Which GloDalProtecI gateway setting is required to enable split-tunneting by access route, destination domain and application?

Which GloDalProtecI gateway setting is required to enable split-tunneting by access route, destination domain and application?A . Tunnel modeB . Satellite modeC . IPSec modeD . No Direct Access to local networksView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-domain-and-application

April 25, 2025 No Comments READ MORE +

What could an administrator do to troubleshoot the issue?

An administrator Just enabled HA Heartbeat Backup on two devices However, the status on tie firewall's dashboard is showing as down High Availability. What could an administrator do to troubleshoot the issue?A . Go to Device > High Availability> General > HA Pair Settings > Setup and configuring the peer...

April 22, 2025 No Comments READ MORE +

What should the NAT rule destination zone be set to?

A firewall engineer creates a destination static NAT rule to allow traffic from the internet to a webserver hosted behind the edge firewall. The pre-NAT IP address of the server is 153.6 12.10, and the post-NAT IP address is 192.168.10.10. Refer to the routing and interfaces information below. What should...

April 21, 2025 No Comments READ MORE +

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?A . Ensure Force Template Values is checked when pushing configuration.B . Push the Template first, then push Device Group to the newly managed firewall.C . Perform the Export...

April 19, 2025 No Comments READ MORE +

Given the following snippet of a WildFire submission log, did the end user successfully download a file?

Given the following snippet of a WildFire submission log, did the end user successfully download a file?A . No, because the URL generated an alert.B . Yes, because both the web-browsing application and the flash file have the 'alert" action.C . Yes, because the final action is set to "allow.''D...

April 18, 2025 No Comments READ MORE +

Which log type will help the engineer verify whether packet buffer protection was activated?

An administrator troubleshoots an issue that causes packet drops. Which log type will help the engineer verify whether packet buffer protection was activated?A . Data FilteringB . ConfigurationC . ThreatD . TrafficView AnswerAnswer: C Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNGFCA4

April 17, 2025 No Comments READ MORE +

What are two best practice deployment modes for the firewall?

A company wants to add threat prevention to the network without redesigning the network routing. What are two best practice deployment modes for the firewall? (Choose two.)A . VirtualWireB . Layer3C . TAPD . Layer2View AnswerAnswer: AD Explanation: A and D are the best practice deployment modes for the firewall...

April 14, 2025 No Comments READ MORE +

For which three severity levels should single-packet captures be enabled to meet the Best Practice standard?

You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)A . LowB . HighC . CriticalD ....

April 11, 2025 No Comments READ MORE +

Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication?

A security engineer needs firewall management access on a trusted interface. Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication? (Choose three.)A . Minimum TLS versionB . CertificateC . Encryption AlgorithmD . Maximum TLS versionE . Authentication AlgorithmView AnswerAnswer: ABD Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-an-ssltls-service-profile

April 11, 2025 No Comments READ MORE +

Which certificate is the best choice to configure as an SSL Forward Trust certificate?

A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust certificate?A . A self-signed Certificate Authority certificate generated by the firewallB . A Machine Certificate for the...

April 10, 2025 No Comments READ MORE +