Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom
set of firewall permissions?
A
Explanation:
Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-firewall-
administrators/administrative-role-types.html
Identify the correct order to configure the PAN-OS integrated USER-ID agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent
D
Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto
Networks EDL of Known Malicious IP Addresses list?
B
Explanation:
Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/use-an-external-dynamic-list-in-
policy/external-dynamic-list.html
An administrator would like to override the default deny action for a given application, and instead would like to block the
traffic and send the ICMP code communication with the destination is administratively prohibited.
Which security policy action causes this?
B
Explanation:
Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-policy/security-policy-actions.html
Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside
zone?
D
What is the minimum frequency for which you can configure the firewall to check for new WildFire antivirus signatures?
D
Explanation:
Reference: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-new-features/wildfire-features/five-minute-wildfire-updates
You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in
common application.
Which Security Profile detects and blocks access to this threat after you update the firewalls threat signature database?
B
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is
currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is
adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on
the information, how is the SuperApp traffic affected after the 30 days have passed?
C
Your company requires positive username attribution of every IP address used by wireless devices to support a new
compliance requirement. You must collect IP to-user mappings as soon as possible with minimal downtime and minimal
configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.
A
Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain
controllers?
A