- All Exams Instant Download
Which interface type would support this business requirement?
An administrator needs to implement an NGFW between their DMZ and Core network EIGRP Routing between the two environments is required. Which interface type would support this business requirement?A . Layer 3 interfaces but configuring EIGRP on the attached virtual routerB . Virtual Wire interfaces to permit EIGRP routing to...
Before doing so, what must the administrator consider?
An administrator wants to enable zone protection Before doing so, what must the administrator consider?A . Activate a zone protection subscription.B . To increase bandwidth no more than one firewall interface should be connected to a zoneC . Security policy rules do not prevent lateral movement of traffic between zonesD...
Which method can capture IP-to-user mapping information for users on the Linux machines?
Users within an enterprise have been given laptops that are joined to the corporate domain. In some cases, IT has also deployed Linux-based OS systems with a graphical desktop. Information Security needs IP-to-user mapping, which it will use in group-based policies that will limit internet access for the Linux desktop...
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three)
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three)A . Destination ZoneB . App-IDC . Custom URL CategoryD . User-IDE . Source InterfaceView AnswerAnswer: A,C,D
Where does the administrator view the desired data?
An administrator needs to gather information about the CPU utilization on both the management plane and the data plane Where does the administrator view the desired data?A . Monitor > UtilizationB . Resources Widget on the DashboardC . Support > ResourcesD . Application Command and Control CenterView AnswerAnswer: A
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)A . the website matches a category that is not allowed for most usersB . the website matches a high-risk categoryC . the web server requires mutual authenticationD . the website matches...
Which two statements are true for the DNS Security service? (Choose two.)
Which two statements are true for the DNS Security service? (Choose two.)A . It eliminates the need for dynamic DNS updatesB . It functions like PAN-DB and requires activation through the app portalC . It removes the 100K limit for DNS entries for the downloaded DNS updatesD . It is...
Which three severity levels should single-packet captures be enabled to meet the Best Practice standard?
You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For. Which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three)A . HighB . MediumC . CriticalD ....
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?A . PAN-OS integrated User-ID agentB . LDAP Server Profile configurationC . GlobalProtectD . Windows-based User-ID agentView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-concepts/user-mapping/globalprotect.html Because GlobalProtect users must authenticate to gain access to...
What is the best solution for the customer?
An existing NGFW customer requires direct interne! access offload locally at each site and iPSec connectivity to all branches over public internet. One requirement is mat no new SD-WAN hardware be introduced to the environment. What is the best solution for the customer?A . Configure a remote network on PAN-OSB...
