- All Exams Instant Download
Which two options are available to identify the application?
The firewall identifies a popular application as an unknown-tcp. Which two options are available to identify the application? (Choose two.)A . Create a custom application.B . Create a custom object for the custom application server to identify the custom application.C . Submit an Apple-ID request to Palo Alto Networks.D ....
Which Security policy rule will allow traffic to flow to the web server?
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server?A . Untrust (any) to Untrust (10. 1.1. 100), web browsing C AllowB . Untrust (any) to Untrust (1....
Which three firewall states are valid? (Choose three.)
Which three firewall states are valid? (Choose three.)A . ActiveB . FunctionalC . PendingD . PassiveE . SuspendedView AnswerAnswer: A,D,E Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-firewall-states
Which is not a valid reason for receiving a decrypt-cert-validation error?
Which is not a valid reason for receiving a decrypt-cert-validation error?A . Unsupported HSMB . Unknown certificate statusC . Client authenticationD . Untrusted issuerView AnswerAnswer: A
Which will be the egress interface if the traffic’s ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?
Refer to the exhibit. Which will be the egress interface if the traffic’s ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?A . ethernet1/6B . ethernet1/3C . ethernet1/7D . ethernet1/5View AnswerAnswer: D
Which CLI command can be used to export the tcpdump capture?
Which CLI command can be used to export the tcpdump capture?A . scp export tcpdump from mgmt.pcap to <username@host:path>B . scp extract mgmt-pcap from mgmt.pcap to <username@host:path>C . scp export mgmt-pcap from mgmt.pcap to <username@host:path>D . download mgmt.-pcapView AnswerAnswer: C Explanation: Reference: https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Packet-Capture-tcpdump-On-Management-Interface/ta- p/55415
Which priority is correct for the passive firewall?
An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall. Which priority is correct for the passive firewall?A . 0B . 99C . 1D . 255View AnswerAnswer: D Explanation: Reference: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/71/pan-os/pan-os/section_5.pdf (page 9)
Which option will protect the individual servers?
A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers. Which option will protect the individual servers?A . Enable packet buffer protection on the Zone Protection Profile.B . Apply an Anti-Spyware Profile with DNS sinkholing.C . Use the DNS App-ID with application-default.D . Apply a...
Which two features does PAN-OS® software use to identify applications? (Choose two)
Which two features does PAN-OS® software use to identify applications? (Choose two)A . port numberB . session numberC . transaction characteristicsD . application layer payloadView AnswerAnswer: A,D Explanation: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-level-gateways#
Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?
Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?A . debug system detailsB . show session infoC . show system infoD . show system detailsView AnswerAnswer: C Explanation: Reference: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical-documentation/pan-os-60/PAN-OS-6.0- CLI-ref.pdf
