PCNSCPreview

What is the default port used by the Terminal Services agent to communicate with a firewall?

Your customer wants to implement Active/Active High Availability for their PA-5260 pair. The following conditions are true in their environment:
-They are using multiple Layer 3 interfaces to process traffic.
-Their routing topology requires the use of Network Address Translation policies to ensure that traffic can reach its destinations correctly.
-They prefer to have the session workload distributed as evenly as possible to ensure both firewalls have lower resource utilization.
-They make use of dynamic routing protocols on their virtual routers for route-based redundancy.
-They chose to go with Active/Active for failover speed reasons.
Which three of the following HA configurations should your customer ensure they use to meet these requirements? (Choose three.)

Your customer believes that the Panorama appliance is being overwhelmed by the logs from deployed Palo Alto Networks Next-Generation Firewalls.
What CLI command can you run to determine the number of logs per second sent by each firewall?

An existing customer who has deployed several Palo Alto Networks Next-Generation Firewalls would like to start using Device-ID to obtain policy rule recommendations. They have also purchased a Support license, a Threat license, a URL Filtering license, and a WildFire license for each firewall.
What additional license do they need to purchase?

In Expedition, which objects are classified as “Ghost objects”?

Which routing configuration should you recommend to a customer who wishes to actively use multiple pathways to the same destination?

A company has deployed an Active/Passive 5280 HA pair with BGP configured to the company’s ISP. The lead firewall engineer has set the HA Timer to “Recommended”. Upon failing over the HA pair, there is a two-minute outage and internet traffic is dropped.
What should the engineer do to eliminate or minimize the outage in the future?

SSL Forward Proxy decryption is enabled on the firewall. When clients use Chrome to browse to HTTPS sites, the firewall returns the Forward Trust certificate, even when accessing websites with invalid certificates. The clients need to be presented with a browser warning error with the option to proceed to websites with invalid certificates.
Which two options will satisfy this requirement? (Choose two.)

A customer recently purchased a license for URL filtering and is having trouble activating PAN-DB. Which two commands can be used to troubleshoot this issue? (Choose two.)

What are the three predefined external dynamic lists in PAN-OS that customers receive with their content and threat updates? (Choose three.)

With its improved reliability and automation, Expedition 2 will install by using which of the following?

Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update? (Choose two.)

DRAG DROP -
In Panorama, the web interface displays the security rules in evaluation order. Organize the security rules in the order in which they will be evaluated?

A URL is categorized as both health-and-medicine and abused-drugs. The health-and-medicine category is set to “allow” and the abused-drugs category is set to “block”.
Which two actions will be taken when this URL is visited? (Choose two.)

The corporate architect has questions about the authentication algorithms supported by TLSv1.3.
Which two authentication algorithms are supported by Palo Alto Networks in TLSv1.3? (Choose two.)

A customer uses an application on the network that shows unknown-tcp application in the traffic logs.
Which two actions can the administrator take to make the application display this information? (Choose two.)

What happens when a packet from an existing session is received by a firewall that is not the owner in an HA active/active configuration?

DRAG DROP -
Match the task for server settings in group mapping with its order in the process.

Why is a threshold used when content updates are installed?

Examine the configured Security policy rule. Which day one/Iron Skillet Security Profile Group is used to secure the traffic that is permitted through this rule?

A customer is adding a new site-to-site tunnel from a Palo Alto Networks NGFW to a third party with a policy based VPN peer. After the initial configuration is completed and the changes are committed, phase 2 fails to establish.
Which two changes may be required to fix the issue? (Choose two.)

Review the customer scenario:

• An organization has deployed an Active/Passive 7080 HA pair in their data center.
• The 7080 firewall has three 100G NPCs installed in slots 1, 2, and 12.
• In slots 1 and 2, the NPCs are being used to create two 200G Aggregate Ethernets with LACP to their switch infrastructure in a Layer 3 deployment with OSPF and BGP routing.
• The networking team has received alerts via SolarWinds recently that the NPC in slot 1 has a high DP load and high network utilization on one of its two interfaces.
  What can you recommend to the team to balance the traffic more evenly and reduce high utilization of slot 1?

A firewall that was previously connected to a User-ID agent server now shows disconnected.
What is the likely cause?