Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

NGFW-Engineer Exam Dumps - Palo Alto Networks Next-Generation Firewall Engineer

Searching for workable clues to ace the Paloalto Networks NGFW-Engineer Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s NGFW-Engineer PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 4

Which configuration step is required when implementing a new self-signed root certificate authority (CA) certificate for SSL decryption on a Palo Alto Networks firewall?

A.

Import the new subordinate CA certificate into the trust stores of all client devices.

B.

Set the subordinate CA certificate as the default routing certificate for all network traffic.

C.

Configure the subordinate CA to issue certificates with indefinite validity periods.

D.

Disable all existing SSL decryption rules until the new certificate is fully propagated.

Full Access
Question # 5

Which two services are configured by applying an SSL/TLS service profile? (Choose two.)

A.

Global Protect portal

B.

Log forwarding to Strata Logging Service

C.

Forward-Trust certificate

D.

Syslog server monitoring

Full Access
Question # 6

An administrator needs to ensure that a firewall can download threat prevention and software updates, but the management port is on an isolated network without internet access.

Which service must be rerouted through a data plane interface using a service route to allow the firewall to download these updates?

A.

External dynamic lists

B.

GlobalProtect Clientless VPN

C.

Palo Alto Networks Services

D.

Syslog

Full Access
Question # 7

An administrator configures a GlobalProtect gateway with split tunneling for network traffic based on an access route. Users report that public web browsing works, but they cannot resolve the names of internal servers. The administrator determines that all DNS queries are being sent to the public DNS servers configured on the users' endpoints.

Which GlobalProtect portal setting should be configured to resolve this issue?

A.

Split tunneling for DNS and specify the internal corporate domains in the "Domain" list

B.

DNS Proxy feature on the firewall to point clients to the gateway IP for DNS

C.

"DNS Forwarding" option on the gateway's tunnel interface

D.

NAT rule to allow DNS traffic from the GlobalProtect clients to the internal DNS servers

Full Access
Question # 8

An organization needs a GlobalProtect solution that meets two key requirements:

• IT administrators must be able to run scripts and push updates to endpoints before a user logs in.

• Users must authenticate with their cloud identity provider, which is protected by multi-factor authentication (MFA).

Which GlobalProtect authentication configuration should be used to meet both requirements?

A.

Cookie-based authentication for both pre-logon and user logon.

B.

SAML authentication for pre-logon and certificate-based authentication for user logon.

C.

Single authentication profile using Kerberos to handle both pre-logon and user logon.

D.

Certificate-based authentication for pre-logon and SAML authentication for user logon.

Full Access
Go to page: