- All Exams Instant Download
Which two features require another license on the NGFW? (Choose two.)
Which two features require another license on the NGFW? (Choose two.)A . SSL Inbound InspectionB . SSL Forward ProxyC . Decryption MirrorD . Decryption BrokerView AnswerAnswer: C,D
Which method can capture IP-to-user mapping information for users on the Linux machines?
Users within an enterprise have been given laptops that are joined to the corporate domain. In some cases, IT has also deployed Linux-based OS systems with a graphical desktop. Information Security needs IP-to-user mapping, which it will use in group-based policies that will limit internet access for the Linux desktop...
To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?
To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?A . Add the policy in the shared device group as a pre-ruleB . Reference the targeted device's templates in the target device groupC . Add the policy...
How should the administrator identify the configuration changes?
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?A . review the configuration logs on the Monitor tabB . click Preview Changes under Push ScopeC . use Test Policy Match to review...
Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?
Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?A . Measure and monitor the CPU consumption of the firewall data plane to ensure that each firewall is properly sized to support DoS and zone protectionB . Create a zone protection profile...
Given this scenario which type of User-ID agent is considered a best practice by Palo Alto Networks?
Your company has to Active Directory domain controllers spread across multiple WAN links All users authenticate to Active Directory Each link has substantial network bandwidth to support all mission-critical applications. The firewalls management plane is highly utilized Given this scenario which type of User-ID agent is considered a best practice...
What are two reasons why the firewall might not use a static route?
An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used. After looking at the configuration, the administrator believes that the firewall is not using a static route. What are two reasons why the firewall might not use a static route? (Choose...
Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)
Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)A . inherit address-objects from templatesB . define a common standard template configuration for firewallsC . standardize server profiles and authentication configuration across all stacksD . standardize log-forwarding profiles for security polices across all stacksView...
How should those rules be configured to ensure that they are evaluated with a high priority?
An administrator is building Security rules within a device group to block traffic to and from malicious locations How should those rules be configured to ensure that they are evaluated with a high priority?A . Create the appropriate rules with a Block action and apply them at the top of...
PBF can address which two scenarios? (Select Two)
PBF can address which two scenarios? (Select Two)A . forwarding all traffic by using source port 78249 to a specific egress interfaceB . providing application connectivity the primary circuit failsC . enabling the firewall to bypass Layer 7 inspectionD . routing FTP to a backup ISP link to save bandwidth...
