Which source is the most reliable for collecting User-ID user mapping?
Which source is the most reliable for collecting User-ID user mapping?A . GlobalProtect B. Microsoft Active Directory C. Microsoft Exchange D. Syslog ListenerView AnswerAnswer: A Explanation: User-ID is a feature that enables you to identify and control users on your network based on their usernames instead of their IP addresses1....
What are two benefits of using nested device groups?
An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)A . Inherit settings from the Shared group B. Inherit IPSec crypto profiles C. Inherit all Security policy rules and objects D. Inherit parent Security policy rules and objectsView...
Which three items are import considerations during SD-WAN configuration planning? (Choose three.)
Which three items are import considerations during SD-WAN configuration planning? (Choose three.)A . link requirements B. the name of the ISP C. IP Addresses D. branch and hub locationsView AnswerAnswer: A,C,D Explanation: https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/plan-sd-wan-configuration
Which two components are required on the firewall to configure certificate-based administrator authentication to the web Ul?
A remote administrator needs firewall access on an untrusted interface. Which two components are required on the firewall to configure certificate-based administrator authentication to the web Ul? (Choose two)A . client certificate B. certificate profile C. certificate authority (CA) certificate D. server certificateView AnswerAnswer: B,D
What are two reasons why the firewall might not use a static route?
An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used. After looking at the configuration, the administrator believes that the firewall is not using a static route. What are two reasons why the firewall might not use a static route? (Choose...
Which CLI command displays the physical media that are connected to ethernet1/8?
Which CLI command displays the physical media that are connected to ethernet1/8?A . > show system state filter-pretty sys.si.p8.stats B. > show system state filter-pretty sys.sl.p8.phy C. > show interface ethernet1/8 D. > show system state filter-pretty sys.sl.p8.medView AnswerAnswer: C
Which log type would provide information about traffic blocked by a Zone Protection profile?
Which log type would provide information about traffic blocked by a Zone Protection profile?A . Data Filtering B. IP-Tag C. Traffic D. ThreatView AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CAC Zone Protection profile is a set of security policies that you can apply to an interface or zone to protect it from reconnaissance,...
When using SSH keys for CLI authentication for firewall administration, which method is used for authorization?
When using SSH keys for CLI authentication for firewall administration, which method is used for authorization?A . Local B. LDAP C. Kerberos D. RadiusView AnswerAnswer: A Explanation: When using SSH keys for CLI authentication for firewall administration, the method used for authorization is local. This is described in the Palo...
In a Panorama template which three types of objects are configurable? (Choose three)
In a Panorama template which three types of objects are configurable? (Choose three)A . certificate profiles B. HIP objects C. QoS profiles D. security profiles E. interface management profilesView AnswerAnswer: A,C,E Explanation: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/use-case-configure-firewalls-using-panorama/set-up-your-centralized-configuration-and-policies/use-templates-to-administer-a-base-configuration
What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?
An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls. What can be configured on one pair...