You are on page 1of 2

ID

6781
7947
7948
7941
6791
7942
7943
7979

7984

7989
7994
8097
8067
8767
8756
8751
8746
7944
7945
7959

ID
8077

8072
8706
8082
8696
8686
8581
8656
8646
7949

Question
Correct
A "Continue" action can be configured on which of the following Security Profiles?
Correct
After the installation of a new version of PAN-OS, the firewall must be rebooted.
Correct
After the installation of the Threat Prevention license, the firewall must be rebooted.
Correct
All of the interfaces on a Palo Alto Networks device must be of the same interface type. Correct
An enterprise PKI system is required to deploy SSL Forward Proxy decryption
Correct
capabilities.
An interface in tap mode can transmit packets on the wire.
Correct
An interface in Virtual Wire mode must be assigned an IP address.
Correct
As the Palo Alto Networks Administrator responsible for User-ID, you need to enable
mapping of network users that do not sign-in using LDAP. Which information source Correct
would allow for reliable User-ID mapping while requiring the least effort to configure?
As the Palo Alto Networks Administrator you have enabled Application Block pages.
Afterwards, not knowing they are attempting to access a blocked web-based
Correct
application, users call the Help Desk to complain about network connectivity issues.
What is the cause of the increased number of help desk calls?
Besides selecting the Heartbeat Backup option when creating an Active-Passive HA
Correct
Pair, which of the following also prevents "Split-Brain"?
Can multiple administrator accounts be configured on a single firewall?
Correct
Considering the information in the screenshot above, what is the order of evaluation
Correct
for this URL Filtering Profile?
Enabling "Highlight Unused Rules" in the Security Policy window will:
Correct
How do you reduce the amount of information recorded in the URL Content Filtering
Correct
Logs?
In order to route traffic between Layer 3 interfaces on the Palo Alto Networks firewall,
Correct
you need a:
In Palo Alto Networks terms, an application is:
Incorrect
In PAN-OS 6.0, rule numbers are:
Correct
Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and
Correct
Role-Based (customized user roles) for Administrator Accounts.
Security policies specify a source interface and a destination interface.
Incorrect
Select the implicit rules that are applied to traffic that fails to match any administratorCorrect
defined Security Policies. (Choose all rules that are correct.)
Question
Correct
Taking into account only the information in the screenshot above, answer the following
question. An administrator is pinging 4.4.4.4 and fails to receive a response. What is
Correct
the most likely reason for the lack of response?
Taking into account only the information in the screenshot above, answer the following
question: A span port or a switch is connected to e1/4, but there are no traffic logs.
Correct
Which of the following conditions most likely explains this behavior?
The following can be configured as a next hop in a static route:
Correct
The screenshot above shows part of a firewalls configuration. If ping traffic can
traverse this device from e1/2 to e1/1, which of the following statements must be True Correct
about this firewalls configuration? (Select all correct answers.)
Users may be authenticated sequentially to multiple authentication servers by
Correct
configuring:
What are two sources of information for determining whether the firewall has been
Correct
successful in communicating with an external User-ID Agent?
What general practice best describes how Palo Alto Networks firewall policies are
Correct
applied to a session?
What is the maximum file size of .EXE files uploaded from the firewall to WildFire?
Correct
What will be the user experience when the safe search option is NOT enabled for
Correct
Google search but the firewall has "Safe Search Enforcement" Enabled?
When an interface is in Tap mode and a Policys action is set to block, the interface
Correct
will send a TCP reset.

ID
8630
8636
8621
8616
8591
7964
8576
8561
8541
8490

8531
8526
8471
8495
8466
8461
8420
8449
8438
7951

Question
Correct
When configuring a Decryption Policy Rule, which of the following are available as
Incorrect
matching criteria in the rule? (Choose 3 answers.)
When configuring a Decryption Policy rule, which option allows a firewall administrator
Correct
to control SSHv2 tunneling in policies by specifying the SSH-tunnel App-ID?
When configuring a Security Policy Rule based on FQDN Address Objects, which of
Correct
the following statements is True?
When configuring the firewall for User-ID, what is the maximum number of Domain
Correct
Controllers that can be configured?
When Destination Network Address Translation is being performed, the destination in
Correct
the corresponding Security Policy Rule should use:
When using Config Audit, the color yellow indicates which of the following?
Correct
Which feature can be configured to block sessions that the firewall cannot decrypt?
Correct
Which of the Dynamic Updates listed below are issued on a daily basis? (Select all
Correct
correct answers.)
Which of the following can provide information to a Palo Alto Networks firewall for the
Incorrect
purposes of User-ID? (Select all correct answers.)
Which of the following facts about dynamic updates is correct?
Correct

Which of the following interface types can have an IP address assigned to it?
Correct
Which of the following is NOT a valid option for built-in CLI Admin roles?
Incorrect
Which of the following search engines are supported by the "Safe Search Enforcement" option?
Correct
(Select all correct answers.)
Which of the following services are enabled on the MGT interface by default? (Select all correct
Correct
answers.)
Which pre-defined Admin Role has all rights except the rights to create administrative accounts
Correct
and virtual systems?
Which routing protocol is supported on the Palo Alto Networks platform?
Correct
Which statement below is True?
Incorrect
Which type of license is required to perform Decryption Port Mirroring?
Incorrect
Without a WildFire subscription, which of the following files can be submitted by the Firewall to the
Correct
hosted WildFire virtualized sandbox?
You can assign an IP address to an interface in Virtual Wire mode.
Incorrect