- All Exams Instant Download
Which statement is true regarding a Best Practice Assessment?
Which statement is true regarding a Best Practice Assessment?A . It shows how your current configuration compares to Palo Alto Networks recommendationsB . It runs only on firewallsC . When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.D...
Which configuration task is best for reducing load on the management plane?
Which configuration task is best for reducing load on the management plane?A . Disable logging on the default deny ruleB . Enable session logging at startC . Disable pre-defined reportsD . Set the URL filtering action to send alertsView AnswerAnswer: A
How should the administrator identify the configuration changes?
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?A . review the configuration logs on the Monitor tabB . click Preview Changes under Push ScopeC . use Test Policy Match to review...
What are three reasons for excluding a site from SSL decryption? (Choose three.)
What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in EnglishB . unsupported ciphersC . certificate pinningD . unsupported browser versionE . mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...
Which three statements accurately describe Decryption Mirror? (Choose three.)
Which three statements accurately describe Decryption Mirror? (Choose three.)A . Decryption Mirror requires a tap interface on the firewallB . Decryption, storage, inspection and use of SSL traffic are regulated in certain countriesC . Only management consent is required to use the Decryption Mirror featureD . You should consult with...
Where will the object need to be created within the device-group hierarchy?
Refer to the diagram. An administrator needs to create an address object that will be useable by the NYC. MA, CA and WA device groups Where will the object need to be created within the device-group hierarchy?A . AmericasB . USC . EastD . WestView AnswerAnswer: A
A traffic log might list an application as "not-applicable" for which two reasons'? (Choose two)
A traffic log might list an application as "not-applicable" for which two reasons'? (Choose two)A . The firewall did not install the sessionB . The TCP connection terminated without identifying any application dataC . The firewall dropped a TCP SYN packetD . There was not enough application data after the...
Which action and packet-capture setting for items of high severity and critical severity best matches Palo Alto Networks best practice'?
The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice. As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall. Which action and packet-capture setting for items...
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two)
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two)A . Dos Protection policyB . QoS ProfileC . Zone Protection ProfileD . DoS Protection ProfileView AnswerAnswer: C,D Explanation: Flood Attack Protection Zone Protection Profiles protect against of five types of floods: • SYN (TCP) • UDP...
What happens to traffic traversing SD-WAN fabric that doesn't match any SD-WAN policies?
What happens to traffic traversing SD-WAN fabric that doesn't match any SD-WAN policies?A . Traffic is dropped because there is no matching SD-WAN policy to direct traffic.B . Traffic matches a catch-all policy that is created through the SD-WAN plugin.C . Traffic matches implied policy rules and is redistributed round...
