- All Exams Instant Download
When overriding a template configuration locally on a firewall, what should you consider?
When overriding a template configuration locally on a firewall, what should you consider?A . Only Panorama can revert the overrideB . Panorama will lose visibility into the overridden configurationC . Panorama will update the template with the overridden valueD . The firewall template will show that it is out of...
Which VPN preconfigured configuration would adapt to changes when deployed to the future site?
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of preconfiguration Once deployed each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers Which VPN preconfigured configuration would adapt to changes when deployed to...
Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose two.)
Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose two.)A . Content-IDB . User-IDC . Applications and ThreatsD . AntivirusView AnswerAnswer: C,D Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-dynamic-updates
In a security-first network what is the recommended threshold value for content updates to be dynamically updated?
In a security-first network what is the recommended threshold value for content updates to be dynamically updated?A . 1 to 4 hoursB . 6 to 12 hoursC . 24 hoursD . 36 hoursView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/best-practices-for-content-and-threat-content-updates/best-practices-security-first.html
Which CLI command should the administrator use to obtain the packet capture for validating the configuration?
An administrator needs to troubleshoot a User-ID deployment. The administrator believes that there is an issue related to LDAP authentication. The administrator wants to create a packet capture on the management plane Which CLI command should the administrator use to obtain the packet capture for validating the configuration?A . >...
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three)
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three)A . Destination ZoneB . App-IDC . Custom URL CategoryD . User-IDE . Source InterfaceView AnswerAnswer: A,D,E
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?A . PAN-OS integrated User-ID agentB . LDAP Server Profile configurationC . GlobalProtectD . Windows-based User-ID agentView AnswerAnswer: A
Which GlobalProtect Client connect method requires the distribution and use of machine certificates?
Which GlobalProtect Client connect method requires the distribution and use of machine certificates?A . User-logon (Always on)B . At-bootC . On-demandD . Pre-logonView AnswerAnswer: D
During SSL decryption which three factors affect resource consumption1? (Choose three)
During SSL decryption which three factors affect resource consumption1? (Choose three)A . TLS protocol versionB . transaction sizeC . key exchange algorithmD . applications that use non-standard portsE . certificate issuerView AnswerAnswer: A,B,C Explanation: https://docs.paloaltonetworks.com/best-practices/8-1/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment.html
Which rule type controls end user SSL traffic to external websites?
Which rule type controls end user SSL traffic to external websites?A . SSL Outbound Proxyless InspectionB . SSL Forward ProxyC . SSL Inbound InspectionD . SSH ProxyView AnswerAnswer: C
