option
Questions
ayuda
daypo
CREATE TEST
search.php

ERASED TEST, YOU MAY BE INTERESTED ON examPA

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
examPA

Description:
practica del examen palo alto

Author:
x
Other tests from this author

Creation Date: 17/12/2024

Category: Computers

Number of questions: 123
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
which security profile on the next generation firewall (NGFW) includes signatures to protect against brute force attacks? vulnerability protection profile URL filtering profile anti-spyware profile.
if a palo alto netwroks next generation firewall (NGFW) already has advanced threat prevention (ATP) enabled what is the throughput impact of also enabling wildfire and advanced URL filtering (AURLF)? The throughput will decrease with each additional subscription enabled. The throughput will remain consistent, but the maximum number of simultaneous sessions will decrease. The throughput will remain consistent regardless of the additional subscriptions enabled. The throughput will decrease, but the maximum simultaneous sessions will remain consistent.
what helps avoid split brain in active/passive high availability (HA) pair deployment? Use a standard traffic interface as the HA2 backup Enable preemption on both firewall in the HA pair Use the management interface as the HA1 backup link Use a standard traffic interface as the HA3 link.
which cli commands allows you to view SD-WAN events such as path selection and path quality measurements? show sdwan connection all show sdwan path-monitor stats vif show sdwan event show sdwan session distribution policy-name.
a costumer with a fully licensed palo alto networks firewall is concerned about threats based on domain generation algorithms (DGAs). which security profile is used to configure DNS to identify and block previously unknown DGA-based threats in real time? anti-spyware profile URL filtering profile vulnerability protection profile wildfire analysis profile.
A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. they need a solution that solves the performance problems that plague today's security infrastructure. which aspect of the palo alto networks NGFW capabilities can you highlight to help them address the requierments? SP3 (Single Pass Parallel Processing) globalprotect threat prevention elastic load balancers.
which three actions should be taken before deploying a firewall evaluation unit in the customer's environment. (choose three) Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed Request that the customer make port 3978 available to allow the evaluation unit to communicate with panorama Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned Set expectations around which information will be presented in the security lifecycle review because sensitive information may be made visible Inform the customer that they will need to provide a SPAN port for the evaluation unit assuming a TAP mode deployment.
in an HA pair running Active/passive mode, over which interface do the dataplanes communicate? HA3 HA1 HA2 HA4.
what is used to choose the best path on a virtual router that has two or more different routes to the same destination? Metric Source zone Administrative distance Path monitoring.
which three features are used to prevent abuse of stolen credentials? (choose three) Multifactor authentication URL filtering profiles WildFire profiles Prisma access SSL descryption rules.
which two actions can be taken to enforce protection from brute force attacks in the security policy? (choose two) Create a log forwarding object to send logs to panorama and a third-party syslog server event correlation Install content updates that include new signatures to protect against emerging threats. Attach the vulnerability profile to a security rule Add the URL filtering profile to a security rule.
A customer requires protections and verdicts for PE (portable executable) and ELF (executable and linkable format) as well as integration with products and services can also access the immediate verdicts to coordinate enforcement to prevent successful attacks. What competitive feature does Palo Alto Networks provide that will address this requirement? File blocking profile Dynamic unpacking WildFire DNS security.
which interface types can be associated to a virtual router? (choose two) Loopback Virtual wire VLAN Layer 2.
A customer with a legacy firewall architecture focused on port-and-protocol-level security has heard that NGFWs open all ports by default. Which statement regarding Palo Alto Networks NGFWs is an appropriate rebuttal that explains an advantage over legacy firewalls? They do not consider port information, instead relying on App-ID signatures that do not reference ports They protect all applications on all ports while leaving all ports open by default They can control applications by application-default service ports or a configurable list of approved ports on a per-policy basis They keep ports closed by default, only opening after understanding the application request and then opening only the application specified ports.
which task would be identified in best practice assessment tool? Identify the visibility and presence of command-and-control sessions Identify sanctioned and unsanctioned SaaS applications Identify the threats associated with each application Identify and provide recommendations for device management access.
which two of the following does decryption broker provide on a NGFW? (Choose two.) Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement Provides a third party SSL descryption option which allows you to increase the total number of third party devices performing analysis and enforcement Decryption broker allows you to affload SSL decryption the palo alto networks next generation firewall and decrypt traffic multiple times.
