- All Exams Instant Download
What are the two behavior differences between Highlight Unused Rules and the Rule Usage Hit counter when a firewall is rebooted? (Choose two.)
What are the two behavior differences between Highlight Unused Rules and the Rule Usage Hit counter when a firewall is rebooted? (Choose two.)A . Rule Usage Hit counter will not be resetB . Highlight Unused Rules will highlight all rules.C . Highlight Unused Rules will highlight zero rules.D . Rule...
Which two security policy rules will accomplish this configuration?
Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.) Which two security policy rules...
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?A . To enable Gateway authentication to the PortalB . To enable Portal authentication to the GatewayC . To enable user authentication to the PortalD . To enable client machine authentication to the PortalView AnswerAnswer: C Explanation:...
Which Palo Alto Networks VM-Series firewall is valid?
Which Palo Alto Networks VM-Series firewall is valid?A . VM-25B . VM-800C . VM-50D . VM-400View AnswerAnswer: C Explanation: Reference: https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series
Which action will this cause configuration on the matched traffic?
A Security policy rule is configured with a Vulnerability Protection Profile and an action of ‘Deny”. Which action will this cause configuration on the matched traffic?A . The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to “Deny”.B . The configuration will...
SAML SLO is supported for which two firewall features? (Choose two.)
SAML SLO is supported for which two firewall features? (Choose two.)A . GlobalProtect PortalB . CaptivePortalC . WebUID . CLIView AnswerAnswer: A,B
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?A . Deny application facebook-chat before allowing application facebookB . Deny application facebook on topC . Allow application facebook on topD . Allow application facebook before denying application facebook-chatView AnswerAnswer: A Explanation: Reference: https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat-Consistently/ta-p/115673
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)A . Create a no-decrypt Decryption Policy rule.B . Configure an EDL to pull IP addresses of known sites resolved from a CRD . Create a Dynamic...
When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?
VPN traffic intended for an administrator’s Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor. When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?A . Zone ProtectionB . DoS ProtectionC . Web ApplicationD . ReplayView AnswerAnswer: D
Which configuration will enable this HA scenario?
An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair. Which configuration will enable this HA scenario? A. The two firewalls will share a single floating...
