- All Exams Instant Download
Which one is the correct configuration?
To more easily reuse templates and template slacks, you can create term plate variables in place of firewall-specific and appliance-specific IP literals in your configurations Which one is the correct configuration?A . @PanoramaB . #PancramaC . &PanoramaD . $PanoramaView AnswerAnswer: D
Which Security Profile type will prevent this attack?
An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against external hosts attempting to exploit a flaw in an operating system on an internal system. Which Security Profile type will prevent this attack?A . Vulnerability ProtectionB . Anti-SpywareC . URL FilteringD . AntivirusView AnswerAnswer:...
Which three options are supported in HA Lite? (Choose three.)
Which three options are supported in HA Lite? (Choose three.)A . Virtual linkB . Active/passive deploymentC . Synchronization of IPsec security associationsD . Configuration synchronizationE . Session synchronizationView AnswerAnswer: B,C,D Explanation: “The PA-200 firewall supports HA Lite only. HA Lite is an active/passive deployment that provides configuration synchronization and some...
What must be configured to enable the firewall to download the current version of PAN-OS software?
An administrator needs to upgrade an NGFW to the most current version of PAN-OS® software. The following is occurring: • Firewall has Internet connectivity through e1/1. • Default security rules and security rules allowing all SSL and web-browsing traffic to and from any zone. • Service route is configured, sourcing...
Which two options are available to identify the application?
The firewall identifies a popular application as an unknown-tcp. Which two options are available to identify the application? (Choose two.)A . Create a custom application.B . Create a custom object for the custom application server to identify the custom application.C . Submit an Apple-ID request to Palo Alto Networks.D ....
Which Security policy rule will allow traffic to flow to the web server?
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server?A . Untrust (any) to Untrust (10. 1.1. 100), web browsing C AllowB . Untrust (any) to Untrust (1....
Which three firewall states are valid? (Choose three.)
Which three firewall states are valid? (Choose three.)A . ActiveB . FunctionalC . PendingD . PassiveE . SuspendedView AnswerAnswer: A,D,E Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-firewall-states
Which is not a valid reason for receiving a decrypt-cert-validation error?
Which is not a valid reason for receiving a decrypt-cert-validation error?A . Unsupported HSMB . Unknown certificate statusC . Client authenticationD . Untrusted issuerView AnswerAnswer: A
Which will be the egress interface if the traffic’s ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?
Refer to the exhibit. Which will be the egress interface if the traffic’s ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?A . ethernet1/6B . ethernet1/3C . ethernet1/7D . ethernet1/5View AnswerAnswer: D
Which CLI command can be used to export the tcpdump capture?
Which CLI command can be used to export the tcpdump capture?A . scp export tcpdump from mgmt.pcap to <username@host:path>B . scp extract mgmt-pcap from mgmt.pcap to <username@host:path>C . scp export mgmt-pcap from mgmt.pcap to <username@host:path>D . download mgmt.-pcapView AnswerAnswer: C Explanation: Reference: https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Packet-Capture-tcpdump-On-Management-Interface/ta- p/55415
