- All Exams Instant Download
Which of the following statements is a best practice for SSL decryption?
An engineer is planning an SSL decryption implementation Which of the following statements is a best practice for SSL decryption?A . Use the same Forward Trust certificate on all firewalls in the network. B. Obtain a certificate from a publicly trusted root CA for the Forward Trust certificate. C. Obtain...
SAML SLO is supported for which two firewall features? (Choose two.)
SAML SLO is supported for which two firewall features? (Choose two.)A . GlobalProtect Portal B. CaptivePortal C. WebUI D. CLIView AnswerAnswer: A,C
When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?
When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?A . The interface must be used for traffic to the required services B. You must enable DoS and zone protection C. You must set...
Which statement best describes the Automated Commit Recovery feature?
Which statement best describes the Automated Commit Recovery feature?A . It performs a connectivity check between the firewall and Panorama after every configuration commit on the firewall. It reverts the configuration changes on the firewall if the check fails. B. It restores the running configuration on a firewall and Panorama...
Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?
Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?A . Measure and monitor the CPU consumption of the firewall data plane to ensure that each firewall is properly sized to support DoS and zone protection B. Create a zone protection profile...
Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?
Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?A . Measure and monitor the CPU consumption of the firewall data plane to ensure that each firewall is properly sized to support DoS and zone protection B. Create a zone protection profile...
How should you configure the firewall to allow access to any office-suite application?
You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?A . Create an Application Group and add Office 365, Evernote Google Docs and Libre Office B. Create an Application Group and add business-systems to...
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?A . Certificate profile B. Path Quality profile C. SD-WAN Interface profile D. Traffic Distribution profileView AnswerAnswer: C
When upgrading Log Collectors to 10.2, you must do what?
You have upgraded Panorama to 10.2 and need to upgrade six Log Collectors. When upgrading Log Collectors to 10.2, you must do what?A . Upgrade the Log Collectors one at a time. B. Add Panorama Administrators to each Managed Collector. C. Add a Global Authentication Profile to each Managed Collector....
What are three reasons for excluding a site from SSL decryption? (Choose three.)
What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in English B. unsupported ciphers C. certificate pinning D. unsupported browser version E. mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...