Which task would be included in the Best Practice Assessment (BPA) tool? Identify sanctiones and unsacioned software-as-a-service (SaaS) applications Identify and provide recommendations for device configurations. Identify the threats associated with each application Identify the visibility and presence of command-and-control (C2) sessions.
Which three steps in the cyberattack lifecycle does Palo Alto Networks Security Operating Platform prevent? (Choose three.) recon the target deliver the malware exfiltrate data weaponize vulnerabilities lateral movement.
What will best enhance security of a production online system while minimizing the impact for the existing network? active/active high availability (HA) layer 2 interfaces virtual systems virtual wire.
A large number of next-generation firewalls (NGFWs), along with Panorama and WildFire have been positioned for a prospective customer. The customer is concerned about storing retrieving and archiving firewall logs and has indicated that logs must be retained for a minimum of 60 days. An additional requirement is ingestion of a maximum of 10,000 logs per second. What will best meet the customer's logging requirements? NGFWs that have at least 10TB of internal storage Appropriate sized NGFW based on use of the POPSICLE tool Appropriate Data Lake storage determined by using the Data Lake Calculator A pair of fully populated M-300 storage appliances .
Which two platform components can identify and protect against malicious email links? (Choose two.) panorama appliance wildFire appliance wildFire public cloud panorama plugin.
WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through. Which command returns a valid result to verify the ML is working from the command line? show ml cloud-status show wfml cloud-status show mlav cloud-status show wfav cloud-satus.
A customer has business-critical applications that rely on the web-browsing App-ID application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic? File Blocking Profile Denial of service (DoS) protection profile Uniform resource locator (URL) filtering profile Vulnerability protection profile.
Which two statements apply to a Palo Alto Networks NGFW but not to a legacy firewall product? (Choose two.) Traffic control is based on IP, port and protocol Policy match is based on application. Identification of application is possible on any port Layer 3 routing is a standard feature.
What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection? run a perl script to regularly check for updates and alert when one is released store updates on an intermediary server and point all the firewalls to it. Use dynamic updates with an aggressive update schedule monitor update announcement and manually push updates to firewalls.
Which two statements correctly describe what a Network Packet Broker does for a Palo Alto Networks Next-Generation Firewall (NGFW)? (Choose two.) It provides a third-pary SSL decryption options. which can increase the total number of third party devices performing analysis and enforcemnt It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted only once. It eliminates the need for a third-party SSL decryption option, which reduces the total number of third-party devices performing decryption. It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted multiple times.
Which statement applies to Palo Alto Networks Single Pass Parallel Processing (SP3)? It processes all traffic in a single pass with no additional performance impact for each enabled feature. It processes each feature in a reparate single pass with additional performance impact for each enabled feature It splits the traffic and processes all security features in a single pass and all network features in a separate pass Its processing applies only to security features and does not include any networking features.
WildFire subscription supports analysis of which three types? (Choose three.) GIF 7-Zip Flash RPM ISO DMG.
When having a customer pre-sales call, which aspects of the NGFW should be covered? The NGFW simplifies your operations through analytics and automation while giving you consistent protection through exceptional visibility and control across the data center, perimeter, branch, mobile and cloud networks The Palo Alto Networks-developed URL filtering database, PAN-DB provides high-performance local caching for maximum inline performance on URL lookups, and offers coverage against malicious URLs and IP addresses. As WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs), the PAN-DB database is updated with information on malicious URLs so that you can block malware downloads and disable Command and Control (C2) communications to protect your network from cyberthreats. URL categories that identify confirmed malicious content -malware, phishing, and C2 are updated every five minutes to ensure that you can manage access to these sites within minutes of categorization The NGFW creates tunnels that allow users/systems to connect securely over a public network, as if they were connecting over a local area network (LAN). To set up a VPN tunnel you need a pair of devices that can authenticate each other and encrypt the flow of information between them The devices can be a pair of Palo Alto Networks firewalls, or a Palo Alto Networks firewall along with a VPN-capable device from another vendor Palo Alto Networks URL Filtering allows you to monitor and control the sites users can access, to prevent phishing attacks by controlling the sites to which users can submit valid corporate credentials, and to enforce safe search for search engines like Google and Bing.
