Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?

Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo , Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option.

On the Next Generation Firewall, which is the first configuration step for SSL Forward Proxy decryption?

True or False: In the Next Generation Firewall, even if the Decryption policy rule action is “no-decrypt, ”the Decryption Profile attached to the rule can still be configured to block sessions with expired or untrusted certificates

Which type of Next Generation Firewall decryption inspects SSL traffic between an internal host and and external web server?

Which type of Next Generation Firewall decryption inspects SSL traffic coming from external users to internal servers?

When SSL encrypted traffic first arrives at the Next Generation Firewall, which technology initially identifies the application as web-browsing?

What is default setting for "Action" in a decryption policy rule?

In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for wildfire updates?

Which CLI command is used to verify successful file uploads to Wildfire?

Which WildFire verdict indicates no security threat but might display obtrusive behavior?

What is the maximum size of .EXE files uploaded from the Next Generation firewall to wildfire?

Which WildFire verdict includes viruses, worms, trojans, remote access tools, rootkits, and botnets?

On the Next Generation firewall, what type of security profile detects infected files being transferred with the application?

True or False: If a file type is matched in the File Blocking Profile action is set to "block," then the file is not forwarded to Wildfire.

Without a Wildfire subscription, which of the following files can be submitted by the Next generation Firewall to the hosted wildfire virtualized sandbox?

What options are available for selecting users for a security policy on the Next Generation firewall?

The User-ID feature identifies the user and IP address of the computer the user is logged into for Next Generation Firewall policy enforcement.

Which port does the Palo Alto Networks Windows-based User-ID agent use by default?

Which User-ID component and mapping method is recommended for web clients that do not use the domain server?

For the Palo Alto Networks Next Generation Firewall to access a Global Catalog server, LDAP must be set to communicate with which port?

Which Palo alto Networks User-ID component runs on Microsoft and Citrix terminal servers?

What are two sources of information for determining whether the Next Generation firewall has been successful in communication with an external User-ID agent?

In which Palo Alto Networks Global Protect client connection method does the user explicitly initiate the connection?

Which Palo Alto Networks GlobalProtect component is responsible for coordinating communications and interaction between all other GlobalProtect components?

Which Palo Alto Networks GlobalProtect deployment component provides security enforcement for traffic from GlobalProtect agents and applications?

On a Palo Alto Networks Firewall, what is the maximum number of IPsec tunnels that can be associated with a tunnel interface?

True or False. In the Palo Alto Networks GlobalProtect connection sequence, there is direct communication among gateways or between gateways and portals.

What three basic requirements are necessary to create a VPN in the Next Generation

On the Palo Alto Networks Next Generation Firewall, which is the default port for transporting Syslog traffic?

What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)?

In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?

When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal?

In the Palo Alto Networks Firewall WebUI, which type of report can be compiled into a single emailed PDF?

What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?

During the Palo Alto Networks Active/Passive HA Pair Start-Up, the firewall remains in the INITIAL state after boot-up until it discovers a peer and negotiations begin. After how long of a timeout does the firewall become ACTIVE if HA negotiation has not started?

The firewalls in an HA pair can be assigned a Device Priority value to indicate a preference for which firewall should assume the active role. If you need to designate a specific firewall in the HA pair as the active firewall, you must enable the preemptive behavior on both the firewalls and assign a Device Priority value for each firewall. The firewall with which Device Priority value is designated as the higher priority and active firewall?

During which Palo Alto Networks Active/Passive Firewall Sate is normal traffic discarded?

What mechanism on a Next Generation firewall is used to trigger a High Availability failover if the interface goes down?

Which Palo Alto Networks High Availability configuration is not designed to increase throughput?

What is the prerequisite for configuring a pair of Next Generation firewalls in an Active/Passive High Availability (HA) pair?

True or False: To enable High Availability on a Palo Alto Networks device, both firewalls must be the same model.