Page 1 out of 15. Viewing questions 1-15 out of 222
Question 1
Topic 2, Exam Pool A
As of PAN-OS 8.0, when configuring a Decryption Policy Rule, which of the following is NOT an available option as matching criteria in the rule?
A.
Application
B.
Source User
C.
URL Category
D.
Source Zone
E.
Service
Answer:
A
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 2
Topic 2, Exam Pool A
Which of the following can provide information to a Palo Alto Networks firewall for the purposes of User-ID? (Select all correct answers.)
A.
Network Access Control (NAC) device
B.
Domain Controller
C.
RIPv2
D.
SSL Certificates
Answer:
A B D
User Votes:
A 1 votes
50%
B 1 votes
50%
C
50%
D 1 votes
50%
Discussions
0/ 1000
Question 3
Topic 2, Exam Pool A
In PAN-OS 8.0 which of the available choices serves as an alert warning by defining patterns of suspicious traffic and network anomalies that may indicate a host has been compromised?
A.
App-ID Signatures
B.
Correlation Objects
C.
Command & Control Signatures
D.
Correlation Events
E.
Custom Signatures
Answer:
E
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 4
Topic 2, Exam Pool A
Which of the following is True of an application filter?
A.
An application filter automatically adapts when an application moves from one IP address to another.
B.
An application filter automatically includes a new application when one of the new applications characteristics are included in the filter.
C.
An application filter specifies the users allowed to access an application.
D.
An application filter is used by malware to evade detection by firewalls and anti-virus software.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Topic 2, Exam Pool A
You can assign an IP address to an interface in Virtual Wire mode.
A.
True
B.
False
Answer:
B
User Votes:
A
50%
B 1 votes
50%
Discussions
0/ 1000
Question 6
Topic 2, Exam Pool A
The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:
A.
Increased speed on downloads of file types that are explicitly enabled.
B.
The ability to use Authentication Profiles, in order to protect against unwanted downloads.
C.
Password-protected access to specific file downloads for authorized users.
D.
Protection against unwanted downloads by showing the user a response page indicating that a file is going to be downloaded.
Answer:
D
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
Topic 2, Exam Pool A
Previous to PAN-OS 8.0 the firewall was able to decode up to two levels. With PAN-OS 8.0 the firewall can now decode up to how many levels?
A.
Three
B.
Six
C.
Five
D.
Four
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Topic 2, Exam Pool A
Which of the following would be a reason to use the PAN-OS XML API to communicate with a Palo Alto Networks firewall?
A.
To allow the firewall to push User-ID information to a Network Access Control (NAC) device.
B.
To permit syslogging of User Identification events.
C.
To pull information from other network resources for User-ID.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
Discussions
0/ 1000
Question 9
Topic 2, Exam Pool A
A "Continue" action can be configured on which of the following Security Profiles?
A.
URL Filtering and File Blocking
B.
URL Filtering only
C.
URL Filtering, File Blocking, and Data Filtering
D.
URL Filtering and Anti-virus
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Topic 2, Exam Pool A
When configuring a Security Policy Rule based on FQDN Address Objects, which of the following statements is True?
A.
The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again each time Security Profiles are evaluated.
B.
The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again at DNS TTL expiration.
C.
In order to create FQDN-based objects, you need to manually define a list of associated IP addresses.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
Discussions
0/ 1000
Question 11
Topic 2, Exam Pool A
Users may be authenticated sequentially to multiple authentication servers by configuring:
A.
An Authentication Profile.
B.
An Authentication Sequence.
C.
A custom Administrator Profile.
D.
Multiple RADIUS servers sharing a VSA configuration.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Topic 2, Exam Pool A
Traffic going to a public IP address is being translated by a Palo Alto Networks firewall to an internal servers private IP address. Which IP address should the Security Policy use as the "Destination IP" in order to allow traffic to the server?
A.
The firewall’s gateway IP
B.
The server’s public IP
C.
The server’s private IP
D.
The firewall’s MGT IP
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Topic 2, Exam Pool A
An interface in Virtual Wire mode must be assigned an IP address.
A.
True
B.
False
Answer:
B
User Votes:
A
50%
B
50%
Discussions
0/ 1000
Question 14
Topic 2, Exam Pool A
Which of the following services are enabled on the MGT interface by default? (Select all correct answers.)
A.
HTTPS
B.
SSH
C.
Telnet
D.
HTTP
Answer:
A B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Topic 2, Exam Pool A
Using the API in PAN-OS 6.1, WildFire subscribers can upload up to how many samples per day?