Which three items are import considerations during SD-WAN configuration planning? (Choose three.)
Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?
Which URL Filtering Security Profile action togs the URL Filtering category to the URL Filtering log?
Which Device Group option is assigned by default in Panorama whenever a new device group is created to manage a Firewall?
People are having intermittent quality issues during a live meeting via web application.
Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunner is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces.
Which Link Type setting will correct the error?
When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?
The company's Panorama server (IP 10.10.10.5) is not able to manage a firewall that was recently deployed. The firewall's dedicated management port is being used to connect to the management network.
Which two commands may be used to troubleshoot this issue from the CLI of the new firewall? (Choose two)
The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?
Which two interface types can be used when configuring GlobalProtect Portal?(Choose two)
A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects> Security Profiles> Anti-Spyware and select default profile.
What should be done next?
Which two logs on the firewall will contain authentication-related information useful for troubleshooting purpose (Choose two)
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accomplish this goal?
YouTube videos are consuming too much bandwidth on the network, causing delays in mission-critical traffic. The administrator wants to throttle YouTube traffic. The following interfaces and zones are in use on the firewall:
* ethernet1/1, Zone: Untrust (Internet-facing)
* ethernet1/2, Zone: Trust (client-facing)
A QoS profile has been created, and QoS has been enabled on both interfaces. A QoS rule exists to put the YouTube application into QoS class 6. Interface Ethernet1/1 has a QoS profile called Outbound, and interface Ethernet1/2 has a QoS profile called Inbound.
Which setting for class 6 with throttle YouTube traffic?
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?
The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.
Which solution in PAN-OS® software would help in this case?
During the packet flow process, which two processes are performed in application identification? (Choose two.)
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration. Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.
Which VPN configuration would adapt to changes when deployed to the future site?
How can an administrator configure the NGFW to automatically quarantine a device using GlobalProtect?
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
Which is not a valid reason for receiving a decrypt-cert-validation error?
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?
Refer to the exhibit.
An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A)
B)
C)
D)
An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router. Which two options enable the administrator to troubleshoot this issue? (Choose two.)
Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?
An administrator sees several inbound sessions identified as unknown-tcp in the traffic logs. The administrator determines that these sessions are from external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this as their accounting application and to scan this traffic for threats. Which option would achieve this result?
An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN-OS software?
An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?
An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS® software. The firewall has internet connectivity through an Ethernet interface, but no internet connectivity from the management interface. The Security policy has the default security rules and a rule that allows all web-browsing traffic from any to any zone. What must the administrator configure so that the PAN-OS® software can be upgraded?
An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22
Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?
A)
B)
C)
D)
ON NO: 56
An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.
The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?
What are two characteristic types that can be defined for a variable? (Choose two )
A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)
Which three authentication services can administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)
Match each SD-WAN configuration element to the description of that element.
You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?
When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?
What are three reasons for excluding a site from SSL decryption? (Choose three.)
Which CLI command displays the physical media that are connected to ethernetl/8?
In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)
Which GlobalProtect component must be configured to enable Clientless VPN?
The UDP-4501 protocol-port is used between which two GlobalProtect components?
An administrator notices that an interlace configuration has been overridden locally on a firewall. They require an configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?
A Panorama administrator configures a new zone and uses the zone in a new Security policy.
After the administrator commits the configuration to Panorama, which device-group commit push operation should the administrator use to ensure that the push is successful?
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
With the default TCP and UDP settings on the firewall what will be me identified application in the following session?
A company wants to use their Active Directory groups to simplify their Security policy creation from Panorama.
Which configuration is necessary to retrieve groups from Panorama?
Cortex XDR notifies an administrator about grayware on the endpoints.
There are no entnes about grayware in any of the logs of the corresponding firewall.
Which setting can the administrator configure on the firewall to log grayware verdicts?
Which Panorama objects restrict administrative access to specific device-groups?
A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?
Refer to the image.
An administrator is tasked with correcting an NTP service configuration for firewalls that cannot use the Global template NTP servers. The administrator needs to change the IP address to a preferable server for this template stack but cannot impact other template stacks.
How can the issue be corrected?
Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?