Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured objects, such as routes and interface addresses, change?
Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured objects, such as routes and interface addresses, change?A . Template stacks B. Template variables C. The Shared device group D. A device groupView AnswerAnswer:...
Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?
Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?A . Resource Protection B. TCP Port Scan Protection C. Packet Based Attack Protection D. Packet Buffer ProtectionView AnswerAnswer: A Explanation: According to the documentation, resource protection detects and prevents session exhaustion attacks against specific destinations. This type...
Which of the following statements is consistent with SSL decryption best practices?
An engineer is tasked with configuring SSL forward proxy for traffic going to external sites. Which of the following statements is consistent with SSL decryption best practices? A. The forward trust certificate should not be stored on an HSM. B. The forward untrust certificate should be signed by a certificate...
Which two options are available to identify the application?
The firewall identifies a popular application as an unKnown-tcp. Which two options are available to identify the application? (Choose two.)A . Create a custom application. B. Submit an App-ID request to Palo Alto Networks. C. Create a custom object for the application server. D. Create a Security policy to identify...
Which certificate is the best choice to configure as an SSL Forward Trust certificate?
A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust certificate?A . A self-signed Certificate Authority certificate generated by the firewall B. A Machine Certificate for the...
Which two actions could an administrator take to troubleshoot this issue?
An administrator has configured OSPF with Advanced Routing enabled on a Palo Alto Networks firewall running PAN-OS 10.2. After OSPF was configured, the administrator noticed that OSPF routes were not being learned. Which two actions could an administrator take to troubleshoot this issue? (Choose two.)A . Run the CLI command...
Given the rule below, what change should be made to make sure the NAT works as expected?
Review the information below. A firewall engineer creates a U-NAT rule to allow users in the trust zone access to a server in the same zone by using an external, public NAT IP for that server. Given the rule below, what change should be made to make sure the NAT...
What is the recommended order when upgrading to PAN-OS 10.2?
An engineer has been given approval to upgrade their environment 10 PAN-OS 10 2. The environment consists of both physical and virtual firewalls a virtual Panorama HA pair, and virtual log collectors What is the recommended order when upgrading to PAN-OS 10.2?A . Upgrade Panorama, upgrade the log collectors, upgrade...
How should you configure the firewall to allow access to any office-suite application?
You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?A . Create an Application Group and add Office 365, Evernote Google Docs and Libre Office B. Create an Application Group and add business-systems to...
What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?
An engineer is pushing configuration from Panorama lo a managed firewall. What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?A . The firewall rejects the pushed configuration, and the commit fails. B. The firewall renames the duplicate local...