TEST E

Which two configurations does an administrator need to compare in order to see differences between the active configuration and potential changes if committed? (Choose two.). Device state. Active. Candidate. Running.

An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?. Discard the session’s packets and send a TCP reset packet to let the client know the session has been terminated. Drop the traffic silently. Perform the default deny action as defined in the App-ID database for the application. Send a TCP reset packet to the client- and server-side devices.

If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?. Source Zone: Trusted - Destination Zone: DMZ - Services: SSH - Applications: Any - Action: Allow. Source Zone: Trusted - Destination Zone: DMZ - Services: Application-Default - Applications: SSH - Action: Allow. Source Zone: Trusted - Destination Zone: DMZ - Services: Application-Default - Applications: SSH - Action: Deny. Source Zone: Trusted - Destination Zone: DMZ - Services: SSH - Applications: Any - Action: Deny.

An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action for the profile. If a virus gets detected, how will the firewall handle the traffic?. It allows the traffic but generates an entry in the Threat logs. It drops the traffic because the profile was not set to explicitly allow the traffic. It allows the traffic because the profile was not set the explicitly deny the traffic. It uses the default action assigned to the virus signature.

An administrator needs to allow users to use only certain email applications. How should the administrator configure the firewall to restrict users to specific email applications?. Create an application filter and filter it on the collaboration category. Create an application filter and filter it on the collaboration category, email subcategory. Create an application group and add the email applications to it. Create an application group and add the email category to it.

DNS exceptions can be set under which Security profile?. Data Filtering. URL Filtering. Anti-Spyware. Antivirus.

An administrator is troubleshooting an issue with an accounts payable application. Which log setting could be temporarily configured to improve visibility?. Log at Session Start and Log at Session End both enabled. Log at Session Start and Log at Session End both disabled. Log at Session Start enabled, Log at Session End disabled. Log at Session Start disabled, Log at Session End enabled.

By default, which action is assigned to the interzone-default rule?. Allow. Deny. Reset-client. Reset-server.

What is the maximum volume of concurrent administrative account sessions?. 2. 10. 1. Unlimited.

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?. Rules without App Controls. New App Viewer. Rule Usage – Unused. Unused Apps.

Where within the firewall GUI can all existing tags be viewed?. Policies > Tags. Network > Tags. Objects > Tags. Monitor > Tags.

What is the Anti-Spyware Security profile default action?. Sinkhole. Reset-client. Drop. Reset-both.

To enable DNS sinkholing, which two addresses should be reserved? (Choose two.). MAC. IPv6. Email. IPv4.

A NetSec manager was asked to create a new firewall administrator profile with customized privileges. The new firewall administrator must be able to download TSF File and Starts Dump File but must not be able to reboot the device. Where does the NetSec manager go to configure the new firewall administrator role profile?. Device > Admin Roles > Add > XML API > Configuration. Device > Admin Roles > Add > XML API > Operational Request. Device > Admin Roles > Add > Web UI > Support. Device > Admin Roles > Add > Web UI > Operations.

What must exist in order for the firewall to route traffic between Layer 3 interfaces?. Virtual router. Virtual wires. Traffic Distribution profile. VLANs.

Which path in PAN-OS 10.2 is used to schedule a content update to managed devices using Panorama?. Panorama > Device Deployment > Dynamic Updates > Schedules > Add. Panorama > Device Deployment > Content Updates > Schedules > Add. Panorama > Dynamic Updates > Device Deployment > Schedules > Add. Panorama > Content Updates > Device Deployment > Schedules > Add.

In which threat profile object would you configure the DNS Security service?. Antivirus. Anti-Spyware. WildFire. URL Filtering.

A network security engineer must implement Quality of Service policies to ensure specific levels of delivery guarantees for various applications in the environment. They want to ensure that they know as much as they can about QoS before deploying. Which statement about the QoS feature is correct?. QoS can be used in conjunction with SSL decryption. QoS is only supported on hardware firewalls. QoS is only supported on firewalls that have a single virtual system configured. QoS can be used on firewalls with multiple virtual systems configured.

Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.). Pre-NAT address. Post-NAT address. Pre-NAT zone. Post-NAT zone.

If a universal security rule was created for source zones A & B and destination zones A & B, to which traffic would the rule apply?. Some traffic between A & B. Some traffic within A. All traffic within zones A & B. Some traffic within B.

Which interface type requires no routing or switching but applies Security or NAT policy rules before passing allowed traffic?. Tap. Virtual Wire. Layer 2. Layer 3.

What is a valid Security Zone type in PAN-OS?. Management. Logical. Transparent. Tap.

An administrator is creating a Security policy rule and sees that the destination zone is grayed out. While creating the rule, which option was selected to cause this?. Interzone. Source zone. Universal (default). Intrazone.

How many levels can there be in a device-group hierarchy, below the shared level?. 2. 3. 4. 5.

Where in Panorama would Zone Protection profiles be configured?. Templates. Device Groups. Shared. Panorama tab.

Which parameter is used to view the Security policy rulebase as groups?. Tags. Service. Type. Action.

When a security rule is configured as Intrazone, which field cannot be changed?. Destination Zone. Actions. Source Zone. Application.

An administrator is trying to understand which NAT policy is being matched. In what order does the firewall evaluate NAT policies?. Dynamic IP and Port first, then Static, and finally Dynamic IP. From top to bottom. Static NAT rules first, then lop down. Static NAT rules first, then Dynamic.

Which policy set should be used to ensure that a policy is applied just before the default security rules?. Shared post-rule base. Local firewall policy. Parent device-group post-rule base. Child device-group post-rule base.

Which System log severity level would be displayed as a result of a user password change?. Low. Medium. High. Critical.

Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?. smb. imap. ftp. http2.

A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practices to ensure consistent performance?. Use Decryption profiles to downgrade processor-intensive ciphers to ciphers that are less processor-intensive. Use Decryption profiles to drop traffic that uses processor-intensive ciphers. Use PFS in a Decryption profile for higher-priority and higher-risk traffic, and use less processor-intensive decryption methods for lower-risk traffic. Use RSA in a Decryption profile for higher-priority and higher-risk traffic, and use less processor-intensive decryption methods for lower-risk traffic.

What are the two types of Administrator accounts? (Choose two.). Role Based. Superuser. Dynamic. Local.

The Net Sec Manager asked to create a new Firewall Operator profile with customized privileges. In particular, the new firewall operator should be able to: Check the configuration with read-only privilege for LDAP, RADIUS, TACACS+, and SAML as Server profiles to be used inside an Authentication profile. The firewall operator should not be able to access anything else. What is the right path m order to configure the new firewall Administrator Profile?. Device > Admin Roles > Add > Web UI > Device > Server Profiles Device > Admin Roles > Add > Web UI > disable access to everything else. Device > Admin Roles > Add > Web UI > Objects > Server Profiles Device > Admin Roles > Add > Web UI > disable access to everything else. Device > Admin Roles > Add >Web UI > Objects > Authentication Profile Device > Admin Roles > Add > Web UI > disable access to everything else. Device > Admin Roles > Add > Web UI > Device > Authentication Profile Device > Admin Roles > Add > Web UI > disable access to everything else.

Within the WildFire Analysis profile, which three items are configurable? (Choose three.). FileType. Direction. Service. Application. Objects.

Which Security profile can be used to configure sinkhole IPs m the DNS Sinkhole settings?. Vulnerability Protection. Anti-Spyware. Antivirus. URL Filtering.

Which three management interface settings must be configured for functional dynamic updates and administrative access on a Palo Alto Networks firewall? (Choose three.). NTP. IP address. MTU. DNS server. service routes.

How does the Policy Optimizer policy view differ from the Security policy view?. It provides sorting options that do not affect rule order. It specifies applications seen by rules. It displays rule utilization. It details associated zones.

An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value. What type of Security policy rule is created?. Intrazone. Interzone. Universal. Tagged.

