No student devices needed. Know more
15 questions
What is the maximum number of samples that can be submitted to WildFire per day, based on a WildFire subscription?
1,050
15,100
7,600
5,000
Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service? (Choose three.)
.dll
.exe
.fon
.apk
How often can you check for WildFire dynamic updates if you have a WildFire subscription?
realtime
every 1 minute
every 5 minutes
every 1 day
What is the size limitation of files manually uploaded to WildFire?
Configurable up to 10 megabytes
Hard-coded at 10 megabytes
Hard-coded at 2 megabytes
Configurable up to 20 megabytes
Which three script types can be analyzed in WildFire? (Choose three.)
JScript
PowerShell Script
VBScript
PythonScript
MonoScript
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
the web server requires mutual authentication
the website matches a category that is not allowed for most users
the website matches a high-risk category
the website matches a sensitive category
An engineer is planning an SSL decryption implementation.
Which of the following statements is a best practice for SSL decryption?
Obtain an enterprise CA-signed certificate for the Forward Trust certificate.
Use an enterprise CA-signed certificate for the Forward Untrust certificate.
Use the same Forward Trust certificate on all firewalls in the network.
Obtain a certificate from a publicly trusted root CA for the Forward Trust certificate.
If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?
TLS Bidirectional Inspection
SSL Inbound Inspection
SSH Forward Proxy
SMTP Inbound Decryption
Which cloud‐delivered security services provides security for branches and mobile users?
Panorama
Cortex Data Lake
Cortex XDR
GlobalProtect
Which two interface types can be used when configuring GlobalProtect Portal? (Choose two.)
Virtual Wire
Loopback
Layer 3
Tunnel
Which three are valid ACC GlobalProtect Activity tab widgets? (Choose three.)
Successful GlobalProtect Deployed Activity
GlobalProtect Deployment Activity
Successful GlobalProtect Connection Activity
GlobalProtect Quarantine Activity
Unsuccessful GlobalProtect Deployed Activity
When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?
8443
4443
80
443
What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?
It tries to establish a tunnel to the GlobalProtect portal using SSL/TLS.
It stops the tunnel-establishment processing to the GlobalProtect gateway immediately.
It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS.
It keeps trying to establish an IPSec tunnel to the GlobalProtect gateway.
Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a "No Decrypt" action? (Choose two.)
Block sessions with expired certificates
Block sessions with client authentication
Block sessions with unsupported cipher suites
Block sessions with untrusted issuers
A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes.
How quickly will the firewall receive back a verdict?
More than 15 minutes
5 minutes
10 to 15 minutes
5 to 10 minutes
Explore all questions with a free account