After a firewall is associated with Strata Cloud Manager (SCM), which two additional actions are required to enable management of the firewall from SCM? (Choose two.)
AInstall a device certificate.
BConfigure a Security policy allowing "stratacloudmanager.paloaltonetworks.com" for all users.
CConfigure NTP and DNS servers for the firewall.
DDeploy a service connection for each branch site and connect with SCM.
In which order does an NGFW process URL categories for Security policy?
A network engineer pushes specific Panorama reports of new AI URL category types to branch NGFWs.
Which two report types achieve this goal? (Choose two.)
AAI
BPDF summary
CCustom
DSNMP
Which file type does Advanced WildFire support for inline analysis to detect advanced malware?
APE
BAPK
CPDF
DJAR
By default, how often are signatures updated for firewalls with Advanced WildFire?
AIn real time
BWithin 5-10 minutes
CWithin 24-48 hours
DOnce a week
How does a firewall behave when SSL Inbound Inspection is enabled?
AIt decrypts inbound and outbound SSH connections.
BIt acts as meddler-in-the-middle between the client and the internal server.
CIt acts transparently between the client and the internal server.
DIt decrypts traffic between the client and the external server.
What are two indications that a packet has been processed into a fast path session? (Choose two.)
AContent and application inspection is recognized.
BInitial forwarding look is using a FIB.
CPrevious packets of the same session have been identified.
DSecurity policy lookup is initiated.
Which two content updates can be pushed to NGFWs from Panorama? (Choose two.)
AWildFire
BApplications and threats
CAdvanced URL Filtering
DGlobalProtect data file
Which step is necessary to ensure an organization is using the inline cloud analysis features in its Advanced Threat Prevention subscription?
AUpdate or create a new Anti-spyware security profile and enable the appropriate local deep learning models.
BEnable SSL decryption in Security policies to inspect and analyze encrypted traffic for threats.
CDisable anti-spyware to avoid performance impacts and rely solely on external threat intelligence.
DConfigure Advanced Threat Prevention profiles with default settings and only focus on high-risk traffic to avoid affecting network performance.
How do Cloud NGFW instances get created when using AWS centralized deployments?
AA security VPC will be created as transit gateways to push all traffic through the area.
BThey are placed in a vWAN with a virtual hub.
CSelected VPCs will have Cloud NGFW workloads added to them.
DThey replace the internet gateway service.
How many places will a firewall administrator need to create and configure a custom data loss prevention (DLP) profile across Prisma Access and the NGFW?
AOne
BTwo
CThree
DFour
An administrator wants to implement additional Cloud-Delivered Security Services (CDSS) on a data center NGFW that already has one enabled.
What benefit does the NGFWs single-pass parallel processing (SP3) architecture provide?
AIt allows for traffic inspection at the application level.
BThere will be only a minor reduction in performance.
CThere will be no additional performance degradation.
DIt allows additional security inspection devices to be added inline.
Which feature of SaaS Security will allow a firewall administrator to identify unknown SaaS applications in an environment?
AApp-ID Cloud Engine
BSaaS Data Security
CCloud Identity Engine
DApp-ID
Which two configurations are required when creating deployment profiles to migrate a perpetual VM-Series firewall to a flexible VM? (Choose two.)
AAllow only the same security services as the perpetual VM.
BDeploy virtual Panorama for management.
CChoose "Fixed vCPU Models" for configuration type.
DAllocate the same number of vCPUs as the perpetual VM.
When a firewall acts as an application-level gateway (ALG), what does it require in order to establish a connection?
ADynamic IP and Port (DIPP)
BSession Initiation Protocol (SIP)
CPayload
DPinholes
Within which security profile is the DNS sinkholing action enabled?
AFile Blocking
BAntivirus
CAnti-spyware
DDoS Protection
Which security profile provides real-time protection against threat actors who exploit the misconfigurations of DNS infrastructure and redirect traffic to malicious domains?
AAnti-spyware
BURL Filtering
CAntivirus
DVulnerability Protection
A Prisma Access administrator wants to attach the same set of Security policies to each new rule created.
How can the administrator automate the profiles to be attached to new rules?
ACreate profiles for each CDSS and name them "default."
BCreate a security profile group and name it "default."
CUse AIOps to automate the security profile group attachment.
DUse Policy Analyzer after creating the new rules.
An administrator is responsible for updating which component of Prisma Access?
AManagement plane
BContent updates
CData plane
DVPN client
In a service provider environment, what key advantage does implementing virtual systems provide for managing multiple customer environments?
AShared threat prevention policies across all tenants
BCentralized authentication for all customer domains
CUnified logging across all virtual systems
DLogical separation of control and Security policy
In which security profile is credential phishing prevention implemented?
AURL Filtering
BVulnerability Protection
CAntivirus
DAnti-spyware
Which two modes should be enabled on the GlobalProtect agent to allow a subset of users to connect directly to SaaS and internal applications while allowing the remaining users to connect through third-party VPN? (Choose two.)
ARemote desktop protocol (RDP)
BProxy
CTunnel
DClientless
Which two types of logs must be forwarded to Strata Logging Service for IoT Security to function? (Choose two.)
Preview
