DQuestionCorrect

6781A "Continue" action can be configured on which of the following Security Profiles?Correct

7947After the installation of a new version of PAN-OS, the firewall must be rebooted.Correct

7941All of the interfaces on a Palo Alto Networks device must be of the same interface type.Correct

6791An enterprise PKI system is required to deploy SSL Forward Proxy decryption capabilities.Correct

7942An interface in tap mode can transmit packets on the wire.Correct

7943An interface in Virtual Wire mode must be assigned an IP address.Correct

7954As a Palo Alto Networks firewall administrator, you have made unwanted changes to the Candidate configuration. These changes may be undone by Device > Setup > Operations > Configuration Management>....and then what operation?Correct

7994Can multiple administrator accounts be configured on a single firewall?Correct

7952In a Palo Alto Networks firewall, every interface in use must be assigned to a zone in order to process traffic.Correct

8756In order to route traffic between Layer 3 interfaces on the Palo Alto Networks firewall, you need a:Correct

8741In PAN-OS 6.0 and later, which of these items may be used as match criterion in a Policy-Based Forwarding Rule? (Choose 3.)Correct

8746In PAN-OS 6.0, rule numbers are:Correct

7944Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles) for Administrator Accounts.Correct

7945Security policies specify a source interface and a destination interface.Correct

7959Select the implicit rules that are applied to traffic that fails to match any administrator-defined Security Policies. (Choose all rules that are correct.)Correct

8077Taking into account only the information in the screenshot above, answer the following question. An administrator is pinging 4.4.4.4 and fails to receive a response. What is the most likely reason for the lack of response?Correct

8087Taking into account only the information in the screenshot above, answer the following question. An administrator is using SSH on port 3333 and BitTorrent on port 7777. Which statements are True?Incorrect

8092Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)Correct

8072Taking into account only the information in the screenshot above, answer the following question: A span port or a switch is connected to e1/4, but there are no traffic logs. Which of the following conditions most likely explains this behavior?Correct

8711The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:Correct

8706The following can be configured as a next hop in a static route:Correct

8701Traffic going to a public IP address is being translated by a Palo Alto Networks firewall to an internal servers private IP address. Which IP address should the Security Policy use as the "Destination IP" in order to allow traffic to the server?Correct

8681What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is chosen on the firewall? (Select all correct answers.)Incorrect

8686What are two sources of information for determining whether the firewall has been successful in communicating with an external User-ID Agent?Correct

8581What general practice best describes how Palo Alto Networks firewall policies are applied to a session?Correct

8676What is the default DNS sinkhole address used by the Palo Alto Networks Firewall to cut off communication?Correct

8656What is the maximum file size of .EXE files uploaded from the firewall to WildFire?Correct

8736What Security Profile type must be configured to send files to the WildFire cloud, and with what choices for the action setting?Correct

8630When configuring a Decryption Policy Rule, which of the following are available as matching criteria in the rule? (Choose 3 answers.)Incorrect

8636When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSH-tunnel App-ID?Correct

8621When configuring a Security Policy Rule based on FQDN Address Objects, which of the following statements is True?Correct

8591When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:Correct

8576Which feature can be configured to block sessions that the firewall cannot decrypt?Correct

8571Which link is used by an Active/Passive cluster to synchronize session information?Correct

8561Which of the Dynamic Updates listed below are issued on a daily basis? (Select all correct answers.)Correct

8551Which of the following are methods that HA clusters use to identify network outages?Correct

8541Which of the following can provide information to a Palo Alto Networks firewall for the purposes of User-ID? (Select all correct answers.)Incorrect

8510Which of the following CANNOT use the source user as a match criterion?Incorrect

8531Which of the following interface types can have an IP address assigned to it?Correct

8526Which of the following is NOT a valid option for built-in CLI Admin roles?Incorrect

8516Which of the following must be enabled in order for User-ID to function?Correct

8500Which of the following platforms supports the Decryption Port Mirror function?Correct

8495Which of the following services are enabled on the MGT interface by default? (Select all correct answers.)Correct

8485Which of the following statements is NOT True about Palo Alto Networks firewalls?Correct

8461Which routing protocol is supported on the Palo Alto Networks platform?Correct

8456Which statement about config locks is True?Correct

8420Which statement below is True?Incorrect

8443Will an exported configuration contain Management Interface settings?Correct

7950With IKE Phase 1, each device is identified to the other by a Peer ID. In most cases, the Peer ID is just the public IP address of the device. In situations where the public IP address is not static, the Peer ID can be a text value.Correct

8438Without a WildFire subscription, which of the following files can be submitted by the Firewall to the hosted WildFire virtualized sandbox?Correct