Page: 1
/ 26
Total 394 questions
Which Security Profile mitigates attacks based on packet count?
- A. zone protection profile
- B. URL filtering profile
- C. antivirus profile
- D. vulnerability profile
Answer : A
Which interface type uses virtual routers and routing protocols?
- A. Tap
- B. Layer3
- C. Virtual Wire
- D. Layer2
Answer : B
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?
- A. Override
- B. Allow
- C. Block
- D. Continue
Answer : B
Reference:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions
An internal host needs to connect through the firewall using source NAT to servers of the internet.
Which policy is required to enable source NAT on the firewall?
- A. NAT policy with internal zone and internet zone specified
- B. post-NAT policy with external source and any destination address
- C. NAT policy with no internal or internet zone selected
- D. pre-NAT policy with external source and any destination address
Answer : A
Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet's source and destination IP addresses?
- A. DoS protection
- B. URL filtering
- C. packet buffering
- D. anti-spyware
Answer : A
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?
- A. Policies> Security> Rule Usage> No App Specified
- B. Policies> Security> Rule Usage> Port only specified
- C. Policies> Security> Rule Usage> Port-based Rules
- D. Policies> Security> Rule Usage> Unused Apps
Answer : C
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)
- A. Layer-ID
- B. User-ID
- C. QoS-ID
- D. App-ID
Answer : BD
Reference:
http://www.firewall.cx/networking-topics/firewalls/palo-alto-firewalls/1152-palo-alto-firewall-single-pass-parallel-processing-hardware-architecture.html
Which path is used to save and load a configuration with a Palo Alto Networks firewall?
- A. Device>Setup>Services
- B. Device>Setup>Management
- C. Device>Setup>Operations
- D. Device>Setup>Interfaces
Answer : C
DRAG DROP -
Match the network device with the correct User-ID technology.
Select and Place:
Answer :
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?
- A. Review Policies
- B. Review Apps
- C. Pre-analyze
- D. Review App Matches
Answer : A
Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content-releases/review-new-app-id-impact-on- existing-policy-rules
How do you reset the hit count on a Security policy rule?
- A. Select a Security policy rule, and then select Hit Count > Reset.
- B. Reboot the data-plane.
- C. First disable and then re-enable the rule.
- D. Type the CLI command reset hitcount <POLICY-NAME>.
Answer : A
Given the topology, which zone type should you configure for firewall interface E1/1?
- A. Tap
- B. Tunnel
- C. Virtual Wire
- D. Layer3
Answer : A
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?
- A. Management
- B. High Availability
- C. Aggregate
- D. Aggregation
Answer : C
Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?
- A. intrazone
- B. interzone
- C. universal
- D. global
Answer : B
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
- A. EDL in URL Filtering Profile
- B. Custom URL category in URL Filtering Profile
- C. Custom URL category in Security policy rule
- D. PAN-DB URL category in URL Filtering Profile
Answer : C
30 days access 