In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)
AAntivirus
BURL Filtering
CVulnerability Protection
DAnti-spyware
An administrator wants to enable users to access retail websites that are considered minimum risk.
Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two.)
Ae-commerce
Bknown-good
Cshopping
Dlow-risk
Which two events can be found in data-filtering logs? (Choose two.)
ASpecific users attempting to authenticate
BSensitive information attempting to exit the network
CAn unsuccessful attempt to establish a TLS session
DA download attempt of a blocked file type
Which situation is recorded as a system log?
AA connection with an authentication server has been dropped.
BA file that has been analyzed is potentially dangerous for the system.
CAn attempt to access a spoofed website has been blocked.
DA new asset has been discovered on the network.
Question 6
Object Configuration Creation and Application
0
Question 7
Object Configuration Creation and Application
Question 8
Object Configuration Creation and Application
Question 9
Troubleshooting
Question 10
Policy Creation and Application
Question 11
Management and Operations
Question 12
Policy Creation and Application
Question 13
Troubleshooting
Question 14
Policy Creation and Application
Question 15
Object Configuration Creation and Application
Question 16
Object Configuration Creation and Application
Question 17
Object Configuration Creation and Application
Question 18
Policy Creation and Application
Question 19
Policy Creation and Application
Question 20
Policy Creation and Application
Question 21
Object Configuration Creation and Application
Question 22
Object Configuration Creation and Application
Question 23
Troubleshooting
Question 24
Troubleshooting
Question 25
Management and Operations
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
By default, what is the maximum number of templates that can be added to a template stack?
A6
B8
C10
D12
Which order of steps is the correct way to create a static route?
A
Enter the route and netmask2) Specify the outgoing interface for packets to use to go to the next hop3) Enter the IP address for the specific next hop4) Add an IPv4 or IPv6 route by name
B
Enter the IP address for the specific next hop2) Add an IPv4 or IPv6 route by name3) Enter the route and netmask4) Specify the outgoing interface for packets to use to go to the next hop
C
Enter the route and netmask2) Enter the IP address for the specific next hop3) Specify the outgoing interface for packets to use to go to the next hop4) Add an IPv4 or IPv6 route by name
D
Enter the IP address for the specific next hop2) Enter the route and netmask3) Add an IPv4 or IPv6 route by name4) Specify the outgoing interface for packets to use to go to the next hop
In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?
ANetwork
BPolicies
CObjects
DDevice
When is an event displayed under threat logs?
AWhen traffic matches a corresponding Security Profile
BWhen traffic matches any Security policy
CEvery time a session is blocked
DEvery time the firewall drops a connection
What are three ways application characteristics are used? (Choose three.)
AAs a setting to define a new custom application
BAs a global filter in the Application Command Center (ACC)
CAs an attribute to define an application group
DAs an object to define Security policies
EAs an attribute to define an application filter
Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)
AEnable Dynamic Updates.
BObtain a Threat Prevention subscription.
CObtain a WildFire subscription.
DMove within the WildFire public cloud region.
Which two types of profiles are needed to create an authentication sequence? (Choose two.)
ASecurity profile
BAuthentication profile
CServer profile
DInterface Management profile
What does rule shadowing in Security policies do?
AIt shows rules with the same Source Zones and Destination Zones.
BIt indicates that a broader rule matching the criteria is configured above a more specific rule.
CIt indicates rules with App-ID that are not configured as port-based.
DIt shows rules that are missing Security profile configurations.
Which statement applies to the Intrazone Security policy rule?
AThe traffic within the same security zone will not be allowed.
BIt requires a Zone Protection profile to be applied.
CIt applies regardless of whether it is from the same security zone or a different one.
DIt applies to all matching traffic within the specified source security zones.
Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)
ADynamic IP
BDynamic IP and Port (DIPP)
CStatic IP
DDynamic IP / Port Fallback
Within an Anti-Spyware security profile, which tab is used to enable machine learning based engines?
ASignature Policies
BSignature Exceptions
CMachine Learning Policies
DInline Cloud Analysis
The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named New_Admin. This new administrator has to authenticate without inserting any username or password to access the WebUI.
What steps should the administrator follow to create the New_Admin Administrator profile?
A
Set the Authentication profile to Local.2. Select the "Use only client certificate authentication" check box.3. Set Role to Role Based.
B
Select the "Use only client certificate authentication" check box.2. Set Role to Dynamic.3. Issue to the Client a Certificate with Certificate Name = New Admin
C
Select the "Use only client certificate authentication" check box.2. Set Role to Dynamic.3. Issue to the Client a Certificate with Common Name = New_Admin
D
Select the "Use only client certificate authentication" check box.2. Set Role to Role Based.3. Issue to the Client a Certificate with Common Name = New Admin
By default, which action is assigned to the intrazone-default rule?
AReset-client
BReset-server
CDeny
DAllow
What are three advantages of user-to-group mapping? (Choose three.)
AIt does not require additional objects to be configured.
BIt does not require a Server profile.
CIt simplifies user administration.
DIt automatically adds new users to the appropriate group.
EIt allows an administrator to write more granular policies.
Which two statements correctly describe how pre-rules and local device rules are viewed and modified? (Choose two.)
APre-rules can be modified by the local administrator or by a Panorama administrator who has switched to a local firewall.
BPre-rules and local device rules can be modified in Panorama.
CPre-rules can be viewed on managed firewalls.
DPre-rules are modified in Panorama only, and local device rules are modified on local firewalls only.
Which three types of Source NAT are available to users inside a NGFW? (Choose three.)
AStatic Port
BDynamic IP and Port (DIPP)
CDynamic IP
DStatic IP and Port (SIPP)
EStatic IP
What are the two main reasons a custom application is created? (Choose two.)
ATo change the default categorization of an application
BTo visually group similar applications
CTo correctly identify an internal application in the traffic log
DTo reduce unidentified traffic on a network
The administrator profile "SYS01 Admin" is configured with authentication profile "Authentication Sequence SYS01," and the authentication sequence SYS01 has a profile list with four authentication profiles:
After a network outage, the LDAP server is no longer reachable. The RADIUS server is still reachable but has lost the "SYS01 Admin" username and password.
What is the "SYS01 Admin" login capability after the outage?
AAuth KO because RADIUS server lost user and password for SYS01 Admin
BAuth OK because of the Auth Profile TACACS
CAuth OK because of the Auth Profile Local
DAuth KO because LDAP server is not reachable
An administrator is reviewing the Security policy rules shown in the screenshot.
Why are the two fields in the Security policy EDL-Deny highlighted in red?
ABecause antivirus inspection is enabled for this policy
BBecause the destination zone, address, and device are all "any"
CBecause the action is Deny
DBecause the Security-EDL tag has been assigned the red color
In which three places on the PAN-OS interface can the application characteristics be found? (Choose three.)
