- All Exams Instant Download
When using certificate authentication for firewall administration, which method is used for authorization?
When using certificate authentication for firewall administration, which method is used for authorization?A . RadiusB . LDAPC . KerberosD . LocalView AnswerAnswer: C
Which type of role-based access is most appropriate for this project?
A superuser is tasked with creating administrator accounts for three contractors For compliance purposes, all three contractors will be working with different device-groups in their hierarchy to deploy policies and objects. Which type of role-based access is most appropriate for this project?A . Create a Dynamic Admin with the Panorama...
Which statement is correct given the following message from the PanGPA log on the GlobalProtect app?
Which statement is correct given the following message from the PanGPA log on the GlobalProtect app? Failed to connect to server at port:47 67A . The PanGPS process failed to connect to the PanGPA process on port 4767B . The GlobalProtect app failed to connect to the GlobalProtect Portal on...
What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram?
What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram? A . IP NetmaskB . IP Wildcard MaskC . IP AddressD . IP RangeView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/networking-features/wildcard-address
in an HA failover scenario what occurs when sessions match an SSL Forward Proxy Decryption policy?
in an HA failover scenario what occurs when sessions match an SSL Forward Proxy Decryption policy?A . HA Sync does not occur the existing session is transferred to the active firewall.B . HA Sync does not occur the firewall drops the session.C . HA Sync occurs the session is sent...
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three)
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three)A . user-logon (always on)B . pre-logon then on-demandC . on-demand (manual user initiated connection)D . post-logon (always on)E . certificate-logonView AnswerAnswer: A,C,D
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two)
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two)A . Dos Protection policyB . QoS ProfileC . Zone Protection ProfileD . DoS Protection ProfileView AnswerAnswer: C,D Explanation: Flood Attack Protection Zone Protection Profiles protect against of five types of floods: • SYN (TCP) • UDP...
Which interface type would support this business requirement?
An administrator needs to implement an NGFW between their DMZ and Core network EIGRP Routing between the two environments is required. Which interface type would support this business requirement?A . Layer 3 interfaces but configuring EIGRP on the attached virtual routerB . Virtual Wire interfaces to permit EIGRP routing to...
When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?
When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?A . The interface must be used for traffic to the required servicesB . You must enable DoS and zone protectionC . You must set...
What should the enterprise do to use PAN-OS MFA1?
An enterprise information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems However a recent phisning campaign against the organization has prompted Information Security to look for more controls that can secure access to critical assets For users that need to access...
