1. Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

2. Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

3. Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

4. To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?

5. Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.

Complete the security policy to ensure only Telnet is allowed.

Security Policy: Source Zone: Internal to DMZ Zone __________services “Application defaults”, and action = Allow

6. How often does WildFire release dynamic updates?

7. Starting with PAN_OS version 9.1 which new type of object is supported for use within the user field of a security policy rule?

8. Which prevention technique will prevent attacks based on packet count?

9. Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

10. Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?

11. The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.

Which Security profile feature could have been used to prevent the communications with the command-and-control server?

12. Your company occupies one floor in a single building you have two active directory domain controllers on a single networks the firewall s management plane is only slightly utilized.

Which user-ID agent sufficient in your network?

13. DRAG DROP

Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

14. In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

15. DRAG DROP

Match the Palo Alto Networks Security Operating Platform architecture to its description.

16. What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

17. Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

18. The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.

Which security profile feature could have been used to prevent the communication with the CnC server?

19. An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server.

Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated? (Choose two.)

20. How is the hit count reset on a rule?

21. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

22. Which action results in the firewall blocking network traffic with out notifying the sender?

23. TION NO: 109

Four configuration choices are listed, and each could be used to block access to a specific URL.

If you configured each choices to block the sameURL then which choice would be the last to block access to the URL?

24. Which URL profiling action does not generate a log entry when a user attempts to access that URL?

25. How do you reset the hit count on a security policy rule?

26. Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

27. When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

28. A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.

On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.

Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

29. What is an advantage for using application tags?

30. How many zones can an interface be assigned with a Palo Alto Networks firewall?

31. Based on the security policy rules shown, ssh will be allowed on which port?

32. Which administrator type utilizes predefined roles for a local administrator account?

33. A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications.

Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

34. DRAG DROP

Arrange the correct order that the URL classifications are processed within the system.

35. An internal host wants to connect to servers of the internet through using source NAT.

Which policy is required to enable source NAT on the firewall?

36. Which option lists the attributes that are selectable when setting up an Application filters?

37. How frequently can wildfire updates be made available to firewalls?

38. Which interface type can use virtual routers and routing protocols?

39. Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

40. Given the topology, which zone type should zone A and zone B to be configured with?