The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW? first packet processor Stream-based Signature Engine SIA (Scan It All) processing engine security processing engine .
Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.) Policy match is based on application Traffic control is based on IP, port and protocol Traffic is separated by zones Identification of application is possible on any port.
What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.) It represents the remediation server that the client should visit for patching The client communicates with it instead of the malicious IP address. It will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime. In situations where the internal DNS server is between the client and the firewall, it gives the firewall the abality to identify the clients who originated the query to the maliciouys domain.
a costumer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds. how is this goal accomplihed? create a custom spyware signature matching the known signature with the time attribute add a correlation object that tracks the occurrences and triggers above the desired threshold submit a request to palo alto networks to change the behavior at the next update configure the anti-spyware profile with the number of rule counts to match the occurrence frequency.
which three mechanisms are valid for enabling user mapping? (choose three) client probing user behavior recognition reverse DNS lookpup domain server monitoring captive portal.
a customer is designing a private data center to host their new web application along with a separate headquearters for user. which cloud-delivered security service (CDSS) would be recommended for the headquearters only? wildFire threat prevention advanced URL (AURLF) DNS security.
What are three considerations when deploying User-ID? (Choose three.) Specify included and excluded networks when configuring User-ID Only enable User-ID on trusted zones Use a dedicated service account for User-ID services with the minimum permissions necessary evaluate within the parameter that user-ID can support a maximum of 15 hops enable windows management instrumentation (WMI) probing in high security networks.
Which four actions can be configured in an Anti-Spyware profile to address command-and-control traffic from compromised hosts? (Choose four.) Reset Quarantine Drop Allow Redirect Alert.
Which two methods will help avoid Split Brain when running HA in Active/Active mode? (Choose two.) Configure a Backup HA1 Interface Configure a Heartbeat Backup Create a loopback IP address and use that as a source interface Place your management.
Which methods are used to check for Corporate Credential Submissions? (Choose three.) Group Mapping IP User Mapping LDAP query Domain Credential Filter User ID credential check.
A WildFire subscription is required for which two activities? (Choose two.) Decrypting secure sockets layer (SSL) Enforcing policy based on Host Information Profile (HIP) Using the WildFire application programming interface (API) to submit website links for analysis Forwarding advanced file types from the firewall for analysis.
What does WildFire block on a next-generation firewall (NGFW) that already has Advanced Threat Prevention (ATP) enabled? brute-force attacks Malicious unknown files port scans benign unknown files .
A packet that is already associated with a current session arrives at the firewall. What is the flow of the packet after the firewall determines that it is matched with an existing session? It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress. it is sent through the slow path for further inspection. if subject to content ispection, it will pass through multiple content inspection engines before egress it is sent through the slow path for further inspection. if subject to content inspection, it will pass through a single stream-based contnt inspection engines before egress it is sent through the fast path because session establishment is not required, if subject to content inspection, it will pass through a single stream-based content inspection engine before egress .
which is the smallest panorama solution that can be used to manage up to 2500 palo alto networks next generation firewalls? M-200 M-600 M-1'' Panorama VM-Series.
in which step of the palo alto networks five-step zero trust methology would an organization's critical data applicacions assets, and services (DAAS) be identified? step 2: map the transaction flows step 4: create the zero trust policy step 1: define the protect surface step 3: architect a zero trust network.
there are different master keys on panorama and managed firewalls. what is the result if a Panorama administrator pushes configuration to managed firewalls? the push operation will fail regardless of an error or not within the configuration itself provided there's no error within the configuration to be pushed, the push will succeed. the master key from the managed firewalls will be overwritten with the master key from panorama there will be a popup to ask if the master key from the panorama should replace the master replace the master key from the managed firewalls.
which three of the following are identified in the best practice assessment tool? (choose three) use of device management access and settings use of decryption policies presence of command-and-control (C2) sessions identification of sanctioned and unsanctioned software-as-a-service (SaaS) application measurement of the adoption of URL filters, app-ID, and user-ID.