What do application filters help provide access to?. Applications that are explicitly sanctioned for use within a company. Applications that are not explicitly sanctioned and that a company wants users to be able to access. Applications that are explicitly unsanctioned for use within a company. Applications that are not explicitly unsanctioned and that a company wants users to be able to access.

What is the function of an application group object?. It contains applications that you want to treat similarly in policy. It groups applications dynamically based on application attributes that you define. It represents specific ports and protocols for an application. It identifies the purpose of a rule or configuration object and helps you better organize your rulebase.

How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?. The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin then creates a Security policy allowing application "ssh" and service "tcp-4422". The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "application-default". The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin also creates a custom service object named "tcp-22" with port tcp/22. The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "tcp-22". The admin creates a Security policy allowing application "ssh" and service "application-default".

Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?. DNS Malicious signatures. DNS Security signatures. DNS Malware signatures. DNS Block signatures.

Which Security policy action will message a user's browser that their web session has been terminated?. Reset client. Deny. Drop. Reset server.

In order to protect users against exploit kits that exploit a vulnerability and then automatically download malicious payloads, which Security profile should be configured?. Anti-Spyware. WildFire. Vulnerability Protection. Antivirus.

Which verdict may be assigned to a WildFire sample?. Phishing. Spyware. PUP. Malware.

To protect against illegal code execution, which Security profile should be applied?. Antivirus profile on allowed traffic. Antivirus profile on denied traffic. Vulnerability Protection profile on allowed traffic. Vulnerability Protection profile on denied traffic.

Which three types of entries can be excluded from an external dynamic list? (Choose three.). IP addresses. Applications. User-ID. Domains. URLs.

The Administrator profile “PCNSA Admin” is configured with an Authentication profile “Authentication Sequence PCNSA”. The Authentication Sequence PCNSA has a profile list with four Authentication profiles: Auth Profile LDAP - Auth Profile Radius - Auth Profile Local - Auth Profile TACACS - After a network outage, the LDAP server is no longer reachable. The RADIUS server is still reachable but has lost the “PCNSA Admin” username and password. Which option describes the “PCNSA Admin” login capabilities after the outage?. Auth OK because of the Auth Profile TACACS. Auth KO because RADIUS server lost user and password for PCNSA Admin. Auth OK because of the Auth Profile Local. Auth KO because LDAP server is not reachable.

A firewall has Security policies from three sources: 1. locally created policies 2. shared device group policies as pre-rules 3. the firewall's device group as post-rules How will the rule order populate once pushed to the firewall?. shared device group policies, local policies, firewall device group policies. firewall device group policies, local policies, shared device group policies. local policies, firewall device group policies, shared device group policies. shared device group policies, firewall device group policies, local policies.

A Panorama administrator would like to create an address object for the DNS server located in the New York City office, but does not want this object added to the other Panorama managed firewalls. Which configuration action should the administrator take when creating the address object?. Tag the address object with the New York Office tag. Ensure that Disable Override is cleared. Ensure that the Shared option is checked. Ensure that the Shared option is cleared.

An administrator is troubleshooting an issue with traffic that matches the interzone-default rule, which is set to default configuration. What should the administrator do?. Change the logging action on the rule. Tune your Traffic Log filter to include the dates. Refresh the Traffic Log. Review the System Log.

What is the default action for the SYN Flood option within the DoS Protection profile?. Reset-client. Alert. Sinkhole. Random Early Drop.

Application groups enable access to what?. Applications that are explicitly unsanctioned for use within a company. Applications that are not explicitly unsanctioned and that an administrator wants users to be able to access. Applications that are explicitly sanctioned for use within a company. Applications that are not explicitly sanctioned and that an administrator wants users to be able to access.

Where does a user assign a tag group to a policy rule in the policy creation window?. General tab. Usage tab. Application tab. Actions tab.

A Firewall Engineer is migrating a legacy firewall to a Palo Alto Networks firewall in order to use features like App-ID and SSL decryption. Which order of steps is best to complete this migration?. First migrate SSH rules to App-ID; then implement SSL decryption. Configure SSL decryption without migrating port-based security rules to App-ID rules. First implement SSL decryption; then migrate port-based rules to App-ID rules. First migrate port-based rules to App-ID rules; then implement SSL decryption.

