- All Exams Instant Download
If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft?
If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft?A . Mapping to the IP address of the logged-in user.B . First four letters of the username matching any valid corporate username.C . Using the same user’s...
Which action would enable the firewalls to send their pre-existing logs to Panorama?
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables log forwarding from the firewalls to Panoram A. Pre-existing logs from the firewalls are not appearing in Panoram A. Which action would enable the firewalls to send...
Which three steps will reduce the CPU utilization on the management plane? (Choose three.)
Which three steps will reduce the CPU utilization on the management plane? (Choose three.)A . Disable SNMP on the management interface.B . Application override of SSL application.C . Disable logging at session start in Security policies.D . Disable predefined reports.E . Reduce the traffic being decrypted by the firewall.View AnswerAnswer:...
Which feature can provide NGFWs with User-ID mapping information?
Which feature can provide NGFWs with User-ID mapping information?A . GlobalProtectB . Web CaptchaC . Native 802.1q authenticationD . Native 802.1x authenticationView AnswerAnswer: A
How quickly will the firewall receive back a verdict?
A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes. How quickly will the firewall receive back a verdict?A . More than 15 minutesB . 5 minutesC . 10 to...
Which administrative authentication method supports authorization by an external service?
Which administrative authentication method supports authorization by an external service?A . CertificatesB . LDAPC . RADIUSD . SSH keysView AnswerAnswer: C
Which DoS protection mechanism detects and prevents session exhaustion attacks?
Which DoS protection mechanism detects and prevents session exhaustion attacks?A . Packet Based Attack ProtectionB . Flood ProtectionC . Resource ProtectionD . TCP Port Scan ProtectionView AnswerAnswer: C Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/dos-protection-profiles
Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?
Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?A . checkB . findC . testD . simView AnswerAnswer: C Explanation: Reference: http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html
Which operation will impact the performance of the management plane?
Which operation will impact the performance of the management plane?A . WildFire SubmissionsB . DoS ProtectionC . decrypting SSL SessionsD . Generating a SaaS Application Report.View AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSvCAK Decrypting SSL Sessions is a dataplane task.DoS Protection is a Dataplane task. Wildfire submissions is a Dataplane task. Generating a...
Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?
An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?A . Client ProbingB . Terminal Services agentC . GlobalProtectD . Syslog MonitoringView AnswerAnswer: C