The Palo Alto Networks Cloud Identity Engine (CIE) includes which service that supports Identity Providers (IdP)? Directory Sync and Cloud Authentication Service that support IdP using SAML 2.0 Directory Sync that supports IdP using SAML 2.0 Cloud Authentication Service that supports IdP using SAML 2.0 and OAuth2 Directory Sync and Cloud Authentication Service that support IdP using SAML 2.0 and OAuth2.
What are two ways to manually add and remove members of dynamic user groups? (Choose two.) Tag the user through Active Directory. Tag the user using Panorama or the Web Ul of the firewall. Tag the user through the firewall's XML API. ID Add the user to an external dynamic list (EDL).
Which built-in feature of PAN-OS allows the next-generation firewall (NGFW) administrator to create a policy that provides autoremediation for anomalous user behavior and malicious activity while maintaining user visibility? dynamic user groups dynamic address groups tagging groups remote device User-ID groups.
A potential customer requires an NGFW solution that enables high-throughput, low-latency network security and also inspects the application. Which aspect of the Palo Alto Networks NGFW capabilities should be highlighted to help address these requirements? single-pass architecture (SPA) threat prevention GlobalProtect Elastic Load Balancing (ELB).
Which statement best describes the business value of Palo Alto Networks' Zero Touch Provisioning (ZTP)? When it is in place, it removes the need for an onsite firewall When purchasing the service, Palo Alto Networks will send an engineer to physically deploy the firewall to the customer environment. It allows a firewall to be automatically connected to the local network wirelessly. It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server.
What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three.) minimized threat landscape due to reducing internet footprint to a single point of failure cost savings due reduction in IT management effort and device consolidation improved revenue due to more efficient network traffic throughput operational efficiencies due to reduction in manual incident review and decrease in mean time to resolution (MTTR) increased security due to scalable cloud-delivered security services (CDSS).
Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.) multi-factor authentication (MFA) URL Filtering Profiles WildFire analysis dynamic user groups.
In Panorama, which three reports or logs will help identify the inclusion of a host/source in a command-and-control (C2) incident? (Choose three.) WildFire analysis reports data filtering logs botnet reports threat logs SaaS reports.
Which statement describes how Palo Alto Networks can eliminate implicit user trust, regardless of user location? User-ID is only available with a valid Threat Prevention subscription User-ID is verified at the start of a transaction and is then explicitly trusted User-ID is verified at the end of a transaction and is then explicitly trusted User-ID is continually monitored and validated throughout the transaction.
What filtering criteria is used to determine what users to include as members of a dynamic user group? Tags Login IDs Security Policy Rules IP Addresses.
Palo Alto Networks publishes updated Command-and-Control signatures. How frequently should the related signatures schedule be set? Once an hour Once a day Once a week Once every minute.
A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture. What are two steps in this process? (Choose two.) Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls Categorize data and applications by levels of sensitivity. Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall. Validate user identities through authentication.
Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive. How should the site be made available? Create a custom URL category and add it on exception of the inline ML profile. Change the action of real-time-detection category on URL filtering profile. Create a custom URL category and add it to the Security policy. Disable URL Filtering inline ML.
Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.) use of device management access and settings identify sanctioned and unsanctioned SaaS applications expose the visibility and presence of command-and-control sessions measure the adoption of URL filters, App-ID, User-ID use of decryption policies.
A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network. Which version of WildFire will meet this customer's requirements? WildFire Government Cloud WildFire Public Cloud WildFire Private Cloud WildFire Secure Cloud.
What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time? block the query allow the request and all subsequent responses temporarily disable the DNS Security function discard the request and all subsequent responses.
Which two actions should be taken to provide some protection when a client chooses not to block uncategorized websites? (Choose two.) Add a URL-filtering profile with the action set to "Continue" for unknown URL categories attached to Security policy rules that allow web access Attach a file-blocking profile to Security policy rules that allow uncategorized websites Add a Security policy rule using only known URL categories with the action set to "Allow." Attach a data-filtering profile with a custom data pattern to Security policy rules that deny uncategorized websites.
Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.) validate credential submission detection enable User-ID define an SSL decryption rulebase define URL Filtering Profile Enable App-ID.
