the server’s certificate is signed by a CA that the firewall does not trust, the firewall will use the certificate only on Forward Trust.
- D . The firewall resides between the internal client and internal server to intercept traffic between the two.
What are the two group options for database when creating a custom report? (Choose two)
- A . Oracle
- B . SQL
- C . Detailed Logs
- D . Summary Databases
Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?
- A . WildFire on the firewall, and AutoFocus on Panorama
- B . URL Filtering on the firewall, and MindMeld on Panorama
- C . Threat Prevention on the firewall, and Support on Panorama
- D . GlobalProtect on the firewall, and Threat Prevention on Panorama
What are three sources of malware sample data for the Palo Alto Networks Threat Intelligence Cloud? (Choose three.)
- A . Third-Party data feeds, like the partnership with ProofPoint and the Cyber Threat Alliance
- B . Palo Alto Networks AutoFocus generated Correlation Objects
- C . Palo Alto Networks Next Generation Firewalls deployed with Wildfire Analysis Security Profiles
- D . WF-500 configured as private clouds for privacy concerns
- E . Palo Alto Networks non-firewall products, like Traps and Aperture
A,B,E
Explanation:
https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus
How do Highly Suspicious artifacts in-AutoFocus help identify when an unknown, potential zero-day, targeted attack occur to allow one to adjust the security posture?
- A . Highly Suspicious artifacts are associated with High-Risk payloads that are inflicting massive amounts of damage to end customers.
- B . All High Risk artifacts are automatically classified as Highly Suspicious.
- C . Highly Suspicious artifacts are High Risk artifacts that have been seen in very few samples.
- D . Highly Suspicious artifacts have been seen infecting a broad, significant range of companies.
Because of regulatory compliance a customer cannot decrypt specific types of traffic.
Which license should an SE recommend to the customer who will be decrypting traffic on the Palo Alto Networks firewall?
- A . App-ID, to use applications as match criteria in the decryption policy rules
- B . SSL Decryption, for inbound inspection and granular Forward Proxy SSL decryption
- C . Support, to request custom categories as match criteria in decryption policy rules
- D . URL Filtering, to use predefined URL categories as match criteria in the decryption policy rules
How many recursion levels are supported for compressed files in PAN-OS 8.0?
- A . 2
- B . 5
- C . 4
- D . 3