In order to reach the web server, which Security rule and NAT rule must be configured on the firewall?
A user at an external system with the IP address 65. 124.57.5 queries the DNS server at 4.2.2.2 for the IP address of the web server, www.xyz.com. The DNS server returns an address of 172.16.15.1 In order to reach the web server, which Security rule and NAT rule must be...
What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram?
What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram? A . IP NetmaskB . IP AddressC . IP Wildcard MaskD . IP RangeView AnswerAnswer: C
When you navigate to Network>Global Protect>Portals>Agent>(config)>App and look in the Connect Method section, which three options are available? (Choose three.)
When you navigate to Network>Global Protect>Portals>Agent>(config)>App and look in the Connect Method section, which three options are available? (Choose three.)A . pre-logon the non-demandB . certificate-logonC . on-demand (manual user-initiated connection)D . post-logon (always on)E . user-logon (always on)View AnswerAnswer: ACE
What is the best solution for the customer?
An existing NGFW customer requires direct internet access offload locally at each site, and IPSec connectivity to all branches over public internet. One requirement is that no new SD-WAN hardware be introduced to the environment. What is the best solution for the customer?A . Upgrade to a PAN-OS SD-WAN subscriptionB...
What should be done to ensure that the settings in the "Local" template are applied while maintaining settings from both templates?
A firewall has been assigned to a new template stack that contains both "Global" and "Local" templates in Panorama, and a successful commit and push has been performed. While validating the configuration on the local firewall, the engineer discovers that some settings are not being applied as intended. The setting...
The end-user's browser will show that the certificate for www.example-website.comwas issued by which of the following?
A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (CAs): i. Enterprise-Trusted-CA, which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system.) ii. Enterprise-Untrusted-CA, which is verified as Forward Untrust...
What should the administrator implement?
A network administrator plans a Prisma Access deployment with three service connections, each with a BGP peering to a CPE. The administrator needs to minimize the BGP configuration and management overhead on on-prem network devices. What should the administrator implement?A . hot potato routingB . summarized BGP routes before advertisingC...
After the administrator commits the configuration to Panorama, which device-group commit push operation should the administrator use to ensure that the push is successful?
A Panorama administrator configures a new zone and uses the zone in a new Security policy. After the administrator commits the configuration to Panorama, which device-group commit push operation should the administrator use to ensure that the push is successful?A . merge with candidate configB . force template valuesC ....
An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority.
An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority. Match the default Administrative Distances for each routing protocol. View AnswerAnswer:
Which component enables you to configure firewall resource protection settings?
Which component enables you to configure firewall resource protection settings?A . Zone Protection ProfileB . DoS Protection ProfileC . DoS Protection policyD . QoS ProfileView AnswerAnswer: B