Which dynamic role does the administrator assign to the new-hire colleague?

An administrator wants to grant read-only access to all firewall settings, except administrator accounts, to a new-hire colleague in the IT department. Which dynamic role does the administrator assign to the new-hire colleague?A . Device administrator (read-only) B. System administrator (read-only) C. Firewall administrator (read-only) D. Superuser (read-only)View AnswerAnswer: D

July 31, 2023No CommentsREAD MORE +

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networks B. Tunnel mode C. iPSec mode D. Satellite modeView AnswerAnswer: B Explanation: To enable split-tunneling by access route, destination domain, and application, you need to configure a...

July 30, 2023No CommentsREAD MORE +

What is a key step in implementing WildFire best practices?

What is a key step in implementing WildFire best practices?A . In a mission-critical network, increase the WildFire size limits to the maximum value. B. Configure the firewall to retrieve content updates every minute. C. In a security-first network, set the WildFire size limits to the minimum value. D. Ensure...

July 30, 2023No CommentsREAD MORE +

What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?

What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?A . SSL/TLS Service profile B. Certificate profile C. SCEP D. OCSP ResponderView AnswerAnswer: C Explanation: If you have a Simple Certificate Enrollment Protocol (SCEP) server in your enterprise PKI, you can configure a SCEP...

July 30, 2023No CommentsREAD MORE +

When creating a new rule, what is needed to allow the application to resolve dependencies?

A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL. When creating a new rule, what is needed to allow the application to resolve dependencies?A . Add SSL and web-browsing applications to the same rule. B. Add web-browsing application to the...

July 30, 2023No CommentsREAD MORE +

Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?

Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port? A . The firewall will allow HTTP, Telnet, HTTPS, SSH, and Ping from IP addresses defined as $permitted-subnet-2. B. The firewall will allow HTTP, Telnet, HTTPS,...

July 30, 2023No CommentsREAD MORE +

A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones?

A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones? A. Create V-Wire objects with...

July 30, 2023No CommentsREAD MORE +

Which profile should be configured in order to achieve this?

A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?A . SSH Service profile B. SSL/TLS Service profile C. Decryption profile D. Certificate profileView AnswerAnswer: B

July 29, 2023No CommentsREAD MORE +

Which source should be used for User-ID mappings?

A company is using wireless controllers to authenticate users. Which source should be used for User-ID mappings?A . Syslog B. XFF headers C. server monitoring D. client probingView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/user-id-overview

July 29, 2023No CommentsREAD MORE +

What is one way the administrator can meet this requirement?

An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?A . Perform a commit force from the CLI of the firewall. B....

July 29, 2023No CommentsREAD MORE +