Which CLI command can the engineer use?

An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI. Which CLI command can the engineer use?A . test vpn flow B. test vpn Ike―sa C. test vpn tunnel D. test vpn gatewayView AnswerAnswer: C

August 1, 2023No CommentsREAD MORE +

A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file named init-cfg txt. The firewall is currently running PAN-OS 10.0 and using a lab config.

A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file...

August 1, 2023No CommentsREAD MORE +

What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?

What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?A . Phase 1 and Phase 2 SAs are synchronized over HA3 links. B. Phase 1 SAs are synchronized over HA1 links. C. Phase 2 SAs are synchronized over HA2 links. D. Phase 1 and Phase 2 SAs...

August 1, 2023No CommentsREAD MORE +

Which Decryption Broker security chain supports bi-directional traffic flow?

An engineer must configure the Decryption Broker feature Which Decryption Broker security chain supports bi-directional traffic flow?A . Layer 2 security chain B. Layer 3 security chain C. Transparent Bridge security chain D. Transparent Proxy security chainView AnswerAnswer: B Explanation: Together, the primary and secondary interfaces form a pair of...

August 1, 2023No CommentsREAD MORE +

An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol

DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol. View AnswerAnswer: Explanation: ✑ Static ―Range is 10-240; default is 10. ✑ OSPF Internal...

August 1, 2023No CommentsREAD MORE +

Which configuration task is best for reducing load on the management plane?

Which configuration task is best for reducing load on the management plane?A . Disable logging on the default deny rule B. Enable session logging at start C. Disable pre-defined reports D. Set the URL filtering action to send alertsView AnswerAnswer: A

July 31, 2023No CommentsREAD MORE +

What should you recommend?

When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?A . Enable SSL decryption for known malicious source IP addresses B. Enable SSL decryption for...

July 31, 2023No CommentsREAD MORE +

Which scenario will cause the Active firewall to fail over?

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Path Monitoring has been enabled with a Failure Condition of "any." A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms...

July 31, 2023No CommentsREAD MORE +

Which three types of interfaces support SSL Forward Proxy?

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall. Which three types of interfaces support SSL Forward Proxy? (Choose three.)A . High availability (HA) B. Layer 2 C. Virtual Wire D. Tap E. Layer 3View AnswerAnswer: B,C,E

July 31, 2023No CommentsREAD MORE +

What are two valid ways to enable Packet-Based Attack Protection?

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)A . ICMP Drop B. TCP Drop C. TCP Port Scan Block D. SYN Random Early DropView AnswerAnswer: A,D

July 31, 2023No CommentsREAD MORE +