What is considered best practice with regards to committing configuration changes?. Wait until all running and pending jobs are finished before committing. Export configuration after each single configuration change performed. Validate configuration changes prior to committing. Disable the automatic commit feature that prioritizes content database installations before committing.

Which Security profile generates an alert based on a threshold when the action is set to Alert?. Vulnerability Protection. Antivirus. DoS protection. Anti-Spyware.

Given the network diagram, which two statements are true about traffic between the User and Server networks? (Choose two.). Traffic is permitted through the default Intrazone “allow” rule. Traffic restrictions are not possible because the networks are in the same zone. Traffic is permitted through the default Interzone “allow” rule. Traffic restrictions are possible by modifying Intrazone rules.

Which setting is available to edit when a tag is created on the local firewall?. Color. Location. Order. Priority.

With the PAN-OS 11.0 Nova release, which two attack options can new inline deep learning analysis engines detect and prevent? (Choose two.). Command injection attacks. SSL attacks. SQL injection attacks. HTTP attacks.

Which profile must be applied to the Security policy rule to block spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers?. Anti-spyware. File blocking. WildFire. URL filtering.

Which feature dynamically analyzes and detects malicious content by evaluating various web page details using a series of machine learning (ML) models?. Antivirus Inline ML. URL Filtering Inline ML. Anti-Spyware Inline ML. WildFire Inline ML.

An administrator is troubleshooting an issue with Office365 and expects that this traffic traverses the firewall. When reviewing Traffic Log entries, there are no logs matching traffic from the test workstation. What might cause this issue?. Office365 traffic is logged in the System Log. Office365 traffic is logged in the Authentication Log. Traffic matches the interzone-default rule, which does not log traffic by default. The firewall is blocking the traffic, and all blocked traffic is in the Threat Log.

When creating an address object, which option is available to select from the Type drop-down menu?. IPv6 Address. IP Netmask. IPv4 Address. IP Address Class.

Ethernet 2/1 has an IP Address of 10.0 1 2 in Zone ‘trust’ (LAN). If both interfaces are connected to the same virtual router, which IP address information will an administrator need to enter in the Destination field to access the internet?. 0.0.0.0. 10.0.2.1/32. 10.0.1.254/32. 0.0.0.0/0.

Where within the URL Filtering security profile must a user configure the action to prevent credential submissions?. URL Filtering > Categories. URL Filtering > URL Filtering Settings. URL Filtering > Inline Categorization. URL Filtering > HTTP Header Insertion.

Which Security profile must be added to Security policies to enable DNS Signatures to be checked?. URL Filtering. Vulnerability Protection. Anti-Spyware. Antivirus.

Which two Security profile actions can only be applied to DoS Protection profiles? (Choose two.). Reset-server. Reset-both. SYN cookies. Random Early Drop.

Where can you apply URL Filtering policy in a Security policy rule?. Within the applications selection. Within a destination address. Within a service type. Within the actions tab.

Which interface types are assigned to IEEE 802.1Q VLANs?. Tunnel interfaces. Layer 2 subinterfaces. Layer 3 subinterfaces. Loopback interfaces.

Which three factors can be used to create malware based on domain generation algorithms? (Choose three.). Time of day. URL custom categories. Other unique values. Cryptographic keys. IP address.

Which action column is available to edit in the Action tab of an Antivirus security profile?. Virus. Signature. Spyware. Trojan.

Given the detailed log information above, what was the result of the firewall traffic inspection?. It denied the category DNS phishing. It denied the traffic because of unauthorized attempts. It was blocked by the Anti-Virus Security profile action. It was blocked by the Anti-Spyware Profile action.

When configuring a security policy, what is a best practice for User-ID?. Use only one method for mapping IP addresses to usernames. Allow the User-ID agent in zones where agents are not monitoring services. Limit User-ID to users registered in an Active Directory server. Deny WMI traffic from the User-ID agent to any external zone.