A customer is concerned about zero-day targeted attacks against its intellectual property. Which solution informs a customer whether an attack is specifically targeted at them? Cortex XDR Prevent Auto Focus Cortex XSOAR Community edition Panorama Correlation Report.
Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license? Access to the WildFire API WildFire hybrid deployment PE file upload to WildFire 5 minute WildFire updates to threat signatures.
XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy. Which two features must be enabled to meet the customer's requirements? (Choose two.) Virtual systems HA active/active HA active/passive Policy-based forwarding.
Which two of the following are required when configuring the Domain Credential Filter method for preventing phishing attacks? (Choose two.) LDAP connector Group mapping IP-address-to-username mapping Windows User-ID agent.
What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design? There are no benefits other than slight performance upgrades It allows Palo Alto Networks to add new functions to existing hardware Only one processor is needed to complete all the functions within the box It allows Palo Alto Networks to add new devices to existing hardware.
A customer next-generation firewall (NGFW) proof-of-concept (POC) and final presentation have just been completed. Which CLI command is used to clear data, remove all logs, and restore default configuration? request private-data-reset system request reset system public-data-reset request system private-data-reset reset system public-data-reset.
Which of the following statements is valid with regard to DNS sinkholing? It requires the Vulnerability Protection profile to be enabled. It requires a Sinkhole license in order to activate. DNS sinkholing signatures are packaged and delivered through Vulnerability Protection updates. Infected hosts connecting to the Sinkhole Internet Protocol (IP) address can be identified in the traffic logs.
Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto Networks next-generation firewall (NGFW)? (Choose two.) multiple virtual systems active/active high availability (HA) non-SYN first packet asymmetric routing profile .
In which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified? Step 1: Define the protect surface. Step 4: Create the Zero Trust policy. Step 3: Architect a Zero Trust network. Step 2: Map the transaction flows.
Which two email links, contained in SMTP and POP3, can be submitted from WildFire analysis with a WildFire subscription? (Choose two.) FTP HTTPS RTP HTTP.
Which action can prevent users from unknowingly downloading potentially malicious file types from the internet? Apply a File Blocking profile to Security policy rules that allow general web access. Apply a Zone Protection profile to the untrust zone. Assign a Vulnerability profile to Security policy rules that deny general web access. Assign an Antivirus profile to Security policy rules that deny general web access.
Which profile or policy should be applied to protect against port scans from the internet? An App-ID security policy rule to block traffic sourcing from the untrust zone Zone protection profile on the zone of the ingress interface Security profiles to security policy rules for traffic sourcing from the untrust zone Interface management profile on the zone of the ingress interface.
You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems. They are looking for a solution to automatically remove access for contractors once access is no longer required. You address their concern by describing which feature in the NGFW? Dynamic User Groups Dynamic Address Groups Multi-factor Authentication External Dynamic Lists.
Which two methods are used to check for Corporate Credential Submissions? (Choose two.) domain credential filter IP user mapping User-ID credential check LDAP query.
Which action will protect against port scans from the internet? Assign an Interface Management profile to the zone of the ingress interface Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone Apply a Zone Protection profile on the zone of the ingress interface Apply App-ID Security policy rules to block traffic sourcing from the untrust zone.
What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.) Benign Spyware Malicious Phishing Grayware.
What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.) Errors Environments Interfaces Mounts Throughput Sessions Status.
When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged? HTTP method HTTP response status code Content type X-Forwarded-For.
What is an advantage public cloud WildFire has over the private WildFire appliance? signatures being available within minutes to protect global users once malware has been submitted generating malware reports using different types of operating systems (OSs) to test malware against generating antivirus and domain name system (DNS) signatures for discovered malware and assigning a Uniform Resource Locator (URL) category to malicious links.
The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service? DNS Security Threat Prevention WildFire loT Security.
What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design? It requires only one processor to complete all the functions within the box. It allows the addition of new functions to existing hardware without affecting performance. It allows the addition of new devices to existing hardware without affecting performance. It decodes each network flow multiple times, therefore reducing throughput.
Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property? Panorama Correlation Report AutoFocus Cortex XSOAR Community Edition Cortex XDR Prevent.
Which three script types can be analyzed in WildFire? (Choose three.) JScript PythonScript PowerShell Script VBScript MonoScript.
