Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?
An engineer must configure a new SSL decryption deployment. Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?A . There must be a certificate with both the Forward Trust option and Forward Untrust option selected. B. A Decryption profile must be attached...
The UDP-4501 protocol-port is used between which two GlobalProtect components?
The UDP-4501 protocol-port is used between which two GlobalProtect components?A . GlobalProtect app and GlobalProtect gateway B. GlobalProtect portal and GlobalProtect gateway C. GlobalProtect app and GlobalProtect satellite D. GlobalProtect app and GlobalProtect portalView AnswerAnswer: A Explanation: UDP 4501 Used for IPSec tunnel connections between GlobalProtect apps and gateways. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-globalprotect.html
What are two best practices for incorporating new and modified App-IDs? (Choose two)
What are two best practices for incorporating new and modified App-IDs? (Choose two)A . Configure a security policy rule to allow new App-lDs that might have network-wide impact B. Study the release notes and install new App-IDs if they are determined to have low impact C. Perform a Best Practice...
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?A . Certificate profile B. Path Quality profile C. SD-WAN Interface profile D. Traffic Distribution profileView AnswerAnswer: B
What must the administrator do to correct this issue?
An administrator is attempting to create policies tor deployment of a device group and template stack. When creating the policies, the zone drop down list does not include the required zone. What must the administrator do to correct this issue?A . Specify the target device as the master device in...
Which two options could the administrator use to verify the progress or success of that commit task?
An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.) A. System Logs B. Task Manager C. Traffic Logs D. Configuration LogsView AnswerAnswer: A,B Explanation: A. System Logs: The...
What can they do to reduce commit times?
A company has recently migrated their branch office's PA-220S to a centralized Panorama. This Panorama manages a number of PA-7000 Series and PA-5200 Series devices All device group and template configuration is managed solely within Panorama They notice that commit times have drastically increased for the PA-220S after the migration...
What two attributes should a forward trust certificate have?
A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.)A . A subject alternative name B. A private key C. A server certificate D. A certificate authority (CA) certificateView AnswerAnswer: B,D Explanation: When deploying SSL Forward Proxy decryption, a...
Which two methods should be used to identify the dependent applications for the respective rule?
An administrator creates an application-based security policy rule and commits the change to the firewall. Which two methods should be used to identify the dependent applications for the respective rule? (Choose two.)A . Use the show predefined xpath <value> command and review the output. B. Review the App Dependency application...
Which three dynamic routing protocols support BFD?
An engineer manages a high availability network and requires fast failover of the routing protocols. The engineer decides to implement BFD. Which three dynamic routing protocols support BFD? (Choose three.)A . OSPF B. RIP C. BGP D. IGRP E. OSPFv3 virtual linkView AnswerAnswer: ACE