- All Exams Instant Download
What is the likely cause?
A security engineer received multiple reports of an IPSec VPN tunnel going down the night before. The engineer couldn't find any events related to VPN under system togs. What is the likely cause?A . Dead Peer Detection is not enabled. B. Tunnel Inspection settings are misconfigured. C. The Tunnel Monitor...
What configuration is needed to allow the firewall to communicate to the User-ID agent?
An engineer discovers the management interface is not routable to the User-ID agent What configuration is needed to allow the firewall to communicate to the User-ID agent?A . Create a NAT policy for the User-ID agent server B. Add a Policy Based Forwarding (PBF) policy to the User-ID agent IP...
Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer?
Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer? A . Heartbeat Interval B. Additional Master Hold Up Time C. Promotion Hold Time D. Monitor Fall Hold Up TimeView AnswerAnswer: A
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)A . Create a no-decrypt Decryption Policy rule. B. Configure an EDL to pull IP addresses of known sites resolved from a CRL. C. Create a Dynamic...
Which data flow best describes redistribution of user mappings?
An engineer needs to redistribute User-ID mappings from multiple data centers. Which data flow best describes redistribution of user mappings?A . Domain Controller to User-ID agent B. User-ID agent to Panorama C. User-ID agent to firewall D. firewall to firewallView AnswerAnswer: D
What should be done to ensure that the settings in the "Local" template are applied while maintaining settings from both templates?
A firewall has been assigned to a new template stack that contains both "Global" and "Local" templates in Panorama, and a successful commit and push has been performed. While validating the configuration on the local firewall, the engineer discovers that some settings are not being applied as intended. The setting...
What are two benefits of using nested device groups?
An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)A . Inherit settings from the Shared group B. Inherit IPSec crypto profiles C. Inherit all Security policy rules and objects D. Inherit parent Security policy rules and objectsView...
If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does not appear, what is the root cause?
An administrator has 750 firewalls. The administrator's central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls. If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does...
In order to reach the web server, which security rule and U-Turn NAT rule must be configured on the firewall?
A user at an internal system queries the DNS server for their web server with a private IP of 10 250 241 131 in the. The DNS server returns an address of the web server's public address, 200.1.1.10. In order to reach the web server, which security rule and U-Turn...
When using SSH keys for CLI authentication for firewall administration, which method is used for authorization?
When using SSH keys for CLI authentication for firewall administration, which method is used for authorization?A . Local B. LDAP C. Kerberos D. RadiusView AnswerAnswer: A Explanation: When using SSH keys for CLI authentication for firewall administration, the method used for authorization is local. This is described in the Palo...
