IDQuestionCorrect

6781A "Continue" action can be configured on which of the following Security Profiles?Correct

7947After the installation of a new version of PAN-OS, the firewall must be rebooted.Correct

7948After the installation of the Threat Prevention license, the firewall must be rebooted.Correct

7941All of the interfaces on a Palo Alto Networks device must be of the same interface type.Correct

6791An enterprise PKI system is required to deploy SSL Forward Proxy decryption capabilities.Correct

7942An interface in tap mode can transmit packets on the wire.Correct

7943An interface in Virtual Wire mode must be assigned an IP address.Correct

7979As the Palo Alto Networks Administrator responsible for User-ID, you need to enable mapping of network users that do not sign-in using LDAP. Which information source would allow for reliable User-ID mapping while requiring the least effort to configure?Correct

7984As the Palo Alto Networks Administrator you have enabled Application Block pages. Afterwards, not knowing they are attempting to access a blocked web-based application, users call the Help Desk to complain about network connectivity issues. What is the cause of the increased number of help desk calls?Correct

7989Besides selecting the Heartbeat Backup option when creating an Active-Passive HA Pair, which of the following also prevents "Split-Brain"?Correct

7994Can multiple administrator accounts be configured on a single firewall?Correct

8097Considering the information in the screenshot above, what is the order of evaluation for this URL Filtering Profile?Correct

8067Enabling "Highlight Unused Rules" in the Security Policy window will:Correct

8767How do you reduce the amount of information recorded in the URL Content Filtering Logs?Correct

8756In order to route traffic between Layer 3 interfaces on the Palo Alto Networks firewall, you need a:Correct

8751In Palo Alto Networks terms, an application is:Incorrect

8746In PAN-OS 6.0, rule numbers are:Correct

7944Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles) for Administrator Accounts.Correct

7945Security policies specify a source interface and a destination interface.Incorrect

7959Select the implicit rules that are applied to traffic that fails to match any administrator-defined Security Policies. (Choose all rules that are correct.)Correct

IDQuestionCorrect

8077Taking into account only the information in the screenshot above, answer the following question. An administrator is pinging 4.4.4.4 and fails to receive a response. What is the most likely reason for the lack of response?Correct

8072Taking into account only the information in the screenshot above, answer the following question: A span port or a switch is connected to e1/4, but there are no traffic logs. Which of the following conditions most likely explains this behavior?Correct

8706The following can be configured as a next hop in a static route:Correct

8082The screenshot above shows part of a firewalls configuration. If ping traffic can traverse this device from e1/2 to e1/1, which of the following statements must be True about this firewalls configuration? (Select all correct answers.)Correct

8696Users may be authenticated sequentially to multiple authentication servers by configuring:Correct

8686What are two sources of information for determining whether the firewall has been successful in communicating with an external User-ID Agent?Correct

8581What general practice best describes how Palo Alto Networks firewall policies are applied to a session?Correct

8656What is the maximum file size of .EXE files uploaded from the firewall to WildFire?Correct

8646What will be the user experience when the safe search option is NOT enabled for Google search but the firewall has "Safe Search Enforcement" Enabled?Correct

7949When an interface is in Tap mode and a Policys action is set to block, the interface will send a TCP reset.Correct

8630When configuring a Decryption Policy Rule, which of the following are available as matching criteria in the rule? (Choose 3 answers.)Incorrect

8636When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSH-tunnel App-ID?Correct

8621When configuring a Security Policy Rule based on FQDN Address Objects, which of the following statements is True?Correct

8616When configuring the firewall for User-ID, what is the maximum number of Domain Controllers that can be configured?Correct

8591When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:Correct

7964When using Config Audit, the color yellow indicates which of the following?Correct

8576Which feature can be configured to block sessions that the firewall cannot decrypt?Correct

8561Which of the Dynamic Updates listed below are issued on a daily basis? (Select all correct answers.)Correct

8541Which of the following can provide information to a Palo Alto Networks firewall for the purposes of User-ID? (Select all correct answers.)Incorrect

8490Which of the following facts about dynamic updates is correct?Correct

8531Which of the following interface types can have an IP address assigned to it?Correct

8526Which of the following is NOT a valid option for built-in CLI Admin roles?Incorrect

8471Which of the following search engines are supported by the "Safe Search Enforcement" option? (Select all correct answers.)Correct

8495Which of the following services are enabled on the MGT interface by default? (Select all correct answers.)Correct

8466Which pre-defined Admin Role has all rights except the rights to create administrative accounts and virtual systems?Correct

8461Which routing protocol is supported on the Palo Alto Networks platform?Correct

8420Which statement below is True?Incorrect

8449Which type of license is required to perform Decryption Port Mirroring?Incorrect

8438Without a WildFire subscription, which of the following files can be submitted by the Firewall to the hosted WildFire virtualized sandbox?Correct

7951You can assign an IP address to an interface in Virtual Wire mode.Incorrect