No student devices needed. Know more
46 questions
A "continue" action can be configured on the following security profiles in the Next Generation Firewall:
URL Filtering
URL Filtering and Antivirus
URL Filtering, File Blocking, and Data Filtering
URL Filtering and File Blocking
Which web development program is an object-oriented, class-based and concurrent language that was developed by Sun Microsystems in the1990s?
Java
Python
Ruby
PHP
Which URL filtering security profile action logs the category to the URL filtering log?
Allow
Log
Alert
Default
Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?
Allow, Block, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud
Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?
Block, Allow, Custom URL, External Dynamic, PAN-DB Download, PAN-DB Cloud, PAN-DB Cache
Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud
Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user’s browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log?
Block
Alert
Override
Continue
Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo , Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option.
HTTP Header Logging
Safe Search Enforcement
Log Container Page Only
User Credential Detection
On the Next Generation Firewall, which is the first configuration step for SSL Forward Proxy decryption?
Client Certificate Store
Signed Certificate
Forward Trust Certificate
SSL Certificate
True or False: In the Next Generation Firewall, even if the Decryption policy rule action is “no-decrypt, ”the Decryption Profile attached to the rule can still be configured to block sessions with expired or untrusted certificates
True
False
Which type of Next Generation Firewall decryption inspects SSL traffic between an internal host and and external web server?
SSL Forward Proxy
SSH
SSL Outbound Inspection
SSL Inbound Inspection
Which type of Next Generation Firewall decryption inspects SSL traffic coming from external users to internal servers?
SSL Forward Proxy
SSH
SSL Outbound Inspection
SSL Inbound Inspection
When SSL encrypted traffic first arrives at the Next Generation Firewall, which technology initially identifies the application as web-browsing?
Content-ID
Encryption-ID
App-ID
User-ID
What is default setting for "Action" in a decryption policy rule?
Decrypt
Any
None
No-Decrypt
In the latest Next Generation firewall version, what is the shortest time that can be configured on the firewall to check for wildfire updates?
30 minutes
5 minutes
15 minutes
1 Hour
Which CLI command is used to verify successful file uploads to Wildfire?
debug wildfire upload-log show
debug wildfire upload-log
debug wildfire download-log show
debug wildfire upload-threat show
Which WildFire verdict indicates no security threat but might display obtrusive behavior?
Grayware
Malware
Benign
Phishing
What is the maximum size of .EXE files uploaded from the Next Generation firewall to wildfire?
Configurable up to 10 megabytes
Configurable up to 2 megabytes
Always 10 megabytes
Always 2 megabytes
Which WildFire verdict includes viruses, worms, trojans, remote access tools, rootkits, and botnets?
Phishing
Malware
Benign
Grayware
On the Next Generation firewall, what type of security profile detects infected files being transferred with the application?
URL Filtering
Vulnerability Protection
File Blocking
Wildfire Analysis
Anti-Virus
True or False: If a file type is matched in the File Blocking Profile action is set to "block," then the file is not forwarded to Wildfire.
True
False
Without a Wildfire subscription, which of the following files can be submitted by the Next generation Firewall to the hosted wildfire virtualized sandbox?
MS Office doc/docx, xls/xlsx, and ppt/pptx files only
PE and Java Applet only
PDF files only
PE files only
What options are available for selecting users for a security policy on the Next Generation firewall?
Unselect-user
Known-user
Pre-logon
Unknown-user
The User-ID feature identifies the user and IP address of the computer the user is logged into for Next Generation Firewall policy enforcement.
True
False
Which port does the Palo Alto Networks Windows-based User-ID agent use by default?
TCP port 5007
TCP port 80
TCP port 4125
TCP port 443
Which User-ID component and mapping method is recommended for web clients that do not use the domain server?
Terminal Services Agent
GlobalProtect
XLM API
Captive Portal
For the Palo Alto Networks Next Generation Firewall to access a Global Catalog server, LDAP must be set to communicate with which port?
636
3268
389
443
Which Palo alto Networks User-ID component runs on Microsoft and Citrix terminal servers?
PAN-OS integrated User-ID agent
Windows-Based User-ID agent
Palo-Alto Networks Terminal Services agent
Palo Alto Networks Firewall
What are two sources of information for determining whether the Next Generation firewall has been successful in communication with an external User-ID agent?
Systems logs and authentication lights on the chassis
Systems logs and the indicator light under the User-ID agent settings in the firewall
Systems and authentication logs
Traffic and authentication logs
In which Palo Alto Networks Global Protect client connection method does the user explicitly initiate the connection?
User-Logon
On-demand
Pre-Login
Post-Login
Which Palo Alto Networks GlobalProtect component is responsible for coordinating communications and interaction between all other GlobalProtect components?
Portal
Agent
Certificate Authority
Gateway
Which Palo Alto Networks GlobalProtect deployment component provides security enforcement for traffic from GlobalProtect agents and applications?
VPN
Gateway
Portal
Client Software
On a Palo Alto Networks Firewall, what is the maximum number of IPsec tunnels that can be associated with a tunnel interface?
5
10
7
2
True or False. In the Palo Alto Networks GlobalProtect connection sequence, there is direct communication among gateways or between gateways and portals.
True
False
What three basic requirements are necessary to create a VPN in the Next Generation
Create the tunnel interface
Add a static route
Add a Layer 2 Interface
Configure the IPSec tunnel
On the Palo Alto Networks Next Generation Firewall, which is the default port for transporting Syslog traffic?
443
8080
514
6514
What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)?
Application Traffic
Blocked Activity
Threat Activity
Network Traffic
In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?
Global
Local
Group
Universal
When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal?
Deletion
Change
Addition
None
In the Palo Alto Networks Firewall WebUI, which type of report can be compiled into a single emailed PDF?
Group
Predefined
PDF Summary
Botnet
What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?
Quality of Service Statistics
Quality of service Log
Applications Report
Application Command Center (ACC)
During the Palo Alto Networks Active/Passive HA Pair Start-Up, the firewall remains in the INITIAL state after boot-up until it discovers a peer and negotiations begin. After how long of a timeout does the firewall become ACTIVE if HA negotiation has not started?
90-second
30-second
60-second
120-second
The firewalls in an HA pair can be assigned a Device Priority value to indicate a preference for which firewall should assume the active role. If you need to designate a specific firewall in the HA pair as the active firewall, you must enable the preemptive behavior on both the firewalls and assign a Device Priority value for each firewall. The firewall with which Device Priority value is designated as the higher priority and active firewall?
Lower
Same
Duplicate
Higher
During which Palo Alto Networks Active/Passive Firewall Sate is normal traffic discarded?
Initial
Suspended
Active
Passive
What mechanism on a Next Generation firewall is used to trigger a High Availability failover if the interface goes down?
Link Monitoring
SNMP polling
Preemption
Heartbeat polling
Which Palo Alto Networks High Availability configuration is not designed to increase throughput?
Passive/Active
Active/Active
Passive/Passive
Active/Passive
What is the prerequisite for configuring a pair of Next Generation firewalls in an Active/Passive High Availability (HA) pair?
The management interfaces must be on the same network
The peer HA1 IP address must be the same on both firewalls
The HA interfaces must be directly connected to each other
The firewalls must have the same set of licenses
True or False: To enable High Availability on a Palo Alto Networks device, both firewalls must be the same model.
True
False
Explore all questions with a free account