Which dynamic role does the administrator assign to the new-hire colleague?
An administrator wants to grant read-only access to all firewall settings, except administrator accounts, to a new-hire colleague in the IT department. Which dynamic role does the administrator assign to the new-hire colleague?A . Device administrator (read-only) B. System administrator (read-only) C. Firewall administrator (read-only) D. Superuser (read-only)View AnswerAnswer: D
Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?
Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networks B. Tunnel mode C. iPSec mode D. Satellite modeView AnswerAnswer: B Explanation: To enable split-tunneling by access route, destination domain, and application, you need to configure a...
What is a key step in implementing WildFire best practices?
What is a key step in implementing WildFire best practices?A . In a mission-critical network, increase the WildFire size limits to the maximum value. B. Configure the firewall to retrieve content updates every minute. C. In a security-first network, set the WildFire size limits to the minimum value. D. Ensure...
What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?
What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?A . SSL/TLS Service profile B. Certificate profile C. SCEP D. OCSP ResponderView AnswerAnswer: C Explanation: If you have a Simple Certificate Enrollment Protocol (SCEP) server in your enterprise PKI, you can configure a SCEP...
When creating a new rule, what is needed to allow the application to resolve dependencies?
A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL. When creating a new rule, what is needed to allow the application to resolve dependencies?A . Add SSL and web-browsing applications to the same rule. B. Add web-browsing application to the...
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port? A . The firewall will allow HTTP, Telnet, HTTPS, SSH, and Ping from IP addresses defined as $permitted-subnet-2. B. The firewall will allow HTTP, Telnet, HTTPS,...
A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones?
A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones? A. Create V-Wire objects with...
Which profile should be configured in order to achieve this?
A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?A . SSH Service profile B. SSL/TLS Service profile C. Decryption profile D. Certificate profileView AnswerAnswer: B
Which source should be used for User-ID mappings?
A company is using wireless controllers to authenticate users. Which source should be used for User-ID mappings?A . Syslog B. XFF headers C. server monitoring D. client probingView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/user-id-overview
What is one way the administrator can meet this requirement?
An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?A . Perform a commit force from the CLI of the firewall. B....