Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

NGFW-ENGINEER by Palo Alto Networks - Page 1 | ExamCademy

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 2 • Questions 1-25 of 50

1 2

→

Know a question that should be here? Contribute to this exam

Which zone type allows traffic between zones in different virtual systems (VSYS), without the traffic leaving the firewall?

A Isolated
B Transient
C External
D Internal

In regard to the Advanced Routing Engine (ARE), what must be enabled first when configuring a logical router on a PAN-OS firewall?

A License
B Plugin
C Content update
D General setting

During an upgrade to the routing infrastructure in a customer environment, the network administrator wants to implement Advanced Routing Engine (ARE) on a Palo Alto Networks firewall.
Which firewall models support this configuration?

A PA-5280, PA-7080, PA-3250, VM-Series
B PA-455, VM-Series, PA-1410, PA-5450
C PA-3260, PA-5410, PA-850, PA-460
D PA-7050, PA-1420, VM-Series, CN-Series

Which statement describes the role of Terraform in deploying Palo Alto Networks NGFWs?

A It acts as a logging service for NGFW performance metrics.
B It orchestrates real-time traffic inspection for network segments.
C It provides Infrastructure-as-Code (IaC) to automate NGFW deployment.
D It manages threat intelligence data synchronization with NGFWs.

Which configuration in the LACP tab will enable pre-negotiation for an Aggregate Ethernet (AE) interface on a Palo Alto Networks high availability (HA) active/passive pair?

A Set Transmission Rate to “fast.”
B Set passive link state to “Auto.”
C Set “Enable in HA Passive State.”
D Set LACP mode to “Active.”

When integrating Kubernetes with Palo Alto Networks NGFWs, what is used to secure traffic between microservices?

A Service graph
B Ansible automation modules
C Panorama role-based access control (RBAC)
D CN-Series firewalls

When configuring a Zone Protection profile, in which section (protection type) would an NGFW engineer configure options to protect against activities such as spoofed IP addresses and split handshake session establishment attempts?

A Flood Protection
B Protocol Protection
C Packet-Based Attack Protection
D Reconnaissance Protection

For which two purposes is an IP address configured on a tunnel interface? (Choose two.)

A Use of dynamic routing protocols
B Tunnel monitoring
C Use of peer IP
D Redistribution of User-ID

Which type of firewall resource can be assigned when configuring a new firewall virtual system (VSYS)?

A CPU
B Sessions limit
C Memory
D Security profile limit

How does a Palo Alto Networks firewall choose the best route when it receives routes for the same destination from different routing protocols?

A The route that was received first will be entered into the forwarding table, and all subsequent routes will be rejected.
B It will attempt to load balance the traffic across all routes.
C It compares the administrative distance and chooses the one with the highest value.
D It compares the administrative distance and chooses the one with the lowest value.