Why would a traffic log list an application as "not-applicable”?
Why would a traffic log list an application as "not-applicable”?A . The firewall denied the traffic before the application match could be performed.B . The TCP connection terminated without identifying any application dataC . There was not enough application data after the TCP connection was establishedD . The application is...
Given the rule below, what change should be made to make sure the NAT works as expected?
Review the information below. A firewall engineer creates a U-NAT rule to allow users in the trust zone access to a server in the same zone by using an external, public NAT IP for that server. Given the rule below, what change should be made to make sure the NAT...
Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?
A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?A . Choose the URL categories in the User...
Which method should the administrator use when creating Forward Trust and Forward Untrust certificates on the firewall for use with decryption?
During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise...
What part of the configuration should the engineer verify?
Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify?A . IKE Crypto ProfileB . Security policyC . Proxy-IDsD . PAN-OS versionsView AnswerAnswer: C Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbXCAS https://live.paloaltonetworks.com/t5/general-topics/phase-2-tunnel-is-not-up/td-p/424789
Which operation will impact the performance of the management plane?
Which operation will impact the performance of the management plane?A . Decrypting SSL sessionsB . Generating a SaaS Application reportC . Enabling DoS protectionD . Enabling packet buffer protectionView AnswerAnswer: B Explanation: TIPS & TRICKS: REDUCING MANAGEMENT PLANE LOAD: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSvCAK TIPS & TRICKS: REDUCING MANAGEMENT PLANE LOAD―PART 2: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClU4CAK
What should they review with their leadership before implementation?
An engineer is tasked with deploying SSL Forward Proxy decryption for their organization. What should they review with their leadership before implementation?A . Browser-supported cipher documentationB . Cipher documentation supported by the endpoint operating systemC . URL risk-based category distinctionsD . Legal compliance regulations and acceptable usage policiesView AnswerAnswer: D...
If a URL is in multiple custom URL categories with different actions, which action will take priority?
If a URL is in multiple custom URL categories with different actions, which action will take priority?A . AllowB . OverrideC . BlockD . AlertView AnswerAnswer: C Explanation: When a URL matches multiple categories, the category chosen is the one that has the most severe action defined below (block being...
In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must be configured on the firewall?
Refer to the diagram. Users at an internal system want to ssh to the SSH server. The server is configured to respond only to the ssh requests coming from IP 172.16.16.1. In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must...
Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be compromised by a botnet?
Refer to the exhibit. Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be compromised by a botnet?A . Click the hyperlink for the Zero Access.Gen threat.B . Click the left...