Which three actions must be taken to enable Credential Phishing Prevention? (Choose three.) Enable App-ID. Define a URL Filtering profile. Enable User Credential Detection. Define a SSL decryption rule base. Enable User-ID.
What is the default behavior in PAN-OS when a 12 MB portable executable (PE) file is forwarded to the WildFire cloud service? Flash file is not forwarded. Flash file is forwarded. PE File is forwarded. PE File is not forwarded.
Which Palo Alto Networks security component should an administrator use to extend NGFW policies to remote users? GlobalProtect Prisma SaaS API Threat Intelligence Cloud Cortex XDR.
A WildFire subscription is required for which two of the following activities? (Choose two.) Enforce policy based on Host Information Profile (HIP). Forward advanced file types from the firewall for analysis. Filter uniform resource locator (URL) sites by category. Decrypt Secure Sockets Layer (SSL). Use the WildFire Application Programming Interface (API) to submit website links for analysis.
Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined? Step 1: Define the Protect Surface Step 3: Architect a Zero Trust Network Step 5: Monitor and Maintain the Network Step 2: Map the Protect Surface Transaction Flows Step 4: Create the Zero Trust Policy.
WildFire can discover zero-day malware in which three types of traffic? (Choose three.) TFTP SMTP DNS FTP HTTPS.
Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics? show sdwan connection all | show sdwan path-monitor stats vif show sdwan rule vif sdwan.x show sdwan session distribution policy-name.
You have enabled the WildFire ML for PE files in the antivirus profile and have added the profile to the appropriate firewall rules. When you go to Palo Alto Networks WildFire test av file and attempt to download the test file it is allowed through. In order to verify that the machine learning is working from the command line, which command returns a valid result? show mlav cloud-status show wfml cloud-status show wfml cloud-status show wfav cloud-status.
What aspect of PAN-OS allows for the NGFW admin to create a policy that provides auto-remediation for anomalous user behavior and malicious activity while maintaining user visibility? Remote Device UserID Agent user-to-tag mapping Dynamic User Groups Dynamic Address Groups.
A customer worried about unknown attacks is hesitant to enable SSL decryption due to privacy and regulatory issues. How does the platform address the customer's concern? It overcomes reservations about SSL decrypt by offloading to a higher-capacity firewall to help with the decrypt throughput It bypasses the need to decrypt SSL traffic by analyzing the file while still encrypted. It shows how AutoFocus can provide visibility into targeted attacks at the industry sector. It allows a list of websites or URL categories to be defined for exclusion from decryption.
Which security profile on the NGFW includes signatures to protect you from brute force attacks? Zone Protection Profile URL Filtering Profile Vulnerability Protection Profile Anti-Spyware Profile.
A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall? Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default.
Which two actions should be taken prior to installing a decryption policy on a next-generation firewall (NGFW)? (Choose two.) Ensure throughput will not be an issue. Determine whether local / regional decryption laws apply. Deploy decryption settings all at one time. Include all traffic types in decryption policy.
Which component is needed for a large scale deployment of NGFWs with multiple Panorama Management Servers? M-600 Appliance Panorama Large Scale VPN (LSVPN) Plugin Palo Alto Networks Cluster License Panorama Interconnect Plugin .
For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same Prisma Access location servicing a single Datacenter? (Choose two.) Network segments in the Datacenter need to be advertised to only one Service Connection The customer edge device needs to support policy-based routing with symmetric return functionality The resources in the Datacenter will only be able to reach remote network resources that share the same region A maximum of four service connections per Datacenter are supported with this topology.
Which functionality is available to firewall users who have an active Threat Prevention subscription but no WildFire liicense? access to the WildFire API WildFire hybrid deployment five-minute WildFire updates PE file upload to WildFire.
A prospective customer wants to purchase a next-generation firewall (NGFW) and requires at least 2 million concurrent sessions with a minimum of 10Gbps of throughput with threat detection enabled. Which tool will help quickly determine the correct size of NGFW for this customer? Data Lake Calculator available on the Palo Alto Networks website NGFW sizing app available for iOS and Android devices Product Comparison tool available on the Palo Alto Networks website Quoting tool available on the Palo Alto Networks website.
