Color-coded tags can be used on all of the items listed below EXCEPT:
AAddress Objects
BZones
CService Groups
DVulnerability Profiles
Which of the following can provide information to a Palo Alto Networks firewall for the purposes of UserID?
ADomain Controller
BSSL Certificates
CRIPv2
DNetwork Access Control (NAC) device
When you have created a Security Policy Rule that allows Facebook, what must you do to block all other web browsing traffic?
ACreate an additional rule that blocks all other traffic.
BWhen creating the policy, ensure that webbrowsing is included in the same rule.
CEnsure that the Service column is defined as "applicationdefault" for this Security policy. Doing this will automatically include the implicit webbrowsing application dependency.
DNothing. You can depend on PANOS to block the webbrowsing traffic that is not needed for Facebook use.
As the Palo Alto Networks Administrator responsible for UserID, you need to enable mapping of network users that do not sign in using LDAP. Which information source would allow for reliable UserID mapping while requiring the least effort to configure?
AActive Directory Security Logs
BWMI Query
CCaptive Portal
DExchange CAS Security logs
Question 6
User-ID
0
Question 7
Administration and Management
Question 8
Decryption
Question 9
User-ID
Question 10
Decryption
Question 11
User-ID
Question 12
Administration and Management
Question 13
Administration and Management
Question 15
Administration and Management
Question 16
VPN
Question 17
VPN
Question 18
Administration and Management
Question 19
Network and Interface Configuration
Question 20
Decryption
Question 21
User-ID
Question 22
Network and Interface Configuration
Question 23
App-ID
Question 24
Network and Interface Configuration
Question 25
Administration and Management
Question 26
High Availability
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which of the following CANNOT use the source user as a match criterion?
APolicy Based Forwarding
BSecuirty Policies
CQoS
DDoS Protection
EAntivirus Profile
Which statement below is True?
APANOS uses BrightCloud as its default URL Filtering database, but also supports PANDB.
BPANOS uses PANDB for URL Filtering, replacing BrightCloud.
CPANOS uses BrightCloud for URL Filtering, replacing PANDB.
DPANOS uses PANDB as the default URL Filtering database, but also supports BrightCloud.
When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSHtunnel AppID?
ASSH Proxy
BSSL Forward Proxy
CSSL Inbound Inspection
DSSL Reverse Proxy
What are two sources of information for determining whether the firewall has been successful in communicating with an external UserID Agent?
ASystem Logs and the indicator light under the UserID Agent settings in the firewall.
BTraffic Logs and Authentication Logs.
CSystem Logs and an indicator light on the chassis.
DSystem Logs and Authentication Logs.
What Security Profile type must be configured to send files to the WildFire cloud, and with what choices for the action setting?
AA File Blocking profile with possible actions of "Forward" or "Continue and Forward".
BA Data Filtering profile with possible actions of "Forward" or "Continue and Forward".
CA Vulnerability Protection profile with the possible action of "Forward".
DA URL Filtering profile with the possible action of "Forward".
When configuring UserID on a Palo Alto Networks firewall, what is the proper procedure to limit User mappings to a particular DHCP scope?
AIn the zone in which User Identification is enabled, create a User Identification ACL Include List using the same IP ranges as those allocated in the DHCP scope.
BUnder the User Identification settings, under the User Mapping tab, select the "Restrict Users to Allocated IP" checkbox.
CIn the zone in which User Identification is enabled, select the "Restrict Allocated IP" checkbox.
DIn the DHCP settings on the Palo Alto Networks firewall, point the DHCP Relay to the IP address of the UserID agent.
A Config Lock may be removed by which of the following users?
AThe administrator who set it
BDevice administrators
CAny administrator
DSuperusers
After the installation of a new version of PANOS, the firewall must be rebooted.
ATrue
BFalse
After the installation of the Threat Prevention license, the firewall must be rebooted.
ATrue
BFalse
What is the function of the GlobalProtect Portal?
ATo maintain the list of Global Protect Gateways and specify HIP data that the agent should report.
BTo loadbalance
CGlobalProtect client connections to GlobalProtect Gateways.
DTo maintain the list of remote GlobalProtect Portals and the list of categories for checking the client machine.
ETo provide redundancy for tunneled connections through the GlobalProtect Gateways.
Which mode will allow a user to choose when they wish to connect to the Global Protect Network?
AAlways On mode
BOptional mode
CSingle SignOn mode
DOn Demand mode
After the installation of a new Application and Threat database, the firewall must be rebooted.
ATrue
BFalse
Taking into account only the information in the screenshot above, answer the following question:
A span port or a switch is connected to e1/4, but there are no traffic logs.
Which of the following conditions most likely explains this behavior?
AThe interface is not assigned a virtual router.
BThe interface is not assigned an IP address.
CThe interface is not up.
DThere is no zone assigned to the interface.
Which of the following platforms supports the Decryption Port Mirror function?
APA3000
BVMSeries 100
CPA2000
DPA4000
UserID is enabled in the configuration of:
Aa Security Profile.
Ban Interface.
Ca Security Policy.
Da Zone.
Which of the following interface types can have an IP address assigned to it?
ALayer 3
BLayer 2
CTap
DVirtual Wire
As the Palo Alto Networks Administrator you have enabled Application Block pages.
Afterwards, not knowing they are attempting to access a blocked web based application, users call the Help Desk to complain about network connectivity issues.
What is the cause of the increased number of help desk calls?
AThe File Blocking Block Page was disabled.
BSome AppID's are set with a Session Timeout value that is too low.
CThe firewall admin did not create a custom response page to notify potential users that their attempt to access the web based application is being blocked due to policy.
DApplication Block Pages will only be displayed when Captive Portal is configured.
Security policies specify a source interface and a destination interface.
ATrue
BFalse
Select the implicit rules that are applied to traffic that fails to match any administrator defined Security Policies.
AIntrazone traffic is allowed
BInterzone traffic is denied
CIntrazone traffic is denied
DInterzone traffic is allowed
Besides selecting the Heartbeat Backup option when creating an ActivePassive HA Pair, which of the following also prevents "SplitBrain"?
ACreating a custom interface under Service Route Configuration, and assigning this interface as the backup HA2 link.
BUnder "Packet Forwarding", selecting the VR Sync checkbox.
CConfiguring an independent backup HA1 link.
DConfiguring a backup HA2 link that points to the MGT interface of the other device in the pair.
