Professional Documents
Culture Documents
8When employing the BrightCloud URL filtering database in a Palo Alto Networks f
irewall, the order of
evaluation within a profile is:
Block list, Allow list, Custom Cat, Cache files, Loc URL DB
9When configuring Admin Roles for Web UI access, what are the available access l
evels?
Enable, RO & Disable
10What general practice best describes how Palo Alto Networks firewall policies
are applied to a session?
First match applied
11Which of the following is NOT a valid option for built-in CLI Admin roles?
Read/Write
12Can multiple administrator accounts be configured on a single firewall?
Yes
13Which of the following CANNOT use the source user as a match criterion?
AV profile
14When configuring the firewall for User-ID, what is the maximum number of Domai
n Controllers that can
be configured?
100
15After the installation of the Threat Prevention license, the firewall must be
rebooted.
False
16In which of the following can User-ID be used to provide a match condition? (S
elect all correct answers.)
Sec Policies
17What is the function of the GlobalProtect Portal?
To maintain list of Glob Prot GWs & specify HIP data that the agent should repor
t
18When configuring User-ID on a Palo Alto Networks firewall, what is the proper
procedure to limit User
mappings to a particular DHCP scope?
In the Zone in which UID is enabled, create a UID ACL Include list using same IP
ranges as allocated in
DHCP scope
19A "Continue" action can be configured on which of the following Security Profi
les?
URL filtering & File Blocking
20What will the user experience when attempting to access a blocked hacking webs
ite through a
translation service such as Google Translate or Bing Translator?
A Blocked page response when the URL filt policy to block is enf
21Traffic going to a public IP address is being translated by a Palo Alto Networ
ks firewall to an internal
server s private IP address. Which IP address should the Security Policy use as the
"Destination IP" in
order to allow traffic to the server?
The Server's Pub IP
38A Config Lock may be removed by which of the following users? (Select all corr
ect answers.)
The Admin who set it & SuperUser
39Select the implicit rules that are applied to traffic that fails to match any
administrator-defined Security
Policies. (Choose all rules that are correct.)
Intra-zone allowed
Inter-zone denied
40Enabling "Highlight Unused Rules" in the Security Policy window will:
High all rules that have not matched traffic since Rule was created or last Rebo
ot of FW
41Which statement below is True?
PAN-OS uses PAN-DB as Def URL filt DB but supports BrightCloud
42Both SSL decryption and SSH decryption are disabled by default.
True
43When configuring a Security Policy Rule based on FQDN Address Objects, which o
f the following statements
is True?
The FW resolves FQDN when the policy is committed & resolves the FQDN again each
time again at DNS TTL
expiration
44In a Destination NAT configuration, the Translated Address field may be popula
ted with either an IP address
or an Address Object.
True
45Security policies specify a source interface and a destination interface.
False
46When configuring a Decryption Policy Rule, which of the following are availabl
e as matching criteria in the
rule? (Choose 3 answers.)
Source User
Source Zone
URL cat
47When troubleshooting Phase 1 of an IPsec VPN tunnel, which location and log wi
ll be most informative?
Responding side System log
48 What is the result of an Administrator submitting a WildFire report s verdict back to
Palo Alto Networks as
Incorrect ?
The sig will be updated for False + & F- files in next AV sig update
49An enterprise PKI system is required to deploy SSL Forward Proxy decryption ca
pabilities.
False
50Without a WildFire subscription, which of the following files can be submitted
by the Firewall to the hosted
WildFire virtualized sandbox?
PE files only
51Which of the following statements is NOT True about Palo Alto Networks firewal
ls?
The Admin account may be disabled
52In PAN-OS 6.0, rule numbers are:
Numbers that specify the order in which sec pol are evaluated
53In a Palo Alto Networks firewall, every interface in use must be assigned to a
zone in order to process traffic.
True
54Reconnaissance Protection is a feature used to protect the Palo Alto Networks
firewall from port scans. To
enable this feature within the GUI go to
Nw-NW prof-Zone protection
55Using the API in PAN-OS 6.0, WildFire subscribers can upload up to how many sa
mples per day?
100
56All of the interfaces on a Palo Alto Networks device must be of the same inter
face type.
False
78When configuring a Decryption Policy rule, which option allows a firewall admi
nistrator to control SSHv2
tunneling in policies by specifying the SSH-tunnel App-ID?
SSH proxy
79In order to route traffic between Layer 3 interfaces on the Palo Alto Networks
firewall, you need a:
Virtual Router
80What will be the user experience when the safe search option is NOT enabled fo
r Google search but the
firewall has "Safe Search Enforcement" Enabled?
A block page will be presented with instructions on how to set strict Safe Searc
h for Google.
81User-ID is enabled in the configuration of
A Zone