What is an advantage of having WildFire machine learning (ML) capability inline on the firewall? It eliminates of the necessity for dynamic analysis in the cloud. It is always able to give more accurate verdicts than the cloud ML analysis, reducing false positives and false negatives, It improves the CPU performance of content inspection. It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity.
Which two products are included in the Prisma Brand? (Choose two.) Prisma Cloud Compute Panorama NGFW Prisma Cloud Enterprise.
A customer requires an analytics tool with the following attributes: • Uses the logs on the firewall to detect actionable events on the network • Automatically processes a series of related threat events that, when combined indicate a likely comprised host on the network Pinpoints the area of risk and allows for assessment of the risk to action can be taken to prevent exploitation of network nesources Which feature of PAN-OS will address these requirements? Third-party security information and event management (SIEM) which can ingest next-generation firewall (NGFW) logs Cortex XDR and Cortex Data Lake Automated correlation engine WildFire with application program interface (API) calls for automation.
In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.) benign Government command and control (C2) malware grayware.
Which three components are specific to the Query Builder found in the Custom Report creation dialog of the firewall? (Choose three.) Connector Database Recipient Operator Attribute.
Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of IP address or network segment? User-ID and Device-ID Source-ID and Device-ID Source-ID and Network-ID User-ID and Source-ID.
What is the correct behavior when a Palo Alto Networks next-generation firewall (NGFW) is unable to retrieve a DNS verdict from DNS service cloud in the configured lookup time? NGFW discard a response from the DNS server. NGFW temporarily disable DNS Security function. NGFW permit a response from the DNS server. NGFW resend a verdict challenge to DNS service cloud.
A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port. Which capability of PAN-OS would address the customer's lack of visibility? single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection capability App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53 User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53 Device-ID, because it will give visibility into which devices are communicating with extemal destinations over port 53.
Which two features are key in preventing unknown targeted attacks? (Choose two.) Single Pass Parallel Processing (SP3) nightly botnet report App-ID with the Zero Trust model WildFire Cloud threat analysis.
Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.) Include all traffic types in decryption policy Inability to access websites Exclude certain types of traffic in decryption policy Deploy decryption setting all at one time Ensure throughput is not an issue.
What two types of traffic should you exclude from a decryption policy? (Choose two.) All Business and regulatory traffic All outbound traffic All Mutual Authentication traffic All SSL/TLS 1.3 traffic.
Which statement applies to Deviating Devices and metrics? Metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation Deviating Device Tab is only available with a SD-WAN Subscription Administrator can set the metric health baseline along with a valid standard deviation Deviating Device Tab is only available for hardware-based firewalls.
What are three valid sources that are supported for user IP address mapping in Palo Alto Networks NGFW? (Choose three.) RADIUS Client Probing Lotus Domino Active Directory monitoring TACACS eDirectory monitoring.
Which three activities can the botnet report track? (Choose three.) Accessing domains registered in the last 30 days Visiting a malicious URL Launching a P2P application Detecting malware within a one-hour period Initiating API calls to other applications Using dynamic DNS domain providers.
What two types of certificates are used to configure SSL Forward Proxy? (Choose two.) Enterprise CA-signed certificates Self-Signed certificates Intermediate certificates Private key certificates.
Which three platform components can identify and protect against malicious email links? (Choose three.) WildFire hybrid cloud solution WildFire public cloud WF-500 M-200 M-600.
Which decryption requirement ensures that inspection can be provided to all inbound traffic routed to internal application and database servers? Installation of certificates from the application server and database server on the NGFW and configuration of an SSL Inbound Diecryption policy Installation of a trusted root CA certificate on the NGFW and configuration of an SSL Inbound Decryption policy Configuration of an SSL Inbound Decryption policy using one of the built-in certificates included in the certificate store Configuration of an SSL Inbound Decryption policy without installing certificates .
The WildFire Inline Machine Learning is configured using which Content-ID profiles? Antivirus Profile WildFire Analysis Profile Threat Prevention Profile File Blocking Profile.
Which two actions can be configured in an Anti-Spyware profile to address command-and-control (C2) traffic from compromised hosts? (Choose two.) redirect alert quarantine reset .
Report abuse