- All Exams Instant Download
Given the information, what is the best choice for deploying User-ID to ensure maximum coverage?
A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given...
Place the steps in the WildFire process workflow in their correct order
DRAG DROP Place the steps in the WildFire process workflow in their correct order. View AnswerAnswer: Explanation: Timeline Description automatically generated https://docs.paloaltonetworks.com/wildfire/9-1/wildfire-admin/wildfire-overview/about-wildfire.html
What must be configured in order to select users and groups for those rules from Panorama?
An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory What must be configured in order to select users and groups for those rules from Panorama?A . The Security rules must be targeted to a firewall in...
What command should be used?
An engineer needs to see how many existing SSL decryption sessions are traversing a firewall What command should be used?A . show dataplane pool statistics I match proxy B. debug dataplane pool statistics I match proxy C. debug sessions I match proxy D. show sessions allView AnswerAnswer: B
What are two best practices for incorporating new and modified App-IDs? (Choose two)
What are two best practices for incorporating new and modified App-IDs? (Choose two)A . Configure a security policy rule to allow new App-lDs that might have network-wide impact B. Study the release notes and install new App-IDs if they are determined to have low impact C. Perform a Best Practice...
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)A . the website matches a category that is not allowed for most users B. the website matches a high-risk category C. the web server requires mutual authentication D. the website matches...
What is the best solution for the customer?
An existing NGFW customer requires direct interne! access offload locally at each site and iPSec connectivity to all branches over public internet. One requirement is mat no new SD-WAN hardware be introduced to the environment. What is the best solution for the customer?A . Configure a remote network on PAN-OS...
What best describes the HA Promotion Hold Time?
What best describes the HA Promotion Hold Time?A . the time that is recommended to avoid an HA failover due to the occasional flapping of neighboring devices B. the time that is recommended to avoid a failover when both firewalls experience the same link/path monitor failure simultaneously C. the time...
Which statement regarding HA timer settings is true?
Which statement regarding HA timer settings is true?A . Use the Recommended profile for typical failover timer settings B. Use the Moderate profile for typical failover timer settings C. Use the Aggressive profile for slower failover timer settings. D. Use the Critical profile for faster failover timer settings.View AnswerAnswer: A
How will the rule order populate once pushed to the firewall?
the firewall's device group as post-rules How will the rule order populate once pushed to the firewall?A . shared device group policies, firewall device group policies. local policies. B. firewall device group policies, local policies. shared device group policies C. shared device group policies. local policies, firewall device group policies...
