- All Exams Instant Download
The UDP-4501 protocol-port is used between which two GlobalProtect components?
The UDP-4501 protocol-port is used between which two GlobalProtect components?A . GlobalProtect app and GlobalProtect gateway B. GlobalProtect portal and GlobalProtect gateway C. GlobalProtect app and GlobalProtect satellite D. GlobalProtect app and GlobalProtect portalView AnswerAnswer: A Explanation: UDP 4501 Used for IPSec tunnel connections between GlobalProtect apps and gateways. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-globalprotect.html
What can be used to create dynamic address groups?
What can be used to create dynamic address groups?A . dynamic address B. region objects C. tags D. FODN addressesView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/use-dynamic-address-groups-in-policy
What should the firewall administrator do to mitigate this type of attack?
A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone. What should the firewall administrator do to mitigate this type of attack?A . Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules...
Given the screenshot, how did the firewall handle the traffic?
Given the screenshot, how did the firewall handle the traffic? A . Traffic was allowed by policy but denied by profile as encrypted. B. Traffic was allowed by policy but denied by profile as a threat. C. Traffic was allowed by profile but denied by policy as a threat. D....
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?A . NAT B. DOS protection C. QoS D. Tunnel inspectionView AnswerAnswer: B
Which scenario will cause the Active firewall to fail over?
An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Path Monitoring has been enabled with a Failure Condition of "any." A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms...
Which two options are available to identify the application?
The firewall identifies a popular application as an unKnown-tcp. Which two options are available to identify the application? (Choose two.)A . Create a custom application. B. Submit an App-ID request to Palo Alto Networks. C. Create a custom object for the application server. D. Create a Security policy to identify...
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?A . Certificate profile B. Path Quality profile C. SD-WAN Interface profile D. Traffic Distribution profileView AnswerAnswer: C Explanation: To enable forward error correction (FEC) for PAN-OS SD-WAN, you...
What two attributes should a forward trust certificate have?
A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.)A . A subject alternative name B. A private key C. A server certificate D. A certificate authority (CA) certificateView AnswerAnswer: B,D Explanation: When deploying SSL Forward Proxy decryption, a...
What can the administrator configure to establish the VPN connection?
A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator None of the peer addresses are known What can the administrator configure to establish the VPN connection?A . Set up certificate authentication. B. Use the Dynamic IP address type. C. Enable Passive Mode D....
