- All Exams Instant Download
If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does not appear what is the root cause?
An administrator has 750 firewalls. The administrator's central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls. If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does...
What should you recommend?
When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?A . Enable SSL decryption for known malicious source IP addressesB . Enable SSL decryption for...
When you configure an active/active high availability pair which two links can you use? (Choose two)
When you configure an active/active high availability pair which two links can you use? (Choose two)A . HA2 backupB . HA3C . Console BackupD . HSCI-CView AnswerAnswer: A,B
What is a key step in implementing WildFire best practices?
What is a key step in implementing WildFire best practices?A . In a mission-critical network, increase the WildFire size limits to the maximum valueB . In a security-first network set the WildFire size limits to the minimum valueC . Configure the firewall to retrieve content updates every minuteD . Ensure...
When overriding a template configuration locally on a firewall, what should you consider?
When overriding a template configuration locally on a firewall, what should you consider?A . Only Panorama can revert the overrideB . Panorama will lose visibility into the overridden configurationC . Panorama will update the template with the overridden valueD . The firewall template will show that it is out of...
Which benefit do policy rule UUIDs provide?
Which benefit do policy rule UUIDs provide?A . functionality for scheduling policy actionsB . the use of user IP mapping and groups in policiesC . cloning of policies between device-groupsD . an audit trail across a policy's lifespanView AnswerAnswer: D Explanation: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/management-features/universally-unique-identifiers-for-policy-rules.html
What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?
What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?A . It keeps trying to establish an IPSec tunnel to the GlobalProtect gatewayB . It stops the tunnel-establishment processing to the GlobalProtect gateway immediatelyC . It tries to establish a tunnel to...
Which value in the Application column indicates UDP traffic that did not match an App-ID signature?
Which value in the Application column indicates UDP traffic that did not match an App-ID signature?A . not-applicableB . incompleteC . unknown-ipD . unknown-udpView AnswerAnswer: D Explanation: To safely enable applications you must classify all traffic, across all ports, all the time. With App-ID, the only applications that are typically...
What is considered best practice for this scenario?
An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version What is considered best practice for this scenario?A . Perform the Panorama and firewall upgrades simultaneouslyB . Upgrade the firewall first wait at least 24 hours and then upgrade the Panorama versionC . Upgrade Panorama...
Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?
Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?A . performing a local firewall commitB . removing the firewall as a managed device in PanoramaC . performing a factory reset of the firewallD . removing the Panorama serial number from the ZTP serviceView...
